Google Chrome vulnerabilities
4,380 known vulnerabilities affecting google/chrome.
Total CVEs
4,380
CISA KEV
74
actively exploited
Public exploits
64
Exploited in wild
65
Severity breakdown
CRITICAL313HIGH2275MEDIUM1745LOW45UNKNOWN2
Vulnerabilities
Page 6 of 219
CVE-2026-9961HIGHCVSS 8.8fixed in 148.0.7778.215fixed in 148.0.7778.216+1 more2026-05-28
CVE-2026-9961 [HIGH] CWE-416 CVE-2026-9961: Use after free in SurfaceCapture in Google Chrome prior to 148.0.7778.216 allowed a remote attacker
Use after free in SurfaceCapture in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-9974HIGHCVSS 8.3fixed in 148.0.7778.216fixed in 148.0.7778.215+1 more2026-05-28
CVE-2026-9974 [HIGH] CWE-787 CVE-2026-9974: Out of bounds write in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who ha
Out of bounds write in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-9941HIGHCVSS 8.8fixed in 148.0.7778.216≥ 148.0.7778.216, < 148.0.7778.2162026-05-28
CVE-2026-9941 [HIGH] CWE-416 CVE-2026-9941: Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execut
Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-9890HIGHCVSS 8.3fixed in 148.0.7778.216≥ 148.0.7778.216, < 148.0.7778.2162026-05-28
CVE-2026-9890 [HIGH] CWE-416 CVE-2026-9890: Use after free in XR in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker w
Use after free in XR in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
nvd
CVE-2026-9947HIGHCVSS 8.8fixed in 148.0.7778.216fixed in 148.0.7778.215+1 more2026-05-28
CVE-2026-9947 [HIGH] CWE-416 CVE-2026-9947: Use after free in XML in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute
Use after free in XML in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-9938HIGHCVSS 8.8fixed in 148.0.7778.216fixed in 148.0.7778.215+1 more2026-05-28
CVE-2026-9938 [HIGH] CWE-94 CVE-2026-9938: Inappropriate implementation in V8 in Google Chrome prior to 148.0.7778.216 allowed a remote attacke
Inappropriate implementation in V8 in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-9916HIGHCVSS 8.3fixed in 148.0.7778.216≥ 148.0.7778.216, < 148.0.7778.2162026-05-28
CVE-2026-9916 [HIGH] CWE-787 CVE-2026-9916: Out of bounds write in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who
Out of bounds write in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-9988HIGHCVSS 8.3fixed in 148.0.7778.216≥ 148.0.7778.216, < 148.0.7778.2162026-05-28
CVE-2026-9988 [HIGH] CWE-416 CVE-2026-9988: Use after free in WebRTC in Google Chrome on Linux prior to 148.0.7778.216 allowed a remote attacker
Use after free in WebRTC in Google Chrome on Linux prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-9922HIGHCVSS 7.5fixed in 148.0.7778.216≥ 148.0.7778.216, < 148.0.7778.2162026-05-28
CVE-2026-9922 [HIGH] CWE-416 CVE-2026-9922: Use after free in GPU in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who
Use after free in GPU in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-9990HIGHCVSS 7.5fixed in 148.0.7778.216≥ 148.0.7778.216, < 148.0.7778.2162026-05-28
CVE-2026-9990 [HIGH] CWE-416 CVE-2026-9990: Use after free in WebAppInstalls in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote at
Use after free in WebAppInstalls in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-9932HIGHCVSS 8.3fixed in 148.0.7778.216≥ 148.0.7778.216, < 148.0.7778.2162026-05-28
CVE-2026-9932 [HIGH] CWE-416 CVE-2026-9932: Use after free in ANGLE in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacke
Use after free in ANGLE in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-9972HIGHCVSS 8.3fixed in 148.0.7778.216≥ 148.0.7778.216, < 148.0.7778.2162026-05-28
CVE-2026-9972 [HIGH] CWE-457 CVE-2026-9972: Uninitialized Use in Gamepad in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attack
Uninitialized Use in Gamepad in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-9945HIGHCVSS 8.8fixed in 148.0.7778.216≥ 148.0.7778.216, < 148.0.7778.2162026-05-28
CVE-2026-9945 [HIGH] CWE-416 CVE-2026-9945: Use after free in Media in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacke
Use after free in Media in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-9878HIGHCVSS 8.8fixed in 148.0.7778.216fixed in 148.0.7778.215+1 more2026-05-28
CVE-2026-9878 [HIGH] CWE-416 CVE-2026-9878: Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execut
Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Critical)
nvd
CVE-2026-9893HIGHCVSS 8.3fixed in 148.0.7778.216≥ 148.0.7778.216, < 148.0.7778.2162026-05-28
CVE-2026-9893 [HIGH] CWE-416 CVE-2026-9893: Use after free in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had co
Use after free in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
nvd
CVE-2026-9884HIGHCVSS 8.8fixed in 148.0.7778.216≥ 148.0.7778.216, < 148.0.7778.2162026-05-28
CVE-2026-9884 [HIGH] CWE-416 CVE-2026-9884: Use after free in Browser in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker
Use after free in Browser in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
nvd
CVE-2026-9907MEDIUMCVSS 4.3fixed in 148.0.7778.216≥ 148.0.7778.216, < 148.0.7778.2162026-05-28
CVE-2026-9907 [MEDIUM] CWE-125 CVE-2026-9907: Out of bounds read in Dawn in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote atta
Out of bounds read in Dawn in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-9919MEDIUMCVSS 4.3fixed in 148.0.7778.216≥ 148.0.7778.216, < 148.0.7778.2162026-05-28
CVE-2026-9919 [MEDIUM] CWE-125 CVE-2026-9919: Out of bounds read in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote att
Out of bounds read in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-9942MEDIUMCVSS 5.0fixed in 148.0.7778.216fixed in 148.0.7778.215+1 more2026-05-28
CVE-2026-9942 [MEDIUM] CWE-457 CVE-2026-9942: Uninitialized Use in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who ha
Uninitialized Use in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2026-9929MEDIUMCVSS 4.3fixed in 148.0.7778.216≥ 148.0.7778.216, < 148.0.7778.2162026-05-28
CVE-2026-9929 [MEDIUM] CWE-200 CVE-2026-9929: Inappropriate implementation in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a
Inappropriate implementation in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
nvd