Google Google Software and search

  1. Vendors
  2. Google

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Google product.

RSS Feeds for Google security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Google products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Google Sorted by Most Security Vulnerabilities since 2018

Google Android6108 vulnerabilities
Mobile operating system

Google Chrome3941 vulnerabilities
Web browser

Google Tensorflow432 vulnerabilities
Open source machine learning / AI library

Google ChromeOS51 vulnerabilities

Google Asylo16 vulnerabilities

Google Protobuf8 vulnerabilities

Google Gvisor7 vulnerabilities

Google Fuchsia5 vulnerabilities

Google Protobuf Java5 vulnerabilities

Google Gerrit4 vulnerabilities

Google Protobuf Javalite4 vulnerabilities

Google Protobuf Kotlin3 vulnerabilities

Google Web Toolkit3 vulnerabilities

Google Web Stories3 vulnerabilities

Google Web Designer3 vulnerabilities

Google Chromecast Firmware2 vulnerabilities

Google Firebase Php Jwt2 vulnerabilities

Google Nearby2 vulnerabilities

Google Protobuf Kotlin Lite2 vulnerabilities

Google Protobuf Python2 vulnerabilities

Google Updater2 vulnerabilities

Google Androidx Car App1 vulnerability

Google Application Integration1 vulnerability

Google Application Load Balancer1 vulnerability

Google Bazel For Android Studio1 vulnerability

Google Bazel For Clion1 vulnerability

Google Bazel For Intellij1 vulnerability

Google Car1 vulnerability

Google Cloud Looker1 vulnerability

Google Custom Search Engine1 vulnerability

Google Firebase Command Line Interface1 vulnerability

Google Firebase Javascript Sdk1 vulnerability

Google Secops Soar1 vulnerability

Google Looker1 vulnerability

Google Migrate To Containers1 vulnerability

Google Nftables1 vulnerability

Google Osv Scalibr1 vulnerability

Google Pixel1 vulnerability

Google Pixel Watch Firmware1 vulnerability

Google Reverb1 vulnerability

Google Safearchive1 vulnerability

Google Tensorflow Serving1 vulnerability

Google Tink C1 vulnerability

Google Tink Java1 vulnerability

Google Vertex Ai1 vulnerability

Google Vertex Gemini Api1 vulnerability

Recent Google Security Advisories

Advisory Title Published
2026-04-23 Chrome Releases: Stable Channel Update for ChromeOS / ChromeOS Flex April 23, 2026
2026-04-22 Chrome Releases: Chrome Stable for iOS Update (version 148) April 22, 2026
2026-04-22 Chrome Releases: Stable Channel Update for Desktop (version 147.0.7727.116) April 22, 2026
2026-04-22 Chrome Releases: Chrome for Android Update (version 147) April 22, 2026
2026-04-16 Chrome Releases: Stable Channel Update for ChromeOS / ChromeOS Flex April 16, 2026
2026-04-16 Chrome Releases: Stable Channel Update for Desktop (version 147.0.7727.101) April 16, 2026
2026-04-16 Chrome Releases: Chrome for Android Update (version 147) April 16, 2026
2026-04-14 Chrome Releases: Chrome Stable for iOS Update (version 147) April 14, 2026
2026-04-08 Chrome Releases: Stable Channel Update for Desktop (version 147) April 8, 2026
2026-04-08 Chrome Releases: Chrome for Android Update (version 147) April 8, 2026

Known Exploited Google Vulnerabilities

The following Google vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Google Dawn Use-After-Free Vulnerability Google Dawn contains an use-after-free vulnerability that could allow a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. This vulnerability could affect multiple Chromium-based products including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
CVE-2026-5281 Exploit Probability: 3.3% 		April 1, 2026
Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerabi Google Chromium V8 contains an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
CVE-2026-3910 Exploit Probability: 0.7% 		March 13, 2026
Google Skia Out-of-Bounds Write Vulnerability Google Skia contains an out-of-bounds write vulnerability that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. This vulnerability affects Google Chrome and ChromeOS, Android, Flutter, and possibly other products.
CVE-2026-3909 Exploit Probability: 0.3% 		March 13, 2026
Google Chromium CSS Use-After-Free Vulnerability Google Chromium CSS contains a use-after-free vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
CVE-2026-2441 Exploit Probability: 0.4% 		February 17, 2026
Google Chromium Out of Bounds Memory Access Vulnerability Google Chromium contains an out of bounds memory access vulnerability in ANGLE that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
CVE-2025-14174 Exploit Probability: 1.0% 		December 12, 2025
Google Chromium V8 Type Confusion Vulnerability Google Chromium V8 contains a type confusion vulnerability that allows for heap corruption.
CVE-2025-13223 Exploit Probability: 2.8% 		November 19, 2025
Google Chromium V8 Type Confusion Vulnerability Google Chromium contains a type confusion vulnerability in the V8 JavaScript and WebAssembly engine.
CVE-2025-10585 Exploit Probability: 0.7% 		September 23, 2025
Google Chromium ANGLE and GPU Improper Input Validation Vulnerability Google Chromium contains an improper input validation vulnerability in ANGLE and GPU. This vulnerability could allow a remote attacker to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
CVE-2025-6558 Exploit Probability: 0.2% 		July 22, 2025
Google Chromium V8 Type Confusion Vulnerability Google Chromium V8 contains a type confusion vulnerability that could allow a remote attacker to perform arbitrary read/write via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
CVE-2025-6554 Exploit Probability: 0.9% 		July 2, 2025
Google Chromium V8 Out-of-Bounds Read and Write Vulnerability Google Chromium V8 contains an out-of-bounds read and write vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
CVE-2025-5419 Exploit Probability: 3.3% 		June 5, 2025
Google Chromium Loader Insufficient Policy Enforcement Vulnerability Google Chromium contains an insufficient policy enforcement vulnerability that allows a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2025-4664 Exploit Probability: 0.1% 		May 15, 2025
Google Chromium Mojo Sandbox Escape Vulnerability Google Chromium Mojo on Windows contains a sandbox escape vulnerability caused by a logic error, which results from an incorrect handle being provided in unspecified circumstances. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
CVE-2025-2783 Exploit Probability: 39.5% 		March 27, 2025
Google Chromium V8 Inappropriate Implementation Vulnerability Google Chromium V8 contains an inappropriate implementation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
CVE-2024-7965 Exploit Probability: 26.8% 		August 28, 2024
Google Chromium V8 Type Confusion Vulnerability Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
CVE-2024-7971 Exploit Probability: 1.5% 		August 26, 2024
Google Chromium V8 Type Confusion Vulnerability Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
CVE-2024-5274 Exploit Probability: 3.6% 		May 28, 2024
Google Chromium V8 Type Confusion Vulnerability Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page.
CVE-2024-4947 Exploit Probability: 0.4% 		May 20, 2024
Google Chromium V8 Out-of-Bounds Memory Write Vulnerability Google Chromium V8 Engine contains an unspecified out-of-bounds memory write vulnerability via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
CVE-2024-4761 Exploit Probability: 2.5% 		May 16, 2024
Google Chromium Visuals Use-After-Free Vulnerability Google Chromium Visuals contains a use-after-free vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
CVE-2024-4671 Exploit Probability: 0.2% 		May 13, 2024
Google Chromium V8 Type Confusion Vulnerability Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page.
CVE-2023-4762 Exploit Probability: 64.6% 		February 6, 2024
Google Chromium V8 Out-of-Bounds Memory Access Vulnerability Google Chromium V8 contains an out-of-bounds memory access vulnerability. Specific impacts from exploitation are not available at this time.
CVE-2024-0519 Exploit Probability: 0.1% 		January 17, 2024

3 known exploited Google vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.

Top 10 Riskiest Google Vulnerabilities

Based on the current exploit probability, these Google vulnerabilities are on CISA's Known Exploited vulnerabilities list (KEV) and are ranked by the current EPSS exploit probability.

Rank CVE EPSS Vulnerability
1 CVE-2023-4863 94.1% Google Chromium Heap-Based Buffer Overflow Vulnerability
2 CVE-2020-15999 92.9% Google Chrome FreeType Memory Corruption
3 CVE-2021-21220 92.6% Chromium V8 Input Validation Vulnerability
4 CVE-2018-17463 92.2% Google Chromium V8 Remote Code Execution Vulnerability
5 CVE-2019-13720 89.6% Google Chrome Use-After-Free Vulnerability
6 CVE-2019-5786 89.5% Google Chrome Use-After-Free Vulnerability
7 CVE-2018-6065 88.8% Google Chromium V8 Integer Overflow Vulnerability
8 CVE-2020-6418 85.7% Chromium V8 Type Confusion Vulnerability
9 CVE-2020-16009 84.4% Chromium V8 Implementation Vulnerability
10 CVE-2021-30632 83.4% Google Chrome Out-of-bounds write

By the Year

In 2026 there have been 365 vulnerabilities in Google with an average score of 7.7 out of ten. Last year, in 2025 Google had 716 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Google in 2026 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.53.




Year Vulnerabilities Average Score
2026 365 7.66
2025 716 7.14
2024 1125 7.28
2023 1564 6.66
2022 1592 6.85
2021 1166 7.11
2020 1033 6.87
2019 858 7.33
2018 570 7.43

It may take a day or so for new Google vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Google Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2026-6921 Apr 23, 2026
Chrome 147.0.7727.117 GPU Race: Windows Sandbox Escape via Video File Race in GPU in Google Chrome on Windows prior to 147.0.7727.117 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. (Chromium security severity: Medium)
Chrome
CVE-2026-6920 Apr 23, 2026
OOB read in GPU of Google Chrome Android (<147.0.7727.117) Out of bounds read in GPU in Google Chrome on Android prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-6919 Apr 23, 2026
Use-after-Free in Chrome DevTools <147.0.7727.117: Remote Sandbox Escapes Use after free in DevTools in Google Chrome prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-3259 Apr 23, 2026
Google BigQuery MV Error Disclosure Vulnerability A Generation of Error Message Containing Sensitive Information vulnerability in the Materialized View Refresh mechanism in Google BigQuery on Google Cloud Platform allows an authenticated user to potentially disclose sensitive data using a crafted materialized view that triggers a runtime error during the refresh process. This vulnerability was patched on 29 January 2026, and no customer action is needed.
CVE-2026-6364 Apr 15, 2026
OOB Read in Skia of Chrome < 147.0.7727.101 Out of bounds read in Skia in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted file. (Chromium security severity: Medium)
Chrome
CVE-2026-6319 Apr 15, 2026
Google Chrome Android Use-After-Free in Payments prior to 147.0.7727.101 Use after free in Payments in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Medium)
Chrome
CVE-2026-6318 Apr 15, 2026
UAF in Chrome Codecs <147.0.7727.101 enables remote code exec Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
Chrome
CVE-2026-6317 Apr 15, 2026
Use After Free in Cast: Chrome <147.0.7727.101 Use after free in Cast in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-6363 Apr 15, 2026
Type Confusion in V8 (Chrome <147.0.7727.101) allows OOB Memory Access Type Confusion in V8 in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)
Chrome
CVE-2026-6362 Apr 15, 2026
Use-after-Free in Chrome Codecs before 147.0.7727.101 Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted video file. (Chromium security severity: High)
Chrome
CVE-2026-6361 Apr 15, 2026
Heap buffer overflow PDFium in Chrome <147.0.7727.101 Heap buffer overflow in PDFium in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)
Chrome
CVE-2026-6315 Apr 15, 2026
AOF in Chrome Android Permissions (<147.0.7727.101) Use after free in Permissions in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-6316 Apr 15, 2026
Chrome Forms UAF (v147.0.7727.x) Allows RCE in Sandbox Use after free in Forms in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-6313 Apr 15, 2026
CORS Policy Violation in Google Chrome <147.0.7727.101 (Renderer Compromise) Insufficient policy enforcement in CORS in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-6314 Apr 15, 2026
Out-of-Bounds GPU Write in Google Chrome <147.0.7727.101 Allows Sandbox Escape Out of bounds write in GPU in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the GPU process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-6312 Apr 15, 2026
Google Chrome <147.0.7727.101: Password Policy Leak via Renderer Compromise Insufficient policy enforcement in Passwords in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-6310 Apr 15, 2026
Use-After-Free in Chrome Dawn <147.0.7727.101 for sandbox escape Use after free in Dawn in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-6311 Apr 15, 2026
Uninitialized Use in Chrome Accessibility: <147.0.7727.101 sandbox escape Win Uninitialized Use in Accessibility in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-6360 Apr 15, 2026
Use After Free in FileSystem of Google Chrome <147.0.7727.101 Use after free in FileSystem in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-6309 Apr 15, 2026
Use-after-free in Viz enabling sandbox escape in Chrome <147.0.7727.101 Use after free in Viz in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-6308 Apr 15, 2026
Chrome 147 Media OOB Read Before 147.0.7727.101 (CVE-2026-6308) Out of bounds read in Media in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-6307 Apr 15, 2026
Chrome <147.0.7727.101: Turbofan Type Confusion RCE in Sandbox Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-6305 Apr 15, 2026
Google Chrome <147.0.7727.101: Heap buffer overflow in PDFium Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)
Chrome
CVE-2026-6306 Apr 15, 2026
PDFium Heap Buffer Overflow in Chrome <147.0.7727.101 Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)
Chrome
CVE-2026-6304 Apr 15, 2026
Use-After-Free in Chrome Graphite <147.0.7727.101 Use after free in Graphite in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-6303 Apr 15, 2026
Chrome Use After Free in Codecs <147.0.7727.101 RCE via HTML Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-6302 Apr 15, 2026
Use After Free in Google Chrome Video (<147.0.7727.101) Remote Code Exec Use after free in Video in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-6300 Apr 15, 2026
Use-after-free in Chrome CSS before 147.0.7727.101 Use after free in CSS in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-6301 Apr 15, 2026
Chrome Turbofan Type Confusion CVE-2026-6301 (before 147.0.7727.101) Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-6359 Apr 15, 2026
UAF in Chrome video component before 147.0.7727.101 (Windows) Use after free in Video in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-6358 Apr 15, 2026
Use-after-free in Google Chrome XR on Android <147.0.7727.101: OOB memory read Use after free in XR in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Critical)
Chrome
CVE-2026-6298 Apr 15, 2026
CVE-2026-6298: Skia Heap Overflow in Chrome <147.0.7727.101 (Critical) Heap buffer overflow in Skia in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Critical)
Chrome
CVE-2026-6299 Apr 15, 2026
Use after free in Prerender in Chrome <147.0.7727.101 Use after free in Prerender in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
Chrome
CVE-2026-6297 Apr 15, 2026
Google Chrome UAF in Proxy before 147.0.7727.101 (Sandbox Escape) Use after free in Proxy in Google Chrome prior to 147.0.7727.101 allowed an attacker in a privileged network position to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
Chrome
CVE-2026-6296 Apr 15, 2026
ANGLE Heap Buffer Overflow in Chrome 147 Prior to 147.0.7727.101 Heap buffer overflow in ANGLE in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
Chrome
CVE-2026-4810 Apr 13, 2026
Adk Code Injection & Missing Auth (Google ADK <1.28.1/2.0.0a2) A Code Injection and Missing Authentication vulnerability in Google Agent Development Kit (ADK) versions 1.7.0 (and 2.0.0a1) through 1.28.1 (and 2.0.0a2) on Python (OSS), Cloud Run, and GKE allows an unauthenticated remote attacker to execute arbitrary code on the server hosting the ADK instance. This vulnerability was patched in versions 1.28.1 and 2.0.0a2. Customers need to redeploy the upgraded ADK to their production environments. In addition, if they are running ADK Web locally, they also need to upgrade their local instance.
CVE-2026-5919 Apr 08, 2026
Google Chrome <147.0.7727.55: WebSocket Same-Origin Policy Bypass Insufficient validation of untrusted input in WebSockets in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low)
Chrome
CVE-2026-5918 Apr 08, 2026
Chrome Nav CVE-2026-5918: Cross-Origin Leak via Renderer <147.0.7727.55 Inappropriate implementation in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
Chrome
CVE-2026-5915 Apr 08, 2026
Google Chrome WebML OOB on <147.0.7727.55 Insufficient validation of untrusted input in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Low)
Chrome
CVE-2026-5914 Apr 08, 2026
Chrome <147.0.7727.55: CSS T. Confusion -> Heap Corrupt via Malicious Ext Type Confusion in CSS in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Low)
Chrome
CVE-2026-5913 Apr 08, 2026
CVE-2026-5913: OOB Read in Blink (Chrome <147.0.7727.55) Out of bounds read in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Low)
Chrome
CVE-2026-5912 Apr 08, 2026
Google Chrome WebRTC OOB Memory Write via Integer Overflow (CVE-2026-5912) Integer overflow in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Low)
Chrome
CVE-2026-5910 Apr 08, 2026
Chrome Integer Overflow in Media Component <147.0.7727.55 Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (Chromium security severity: Low)
Chrome
CVE-2026-5911 Apr 08, 2026
Chrome CSP Bypass via ServiceWorkers (147.0.7727.55) Policy bypass in ServiceWorkers in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)
Chrome
CVE-2026-5908 Apr 08, 2026
Integer Overflow in Google Chrome Media (prior to 147.0.7727.55) Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (Chromium security severity: Low)
Chrome
CVE-2026-5909 Apr 08, 2026
Google Chrome Integer Overflow in Media <147.0.7727.55 (Remote Heap Corruption) Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (Chromium security severity: Low)
Chrome
CVE-2026-5906 Apr 08, 2026
Chrome Android <147.0.7727.55: Omnibox spoofing via crafted page Incorrect security UI in Omnibox in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)
Chrome
CVE-2026-5907 Apr 08, 2026
Google Chrome <147.0.7727.55 Media OOB Read via crafted video file Insufficient data validation in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory read via a crafted video file. (Chromium security severity: Low)
Chrome
CVE-2026-5904 Apr 08, 2026
Use-after-free in V8 before 147.0.7727.55 via malicious Chrome Extension Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Low)
Chrome
CVE-2026-5903 Apr 08, 2026
Policy Bypass via IFrameSandbox in Chrome <147.0.7727.55 Policy bypass in IFrameSandbox in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)
Chrome
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.