Google Chrome vulnerabilities
3,975 known vulnerabilities affecting google/chrome.
Total CVEs
3,975
CISA KEV
74
actively exploited
Public exploits
61
Exploited in wild
65
Severity breakdown
CRITICAL297HIGH2029MEDIUM1630LOW17UNKNOWN2
Vulnerabilities
Page 9 of 199
CVE-2026-3926HIGHCVSS 8.8fixed in 146.0.7680.71≥ 146.0.7680.71, < 146.0.7680.712026-03-11
CVE-2026-3926 [HIGH] CWE-125 CVE-2026-3926: Out of bounds read in V8 in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perfor
Out of bounds read in V8 in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2026-3921HIGHCVSS 8.8fixed in 146.0.7680.71≥ 146.0.7680.71, < 146.0.7680.712026-03-11
CVE-2026-3921 [HIGH] CWE-416 CVE-2026-3921: Use after free in TextEncoding in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to
Use after free in TextEncoding in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2026-3923HIGHCVSS 8.8fixed in 146.0.7680.71≥ 146.0.7680.71, < 146.0.7680.712026-03-11
CVE-2026-3923 [HIGH] CWE-416 CVE-2026-3923: Use after free in WebMIDI in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to poten
Use after free in WebMIDI in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2026-3913HIGHCVSS 8.8fixed in 146.0.7680.71≥ 146.0.7680.71, < 146.0.7680.712026-03-11
CVE-2026-3913 [HIGH] CWE-122 CVE-2026-3913: Heap buffer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to p
Heap buffer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
cvelistv5nvd
CVE-2026-3930MEDIUMCVSS 5.3fixed in 146.0.7680.71≥ 146.0.7680.71, < 146.0.7680.712026-03-11
CVE-2026-3930 [MEDIUM] CWE-288 CVE-2026-3930: Unsafe navigation in Navigation in Google Chrome on iOS prior to 146.0.7680.71 allowed a remote atta
Unsafe navigation in Navigation in Google Chrome on iOS prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2026-3942MEDIUMCVSS 4.3fixed in 146.0.7680.71≥ 146.0.7680.71, < 146.0.7680.712026-03-11
CVE-2026-3942 [MEDIUM] CWE-451 CVE-2026-3942: Incorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.71 allowed a remote a
Incorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
cvelistv5nvd
CVE-2026-3925MEDIUMCVSS 4.3fixed in 146.0.7680.71≥ 146.0.7680.71, < 146.0.7680.712026-03-11
CVE-2026-3925 [MEDIUM] CWE-451 CVE-2026-3925: Incorrect security UI in LookalikeChecks in Google Chrome on Android prior to 146.0.7680.71 allowed
Incorrect security UI in LookalikeChecks in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2026-3935MEDIUMCVSS 6.5fixed in 146.0.7680.71≥ 146.0.7680.71, < 146.0.7680.712026-03-11
CVE-2026-3935 [MEDIUM] CWE-451 CVE-2026-3935: Incorrect security UI in WebAppInstalls in Google Chrome prior to 146.0.7680.71 allowed a remote att
Incorrect security UI in WebAppInstalls in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2026-3938MEDIUMCVSS 4.3fixed in 146.0.7680.71≥ 146.0.7680.71, < 146.0.7680.712026-03-11
CVE-2026-3938 [MEDIUM] CWE-284 CVE-2026-3938: Insufficient policy enforcement in Clipboard in Google Chrome prior to 146.0.7680.71 allowed a remot
Insufficient policy enforcement in Clipboard in Google Chrome prior to 146.0.7680.71 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
cvelistv5nvd
CVE-2026-3937MEDIUMCVSS 6.5fixed in 146.0.7680.71≥ 146.0.7680.71, < 146.0.7680.712026-03-11
CVE-2026-3937 [MEDIUM] CWE-451 CVE-2026-3937: Incorrect security UI in Downloads in Google Chrome on Android prior to 146.0.7680.71 allowed a remo
Incorrect security UI in Downloads in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
cvelistv5nvd
CVE-2026-3934MEDIUMCVSS 6.5fixed in 146.0.7680.71≥ 146.0.7680.71, < 146.0.7680.712026-03-11
CVE-2026-3934 [MEDIUM] CWE-284 CVE-2026-3934: Insufficient policy enforcement in ChromeDriver in Google Chrome prior to 146.0.7680.71 allowed a re
Insufficient policy enforcement in ChromeDriver in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2026-3928MEDIUMCVSS 4.3fixed in 146.0.7680.71≥ 146.0.7680.71, < 146.0.7680.712026-03-11
CVE-2026-3928 [MEDIUM] CWE-451 CVE-2026-3928: Insufficient policy enforcement in Extensions in Google Chrome prior to 146.0.7680.71 allowed an att
Insufficient policy enforcement in Extensions in Google Chrome prior to 146.0.7680.71 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2026-3940MEDIUMCVSS 5.3fixed in 146.0.7680.71≥ 146.0.7680.71, < 146.0.7680.712026-03-11
CVE-2026-3940 [MEDIUM] CWE-284 CVE-2026-3940: Insufficient policy enforcement in DevTools in Google Chrome prior to 146.0.7680.71 allowed a remote
Insufficient policy enforcement in DevTools in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)
cvelistv5nvd
CVE-2026-3927MEDIUMCVSS 4.3fixed in 146.0.7680.71≥ 146.0.7680.71, < 146.0.7680.712026-03-11
CVE-2026-3927 [MEDIUM] CWE-451 CVE-2026-3927: Incorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.71 allowed a remote a
Incorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2026-3939MEDIUMCVSS 5.3fixed in 146.0.7680.71≥ 146.0.7680.71, < 146.0.7680.712026-03-11
CVE-2026-3939 [MEDIUM] CWE-284 CVE-2026-3939: Insufficient policy enforcement in PDF in Google Chrome prior to 146.0.7680.71 allowed a remote atta
Insufficient policy enforcement in PDF in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted PDF file. (Chromium security severity: Low)
cvelistv5nvd
CVE-2026-3941MEDIUMCVSS 4.3fixed in 146.0.7680.71≥ 146.0.7680.71, < 146.0.7680.712026-03-11
CVE-2026-3941 [MEDIUM] CWE-602 CVE-2026-3941: Insufficient policy enforcement in DevTools in Google Chrome prior to 146.0.7680.71 allowed a remote
Insufficient policy enforcement in DevTools in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)
cvelistv5nvd
CVE-2026-3929LOWCVSS 3.1fixed in 146.0.7680.71≥ 146.0.7680.71, < 146.0.7680.712026-03-11
CVE-2026-3929 [LOW] CWE-1300 CVE-2026-3929: Side-channel information leakage in ResourceTiming in Google Chrome prior to 146.0.7680.71 allowed a
Side-channel information leakage in ResourceTiming in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
cvelistv5nvd
CVE-2026-3545CRITICALCVSS 9.6fixed in 145.0.7632.159fixed in 145.0.7632.160+1 more2026-03-04
CVE-2026-3545 [CRITICAL] CWE-20 CVE-2026-3545: Insufficient data validation in Navigation in Google Chrome prior to 145.0.7632.159 allowed a remote
Insufficient data validation in Navigation in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2026-3541HIGHCVSS 8.8fixed in 145.0.7632.159fixed in 145.0.7632.160+1 more2026-03-04
CVE-2026-3541 [HIGH] CWE-284 CVE-2026-3541: Inappropriate implementation in CSS in Google Chrome prior to 145.0.7632.159 allowed a remote attack
Inappropriate implementation in CSS in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
cvelistv5nvd
CVE-2026-3538HIGHCVSS 8.8fixed in 145.0.7632.159≥ 145.0.7632.159, < 145.0.7632.1592026-03-04
CVE-2026-3538 [HIGH] CWE-472 CVE-2026-3538: Integer overflow in Skia in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to poten
Integer overflow in Skia in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Critical)
cvelistv5nvd