Google Chrome Chrome vulnerabilities

CVE-2026-4439 [CRITICAL] Stable Channel Update for Desktop: CVE-2026-4439 Stable Channel Update for Desktop CVE-2026-4439: Out of bounds memory access in WebGL. Reported by Goodluck on 2026-01-15 [TBD][ 485935305 ] Critical CVE-2026-4440: Out of bounds read and write in WebGL Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-02-20 [TBD][ 489381399 ] Critical CVE-2026-4441: Use after free in Base Severity: critical

CVE-2026-4458 [HIGH] Stable Channel Update for Desktop: CVE-2026-4458 Stable Channel Update for Desktop CVE-2026-4458: Use after free in Extensions. Reported by Shaheen Fazim on 2026-03-04 [TBD][ 490246422 ] High CVE-2026-4459: Out of bounds read and write in WebAudio Reported by Jihyeon Jeong (Compsec Lab, Seoul National University / Research Intern) on 2026-03-06 [TBD][ 490254124 ] High CVE-2026-4460: Out of bounds read in Skia Severity: high

CVE-2026-4452 [HIGH] Stable Channel Update for Desktop: CVE-2026-4452 Stable Channel Update for Desktop CVE-2026-4452: Integer overflow in ANGLE. Reported by cinzinga on 2026-02-26 [TBD][ 488400770 ] High CVE-2026-4453: Integer overflow in Dawn Reported by sweetchip on 2026-02-27 [TBD][ 488585488 ] High CVE-2026-4454: Use after free in Network Severity: high

CVE-2026-4445 [HIGH] Stable Channel Update for Desktop: CVE-2026-4445 Stable Channel Update for Desktop CVE-2026-4445: Use after free in WebRTC. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-02-22 [TBD][ 486421954 ] High CVE-2026-4446: Use after free in WebRTC Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-02-22 [TBD][ 486657483 ] High CVE-2026-4447: Inappropriate implementation in V8 Severity: high

CVE-2026-4449 [HIGH] Stable Channel Update for Desktop: CVE-2026-4449 Stable Channel Update for Desktop CVE-2026-4449: Use after free in Blink. Reported by Syn4pse on 2026-02-24 [TBD][ 487746373 ] High CVE-2026-4450: Out of bounds write in V8 Reported by qymag1c on 2026-02-26 [TBD][ 487768779 ] High CVE-2026-4451: Insufficient validation of untrusted input in Navigation Severity: high

CVE-2026-4455 [HIGH] Stable Channel Update for Desktop: CVE-2026-4455 Stable Channel Update for Desktop CVE-2026-4455: Heap buffer overflow in PDFium. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-01 [TBD][ 488617440 ] High CVE-2026-4456: Use after free in Digital Credentials API Reported by sean wong on 2026-02-28 [TBD][ 488803413 ] High CVE-2026-4457: Type Confusion in V8 Severity: high

CVE-2026-4448 [HIGH] Stable Channel Update for Desktop: CVE-2026-4448 Stable Channel Update for Desktop CVE-2026-4448: Heap buffer overflow in ANGLE. Reported by M Severity: high

CVE-2026-4442 [HIGH] Stable Channel Update for Desktop: CVE-2026-4442 Stable Channel Update for Desktop CVE-2026-4442: Heap buffer overflow in CSS. Reported by Syn4pse on 2026-02-16 [TBD][ 485292589 ] High CVE-2026-4443: Heap buffer overflow in WebAudio Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-02-18 [TBD][ 486349161 ] High CVE-2026-4444: Stack buffer overflow in WebRTC Severity: high

CVE-2026-4461 [HIGH] Stable Channel Update for Desktop: CVE-2026-4461 Stable Channel Update for Desktop CVE-2026-4461: Inappropriate implementation in V8. Reported by Google on 2026-03-07 [TBD][ 491080830 ] High CVE-2026-4462: Out of bounds read in Blink Reported by heapracer (@heapracer) on 2026-03-09 [TBD][ 491358681 ] High CVE-2026-4463: Heap buffer overflow in WebRTC Severity: high

CVE-2026-4464 [MEDIUM] Stable Channel Update for Desktop: CVE-2026-4464 Stable Channel Update for Desktop CVE-2026-4464: Integer overflow in ANGLE. Reported by heesun on 2026-02-24 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel Severity: medium

CVE-2026-3909 [HIGH] Long Term Support Channel Update for ChromeOS: CVE-2026-3909 Long Term Support Channel Update for ChromeOS CVE-2026-3909: Out of bounds write in Skia. [ 491410818 ] High CVE-2026-3910: Inappropriate implementation in V8 If you have devices in the LTC channel, they will be updated to this version Severity: high

CVE-2026-3910 [HIGH] Stable Channel Update for Desktop: CVE-2026-3910 Stable Channel Update for Desktop CVE-2026-3910: Inappropriate implementation in V8. Reported by Google Threat Analysis Group on 2026-03-10 Google is aware that an exploit for CVE-2026-3910 exists in the wild Severity: high

CVE-2026-3545 [CRITICAL] Long Term Support Channel Update for ChromeOS: CVE-2026-3545 Long Term Support Channel Update for ChromeOS CVE-2026-3545

CVE-2026-3541 [HIGH] Long Term Support Channel Update for ChromeOS: CVE-2026-3541 Long Term Support Channel Update for ChromeOS CVE-2026-3541

CVE-2026-3542 [HIGH] Long Term Support Channel Update for ChromeOS: CVE-2026-3542 Long Term Support Channel Update for ChromeOS CVE-2026-3542

CVE-2026-3925 [MEDIUM] Stable Channel Update for Desktop: CVE-2026-3925 Stable Channel Update for Desktop CVE-2026-3925: Incorrect security UI in LookalikeChecks. Reported by NDevTK and Alesandro Ortiz on 2025-05-17 [$7000][ 478659010 ] Medium CVE-2026-3926: Out of bounds read in V8 Reported by qymag1c on 2026-01-26 [$3000][ 474948986 ] Medium CVE-2026-3927: Incorrect security UI in PictureInPicture Severity: medium

CVE-2026-3936 [MEDIUM] Stable Channel Update for Desktop: CVE-2026-3936 Stable Channel Update for Desktop CVE-2026-3936: Use after free in WebView. Reported by Am4deu$ on 2026-02-05 [$3000][ 473118648 ] Low CVE-2026-3937: Incorrect security UI in Downloads Reported by Abhishek Kumar on 2026-01-03 [$2000][ 474763968 ] Low CVE-2026-3938: Insufficient policy enforcement in Clipboard Severity: medium

CVE-2026-3932 [MEDIUM] Stable Channel Update for Desktop: CVE-2026-3932 Stable Channel Update for Desktop CVE-2026-3932: Insufficient policy enforcement in PDF. Reported by Ayato Shitomi on 2026-01-23 [TBD][ 478783560 ] Medium CVE-2026-3934: Insufficient policy enforcement in ChromeDriver Reported by Povcfe of Tencent Security Xuanwu Lab on 2026-01-26 [TBD][ 479326680 ] Medium CVE-2026-3935: Incorrect security UI in WebAppInstalls Severity: medium

CVE-2026-3536 [CRITICAL] Stable Channel Update for Desktop: CVE-2026-3536 Stable Channel Update for Desktop CVE-2026-3536: Integer overflow in ANGLE. Reported by cinzinga on 2026-02-18 [$32,000][ 474266014 ] Critical CVE-2026-3537: Object lifecycle issue in PowerVR Reported by Zhihua Yao of KunLun Lab on 2026-01-08 [TBD][ 484983991 ] Critical CVE-2026-3538: Integer overflow in Skia Severity: critical

CVE-2025-38350 [HIGH] Long Term Support Channel Update for ChromeOS: CVE-2025-38350 Long Term Support Channel Update for ChromeOS CVE-2025-38350