Google Chrome vulnerabilities
3,975 known vulnerabilities affecting google/chrome.
Total CVEs
3,975
CISA KEV
74
actively exploited
Public exploits
61
Exploited in wild
65
Severity breakdown
CRITICAL297HIGH2029MEDIUM1630LOW17UNKNOWN2
Vulnerabilities
Page 5 of 199
CVE-2026-5876MEDIUMCVSS 6.5fixed in 147.0.7727.55≥ 147.0.7727.55, < 147.0.7727.552026-04-08
CVE-2026-5876 [MEDIUM] CWE-1300 CVE-2026-5876: Side-channel information leakage in Navigation in Google Chrome prior to 147.0.7727.55 allowed a rem
Side-channel information leakage in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2026-5905MEDIUMCVSS 6.5≥ 147.0.7727.55, < 147.0.7727.552026-04-08
CVE-2026-5905 [MEDIUM] CWE-451 CVE-2026-5905: Incorrect security UI in Permissions in Google Chrome on Windows prior to 147.0.7727.55 allowed a re
Incorrect security UI in Permissions in Google Chrome on Windows prior to 147.0.7727.55 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)
cvelistv5nvd
CVE-2026-5918MEDIUMCVSS 4.3≥ 147.0.7727.55, < 147.0.7727.552026-04-08
CVE-2026-5918 [MEDIUM] CWE-346 CVE-2026-5918: Inappropriate implementation in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote
Inappropriate implementation in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
cvelistv5nvd
CVE-2026-5875MEDIUMCVSS 4.3fixed in 147.0.7727.55≥ 147.0.7727.55, < 147.0.7727.552026-04-08
CVE-2026-5875 [MEDIUM] CWE-639 CVE-2026-5875: Policy bypass in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform
Policy bypass in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2026-5911MEDIUMCVSS 4.3≥ 147.0.7727.55, < 147.0.7727.552026-04-08
CVE-2026-5911 [MEDIUM] CWE-693 CVE-2026-5911: Policy bypass in ServiceWorkers in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to
Policy bypass in ServiceWorkers in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)
cvelistv5nvd
CVE-2026-5901MEDIUMCVSS 6.5fixed in 147.0.7727.55≥ 147.0.7727.55, < 147.0.7727.552026-04-08
CVE-2026-5901 [MEDIUM] CWE-602 CVE-2026-5901: Insufficient policy enforcement in DevTools in Google Chrome prior to 147.0.7727.55 allowed an attac
Insufficient policy enforcement in DevTools in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to bypass enterprise host restrictions for cookie modification via a crafted Chrome Extension. (Chromium security severity: Low)
cvelistv5nvd
CVE-2026-5882MEDIUMCVSS 4.3≥ 147.0.7727.55, < 147.0.7727.552026-04-08
CVE-2026-5882 [MEDIUM] CWE-451 CVE-2026-5882: Incorrect security UI in Fullscreen in Google Chrome prior to 147.0.7727.55 allowed a remote attacke
Incorrect security UI in Fullscreen in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2026-5869LOWCVSS 3.1fixed in 147.0.7727.55≥ 147.0.7727.55, < 147.0.7727.552026-04-08
CVE-2026-5869 [LOW] CWE-122 CVE-2026-5869: Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to o
Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2026-5867LOWCVSS 3.1fixed in 147.0.7727.55≥ 147.0.7727.55, < 147.0.7727.552026-04-08
CVE-2026-5867 [LOW] CWE-122 CVE-2026-5867: Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to o
Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2026-5883UNKNOWN≥ 147.0.7727.55, < 147.0.7727.552026-04-08
CVE-2026-5883 CWE-416 CVE-2026-5883: Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute
Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2026-5890UNKNOWN≥ 147.0.7727.55, < 147.0.7727.552026-04-08
CVE-2026-5890 CWE-362 CVE-2026-5890: Race in WebCodecs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potent
Race in WebCodecs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2026-5289CRITICALCVSS 9.6fixed in 146.0.7680.177≥ 146.0.7680.178, < 146.0.7680.1782026-04-01
CVE-2026-5289 [CRITICAL] CWE-416 CVE-2026-5289: Use after free in Navigation in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who
Use after free in Navigation in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2026-5288CRITICALCVSS 9.6fixed in 146.0.7680.177≥ 146.0.7680.178, < 146.0.7680.1782026-04-01
CVE-2026-5288 [CRITICAL] CWE-416 CVE-2026-5288: Use after free in WebView in Google Chrome on Android prior to 146.0.7680.178 allowed a remote attac
Use after free in WebView in Google Chrome on Android prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2026-5290CRITICALCVSS 9.6fixed in 146.0.7680.177≥ 146.0.7680.178, < 146.0.7680.1782026-04-01
CVE-2026-5290 [CRITICAL] CWE-416 CVE-2026-5290: Use after free in Compositing in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who
Use after free in Compositing in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2026-5272HIGHCVSS 8.8fixed in 146.0.7680.177≥ 146.0.7680.178, < 146.0.7680.1782026-04-01
CVE-2026-5272 [HIGH] CWE-122 CVE-2026-5272: Heap buffer overflow in GPU in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to ex
Heap buffer overflow in GPU in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2026-5285HIGHCVSS 8.8fixed in 146.0.7680.177≥ 146.0.7680.178, < 146.0.7680.1782026-04-01
CVE-2026-5285 [HIGH] CWE-416 CVE-2026-5285: Use after free in WebGL in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execut
Use after free in WebGL in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2026-5275HIGHCVSS 8.8fixed in 146.0.7680.177≥ 146.0.7680.178, < 146.0.7680.1782026-04-01
CVE-2026-5275 [HIGH] CWE-122 CVE-2026-5275: Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 146.0.7680.178 allowed a remote attac
Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2026-5279HIGHCVSS 8.8fixed in 146.0.7680.177≥ 146.0.7680.178, < 146.0.7680.1782026-04-01
CVE-2026-5279 [HIGH] CWE-120 CVE-2026-5279: Object corruption in V8 in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execut
Object corruption in V8 in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2026-5286HIGHCVSS 8.8fixed in 146.0.7680.177≥ 146.0.7680.178, < 146.0.7680.1782026-04-01
CVE-2026-5286 [HIGH] CWE-416 CVE-2026-5286: Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2026-5280HIGHCVSS 8.8fixed in 146.0.7680.177≥ 146.0.7680.178, < 146.0.7680.1782026-04-01
CVE-2026-5280 [HIGH] CWE-416 CVE-2026-5280: Use after free in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to ex
Use after free in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd