Google Chrome vulnerabilities
3,975 known vulnerabilities affecting google/chrome.
Total CVEs
3,975
CISA KEV
74
actively exploited
Public exploits
61
Exploited in wild
65
Severity breakdown
CRITICAL297HIGH2029MEDIUM1630LOW17UNKNOWN2
Vulnerabilities
Page 8 of 199
CVE-2026-4443HIGHCVSS 8.8fixed in 146.0.7680.153≥ 146.0.7680.153, < 146.0.7680.1532026-03-20
CVE-2026-4443 [HIGH] CWE-122 CVE-2026-4443: Heap buffer overflow in WebAudio in Google Chrome prior to 146.0.7680.153 allowed a remote attacker
Heap buffer overflow in WebAudio in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2026-4456HIGHCVSS 8.8fixed in 146.0.7680.153≥ 146.0.7680.153, < 146.0.7680.1532026-03-20
CVE-2026-4456 [HIGH] CWE-416 CVE-2026-4456: Use after free in Digital Credentials API in Google Chrome prior to 146.0.7680.153 allowed a remote
Use after free in Digital Credentials API in Google Chrome prior to 146.0.7680.153 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2026-4461HIGHCVSS 8.8fixed in 146.0.7680.153≥ 146.0.7680.153, < 146.0.7680.1532026-03-20
CVE-2026-4461 [HIGH] CVE-2026-4461: Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacke
Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2026-4449HIGHCVSS 8.8fixed in 146.0.7680.153≥ 146.0.7680.153, < 146.0.7680.1532026-03-20
CVE-2026-4449 [HIGH] CWE-416 CVE-2026-4449: Use after free in Blink in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potent
Use after free in Blink in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2026-4455HIGHCVSS 8.8fixed in 146.0.7680.153≥ 146.0.7680.153, < 146.0.7680.1532026-03-20
CVE-2026-4455 [HIGH] CWE-122 CVE-2026-4455: Heap buffer overflow in PDFium in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to
Heap buffer overflow in PDFium in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)
cvelistv5nvd
CVE-2026-4453MEDIUMCVSS 4.3fixed in 146.0.7680.153≥ 146.0.7680.153, < 146.0.7680.1532026-03-20
CVE-2026-4453 [MEDIUM] CWE-472 CVE-2026-4453: Integer overflow in Dawn in Google Chrome on Mac prior to 146.0.7680.153 allowed a remote attacker t
Integer overflow in Dawn in Google Chrome on Mac prior to 146.0.7680.153 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2026-3909HIGHCVSS 8.8KEVfixed in 146.0.7680.80≥ 146.0.7680.75, < 146.0.7680.752026-03-13
CVE-2026-3909 [HIGH] CWE-787 CVE-2026-3909: Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to per
Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2026-3910HIGHCVSS 8.8KEVfixed in 146.0.7680.75≥ 146.0.7680.75, < 146.0.7680.752026-03-13
CVE-2026-3910 [HIGH] CWE-94 CVE-2026-3910: Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker
Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2026-3916CRITICALCVSS 9.6fixed in 146.0.7680.71≥ 146.0.7680.71, < 146.0.7680.712026-03-11
CVE-2026-3916 [CRITICAL] CWE-125 CVE-2026-3916: Out of bounds read in Web Speech in Google Chrome prior to 146.0.7680.71 allowed a remote attacker t
Out of bounds read in Web Speech in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2026-3920HIGHCVSS 8.8fixed in 146.0.7680.71≥ 146.0.7680.71, < 146.0.7680.712026-03-11
CVE-2026-3920 [HIGH] CWE-125 CVE-2026-3920: Out of bounds memory access in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attack
Out of bounds memory access in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2026-3914HIGHCVSS 8.8fixed in 146.0.7680.71≥ 146.0.7680.71, < 146.0.7680.712026-03-11
CVE-2026-3914 [HIGH] CWE-472 CVE-2026-3914: Integer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to poten
Integer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2026-3918HIGHCVSS 8.8fixed in 146.0.7680.71≥ 146.0.7680.71, < 146.0.7680.712026-03-11
CVE-2026-3918 [HIGH] CWE-416 CVE-2026-3918: Use after free in WebMCP in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potent
Use after free in WebMCP in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2026-3915HIGHCVSS 8.8fixed in 146.0.7680.71≥ 146.0.7680.71, < 146.0.7680.712026-03-11
CVE-2026-3915 [HIGH] CWE-122 CVE-2026-3915: Heap buffer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to p
Heap buffer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2026-3936HIGHCVSS 8.8fixed in 146.0.7680.71≥ 146.0.7680.71, < 146.0.7680.712026-03-11
CVE-2026-3936 [HIGH] CWE-416 CVE-2026-3936: Use after free in WebView in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attack
Use after free in WebView in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2026-3919HIGHCVSS 8.8fixed in 146.0.7680.71≥ 146.0.7680.71, < 146.0.7680.712026-03-11
CVE-2026-3919 [HIGH] CWE-416 CVE-2026-3919: Use after free in Extensions in Google Chrome prior to 146.0.7680.71 allowed an attacker who convinc
Use after free in Extensions in Google Chrome prior to 146.0.7680.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2026-3931HIGHCVSS 8.8fixed in 146.0.7680.71≥ 146.0.7680.71, < 146.0.7680.712026-03-11
CVE-2026-3931 [HIGH] CWE-122 CVE-2026-3931: Heap buffer overflow in Skia in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to pe
Heap buffer overflow in Skia in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2026-3924HIGHCVSS 7.5fixed in 146.0.7680.71≥ 146.0.7680.71, < 146.0.7680.712026-03-11
CVE-2026-3924 [HIGH] CWE-416 CVE-2026-3924: use after free in WindowDialog in Google Chrome prior to 146.0.7680.71 allowed a remote attacker who
use after free in WindowDialog in Google Chrome prior to 146.0.7680.71 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2026-3917HIGHCVSS 8.8fixed in 146.0.7680.71≥ 146.0.7680.71, < 146.0.7680.712026-03-11
CVE-2026-3917 [HIGH] CWE-416 CVE-2026-3917: Use after free in Agents in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potent
Use after free in Agents in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2026-3922HIGHCVSS 8.8fixed in 146.0.7680.71≥ 146.0.7680.71, < 146.0.7680.712026-03-11
CVE-2026-3922 [HIGH] CWE-416 CVE-2026-3922: Use after free in MediaStream in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to p
Use after free in MediaStream in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2026-3932HIGHCVSS 7.5fixed in 146.0.7680.71≥ 146.0.7680.71, < 146.0.7680.712026-03-11
CVE-2026-3932 [HIGH] CWE-284 CVE-2026-3932: Insufficient policy enforcement in PDF in Google Chrome on Android prior to 146.0.7680.71 allowed a
Insufficient policy enforcement in PDF in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd