Google Chrome Chrome vulnerabilities

CVE-2026-6364 [MEDIUM] Stable Channel Update for Desktop: CVE-2026-6364 Stable Channel Update for Desktop CVE-2026-6364: Out of bounds read in Skia. Reported by Google Threat Intelligence on 2026-04-13 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel Severity: medium

CVE-2026-4441 [HIGH] Long Term Support Channel Update for ChromeOS: CVE-2026-4441 Long Term Support Channel Update for ChromeOS CVE-2026-4441: Use after free in Base. [ 485935305 ] High CVE-2026-4440: Out of bounds read and write in WebGL Severity: high

CVE-2026-4446 [HIGH] Long Term Support Channel Update for ChromeOS: CVE-2026-4446 Long Term Support Channel Update for ChromeOS CVE-2026-4446: Use after free in WebRTC. [ 490254124 ] High CVE-2026-4460: Out of bounds read in Skia Severity: high

CVE-2026-5858 [CRITICAL] Stable Channel Update for Desktop: CVE-2026-5858 Stable Channel Update for Desktop CVE-2026-5858: Heap buffer overflow in WebML. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-17 [$43000][ 494158331 ] Critical CVE-2026-5859: Integer overflow in WebML Reported by Anonymous on 2026-03-19 [$11000][ 486495143 ] High CVE-2026-5860: Use after free in WebRTC Severity: critical

CVE-2026-5861 [HIGH] Stable Channel Update for Desktop: CVE-2026-5861 Stable Channel Update for Desktop CVE-2026-5861: Use after free in V8. Reported by 5shain on 2026-02-23 [TBD][ 470566252 ] High CVE-2026-5862: Inappropriate implementation in V8 Reported by Google on 2025-12-21 [TBD][ 484527367 ] High CVE-2026-5863: Inappropriate implementation in V8 Severity: high

CVE-2026-5870 [HIGH] Stable Channel Update for Desktop: CVE-2026-5870 Stable Channel Update for Desktop CVE-2026-5870: Integer overflow in Skia. Reported by Google on 2026-03-23 [TBD][ 495679730 ] High CVE-2026-5871: Type Confusion in V8 Reported by Google on 2026-03-24 [TBD][ 496281816 ] High CVE-2026-5872: Use after free in Blink Severity: high

CVE-2026-5864 [HIGH] Stable Channel Update for Desktop: CVE-2026-5864 Stable Channel Update for Desktop CVE-2026-5864: Heap buffer overflow in WebAudio. Reported by Syn4pse on 2026-03-08 [TBD][ 491884710 ] High CVE-2026-5865: Type Confusion in V8 Reported by Project WhatForLunch (@pjwhatforlunch) on 2026-03-12 [TBD][ 492218537 ] High CVE-2026-5866: Use after free in Media Severity: high

CVE-2026-5873 [HIGH] Stable Channel Update for Desktop: CVE-2026-5873 Stable Channel Update for Desktop CVE-2026-5873: Out of bounds read and write in V8. Reported by Google on 2026-03-25 [$11000][ 485397279 ] Medium CVE-2026-5874: Use after free in PrivateAI Reported by Krace on 2026-02-18 [$4000][ 430198264 ] Medium CVE-2026-5875: Policy bypass in Blink Severity: high

CVE-2026-5867 [HIGH] Stable Channel Update for Desktop: CVE-2026-5867 Stable Channel Update for Desktop CVE-2026-5867: Heap buffer overflow in WebML. Reported by Syn4pse on 2026-03-14 [TBD][ 493256564 ] High CVE-2026-5868: Heap buffer overflow in ANGLE Reported by cinzinga on 2026-03-16 [TBD][ 493708165 ] High CVE-2026-5869: Heap buffer overflow in WebML Severity: high

CVE-2026-5885 [MEDIUM] Stable Channel Update for Desktop: CVE-2026-5885 Stable Channel Update for Desktop CVE-2026-5885: Insufficient validation of untrusted input in WebML. Reported by Bryan Bernhart on 2026-02-17 [TBD][ 485397283 ] Medium CVE-2026-5886: Out of bounds read in WebAudio Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-02-18 [TBD][ 486079015 ] Medium CVE-2026-5887: Insufficient validation of untrusted input in Downloads Severity: medium

CVE-2026-5876 [MEDIUM] Stable Channel Update for Desktop: CVE-2026-5876 Stable Channel Update for Desktop CVE-2026-5876: Side-channel information leakage in Navigation. Reported by Lyra Rebane (rebane2001) on 2023-12-18 [TBD][ 333024273 ] Medium CVE-2026-5877: Use after free in Navigation Reported by Cassidy Kim(@cassidy6564) on 2024-04-05 [TBD][ 365089001 ] Medium CVE-2026-5878: Incorrect security UI in Blink Severity: medium

CVE-2026-5879 [MEDIUM] Stable Channel Update for Desktop: CVE-2026-5879 Stable Channel Update for Desktop CVE-2026-5879: Insufficient validation of untrusted input in ANGLE. Reported by parkminchan, working for SSD Labs Korea on 2023-10-01 [TBD][ 424995036 ] Medium CVE-2026-5880: Incorrect security UI in browser UI Reported by Anonymous on 2025-06-14 [TBD][ 454162508 ] Medium CVE-2026-5881: Policy bypass in LocalNetworkAccess Severity: medium

CVE-2026-5882 [MEDIUM] Stable Channel Update for Desktop: CVE-2026-5882 Stable Channel Update for Desktop CVE-2026-5882: Incorrect security UI in Fullscreen. Reported by Anonymous on 2026-02-02 [TBD][ 482958590 ] Medium CVE-2026-5883: Use after free in Media Reported by sherkito on 2026-02-09 [TBD][ 484547633 ] Medium CVE-2026-5884: Insufficient validation of untrusted input in Media Severity: medium

CVE-2026-5891 [MEDIUM] Stable Channel Update for Desktop: CVE-2026-5891 Stable Channel Update for Desktop CVE-2026-5891: Insufficient policy enforcement in browser UI. Reported by Tianyi Hu on 2026-02-25 [TBD][ 487568011 ] Medium CVE-2026-5892: Insufficient policy enforcement in PWAs Reported by Tianyi Hu on 2026-02-25 [TBD][ 487768771 ] Medium CVE-2026-5893: Race in V8 Severity: medium

CVE-2026-5888 [MEDIUM] Stable Channel Update for Desktop: CVE-2026-5888 Stable Channel Update for Desktop CVE-2026-5888: Uninitialized Use in WebCodecs. Reported by Identified by the Octane Security Team: Giovanni Vignone, Paolo Gentry, Robert van Eijk on 2026-02-22 [TBD][ 486906037 ] Medium CVE-2026-5889: Cryptographic Flaw in PDFium Reported by mlafon on 2026-02-23 [TBD][ 487259772 ] Medium CVE-2026-5890: Race in WebCodecs Severity: medium

CVE-2026-5909 [LOW] Stable Channel Update for Desktop: CVE-2026-5909 Stable Channel Update for Desktop CVE-2026-5909: Integer overflow in Media. Reported by Mohammed Yasar B & Ameen Basha M K on 2026-02-17 [TBD][ 485212874 ] Low CVE-2026-5910: Integer overflow in Media Reported by Ameen Basha M K & Mohammed Yasar B on 2026-02-17 [TBD][ 485785246 ] Low CVE-2026-5911: Policy bypass in ServiceWorkers Severity: low

CVE-2026-5912 [LOW] Stable Channel Update for Desktop: CVE-2026-5912 Stable Channel Update for Desktop CVE-2026-5912: Integer overflow in WebRTC. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-02-22 [TBD][ 487195286 ] Low CVE-2026-5913: Out of bounds read in Blink Reported by Vitaly Simonovich on 2026-02-24 [TBD][ 490023239 ] Low CVE-2026-5914: Type Confusion in CSS Severity: low

CVE-2026-5903 [LOW] Stable Channel Update for Desktop: CVE-2026-5903 Stable Channel Update for Desktop CVE-2026-5903: Policy bypass in IFrameSandbox. Reported by @Ciarands on 2026-02-11 [TBD][ 483851888 ] Low CVE-2026-5904: Use after free in V8 Reported by Zhenpeng (Leo) Lin at depthfirst on 2026-02-12 [TBD][ 483899628 ] Low CVE-2026-5905: Incorrect security UI in Permissions Severity: low

CVE-2026-5918 [LOW] Stable Channel Update for Desktop: CVE-2026-5918 Stable Channel Update for Desktop CVE-2026-5918: Inappropriate implementation in Navigation. Reported by Google on 2026-03-05 [TBD][ 483423893 ] Low CVE-2026-5919: Insufficient validation of untrusted input in WebSockets Reported by Richard Belisle on 2026-02-10 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel Sev

CVE-2026-5915 [LOW] Stable Channel Update for Desktop: CVE-2026-5915 Stable Channel Update for Desktop CVE-2026-5915: Insufficient validation of untrusted input in WebML. Reported by ningxin Severity: low