Google Software and search
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Google product.
RSS Feeds for Google security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in Google products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by Google Sorted by Most Security Vulnerabilities since 2018
Recent Google Security Advisories
| Advisory | Title | Published |
|---|---|---|
| 2026-03-26 | Chrome Releases: Chrome for Android Update (version 147) | March 26, 2026 |
| 2026-03-25 | Chrome Releases: Chrome Stable for iOS Update (version 147) | March 25, 2026 |
| 2026-03-25 | Chrome Releases: Stable Channel Update for ChromeOS / ChromeOS Flex | March 25, 2026 |
| 2026-03-24 | Chrome Releases: Stable Channel Update for Desktop (version 146.0.7680.164) | March 24, 2026 |
| 2026-03-24 | Chrome Releases: Chrome for Android Update (version 146) | March 24, 2026 |
| 2026-03-18 | Chrome Releases: Stable Channel Update for Desktop (version 146.0.7680.153) | March 18, 2026 |
| 2026-03-18 | Chrome Releases: Chrome for Android Update (version 146) | March 18, 2026 |
| 2026-03-12 | Chrome Releases: January 2026 | March 12, 2026 |
| 2026-03-10 | Chrome Releases: Stable Channel Update for Desktop (version 146) | March 10, 2026 |
| 2026-03-10 | Chrome Releases: Chrome Stable for iOS Update (version 146) | March 10, 2026 |
Known Exploited Google Vulnerabilities
The following Google vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerabi |
Google Chromium V8 contains an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. CVE-2026-3910 Exploit Probability: 1.3% |
March 13, 2026 |
| Google Skia Out-of-Bounds Write Vulnerability |
Google Skia contains an out-of-bounds write vulnerability that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. This vulnerability affects Google Chrome and ChromeOS, Android, Flutter, and possibly other products. CVE-2026-3909 Exploit Probability: 4.4% |
March 13, 2026 |
| Google Chromium CSS Use-After-Free Vulnerability |
Google Chromium CSS contains a use-after-free vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. CVE-2026-2441 Exploit Probability: 0.2% |
February 17, 2026 |
| Google Chromium Out of Bounds Memory Access Vulnerability |
Google Chromium contains an out of bounds memory access vulnerability in ANGLE that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. CVE-2025-14174 Exploit Probability: 0.9% |
December 12, 2025 |
| Google Chromium V8 Type Confusion Vulnerability |
Google Chromium V8 contains a type confusion vulnerability that allows for heap corruption. CVE-2025-13223 Exploit Probability: 2.5% |
November 19, 2025 |
| Google Chromium V8 Type Confusion Vulnerability |
Google Chromium contains a type confusion vulnerability in the V8 JavaScript and WebAssembly engine. CVE-2025-10585 Exploit Probability: 0.7% |
September 23, 2025 |
| Google Chromium ANGLE and GPU Improper Input Validation Vulnerability |
Google Chromium contains an improper input validation vulnerability in ANGLE and GPU. This vulnerability could allow a remote attacker to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. CVE-2025-6558 Exploit Probability: 0.2% |
July 22, 2025 |
| Google Chromium V8 Type Confusion Vulnerability |
Google Chromium V8 contains a type confusion vulnerability that could allow a remote attacker to perform arbitrary read/write via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. CVE-2025-6554 Exploit Probability: 0.9% |
July 2, 2025 |
| Google Chromium V8 Out-of-Bounds Read and Write Vulnerability |
Google Chromium V8 contains an out-of-bounds read and write vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. CVE-2025-5419 Exploit Probability: 3.4% |
June 5, 2025 |
| Google Chromium Loader Insufficient Policy Enforcement Vulnerability |
Google Chromium contains an insufficient policy enforcement vulnerability that allows a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2025-4664 Exploit Probability: 0.1% |
May 15, 2025 |
| Google Chromium Mojo Sandbox Escape Vulnerability |
Google Chromium Mojo on Windows contains a sandbox escape vulnerability caused by a logic error, which results from an incorrect handle being provided in unspecified circumstances. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. CVE-2025-2783 Exploit Probability: 35.6% |
March 27, 2025 |
| Google Chromium V8 Inappropriate Implementation Vulnerability |
Google Chromium V8 contains an inappropriate implementation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. CVE-2024-7965 Exploit Probability: 26.8% |
August 28, 2024 |
| Google Chromium V8 Type Confusion Vulnerability |
Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. CVE-2024-7971 Exploit Probability: 1.0% |
August 26, 2024 |
| Google Chromium V8 Type Confusion Vulnerability |
Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. CVE-2024-5274 Exploit Probability: 5.7% |
May 28, 2024 |
| Google Chromium V8 Type Confusion Vulnerability |
Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. CVE-2024-4947 Exploit Probability: 0.4% |
May 20, 2024 |
| Google Chromium V8 Out-of-Bounds Memory Write Vulnerability |
Google Chromium V8 Engine contains an unspecified out-of-bounds memory write vulnerability via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. CVE-2024-4761 Exploit Probability: 5.2% |
May 16, 2024 |
| Google Chromium Visuals Use-After-Free Vulnerability |
Google Chromium Visuals contains a use-after-free vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. CVE-2024-4671 Exploit Probability: 0.5% |
May 13, 2024 |
| Google Chromium V8 Type Confusion Vulnerability |
Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. CVE-2023-4762 Exploit Probability: 63.6% |
February 6, 2024 |
| Google Chromium V8 Out-of-Bounds Memory Access Vulnerability |
Google Chromium V8 contains an out-of-bounds memory access vulnerability. Specific impacts from exploitation are not available at this time. CVE-2024-0519 Exploit Probability: 0.1% |
January 17, 2024 |
| Google Skia Integer Overflow Vulnerability |
Google Skia contains an integer overflow vulnerability affecting Google Chrome and ChromeOS, Android, Flutter, and possibly other products. CVE-2023-6345 Exploit Probability: 0.7% |
November 30, 2023 |
3 known exploited Google vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.
Top 10 Riskiest Google Vulnerabilities
Based on the current exploit probability, these Google vulnerabilities are on CISA's Known Exploited vulnerabilities list (KEV) and are ranked by the current EPSS exploit probability.
| Rank | CVE | EPSS | Vulnerability |
|---|---|---|---|
| 1 | CVE-2023-4863 | 94.1% | Google Chromium Heap-Based Buffer Overflow Vulnerability |
| 2 | CVE-2020-15999 | 92.9% | Google Chrome FreeType Memory Corruption |
| 3 | CVE-2021-21220 | 92.6% | Chromium V8 Input Validation Vulnerability |
| 4 | CVE-2018-17463 | 92.2% | Google Chromium V8 Remote Code Execution Vulnerability |
| 5 | CVE-2019-5786 | 89.6% | Google Chrome Use-After-Free Vulnerability |
| 6 | CVE-2018-6065 | 88.8% | Google Chromium V8 Integer Overflow Vulnerability |
| 7 | CVE-2019-13720 | 87.5% | Google Chrome Use-After-Free Vulnerability |
| 8 | CVE-2020-6418 | 86.4% | Chromium V8 Type Confusion Vulnerability |
| 9 | CVE-2021-30632 | 84.9% | Google Chrome Out-of-bounds write |
| 10 | CVE-2020-16009 | 84.4% | Chromium V8 Implementation Vulnerability |
By the Year
In 2026 there have been 246 vulnerabilities in Google with an average score of 7.8 out of ten. Last year, in 2025 Google had 716 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Google in 2026 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.66.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 246 | 7.78 |
| 2025 | 716 | 7.13 |
| 2024 | 1124 | 7.28 |
| 2023 | 1564 | 6.66 |
| 2022 | 1592 | 6.85 |
| 2021 | 1166 | 7.11 |
| 2020 | 1033 | 6.87 |
| 2019 | 858 | 7.33 |
| 2018 | 570 | 7.43 |
It may take a day or so for new Google vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Google Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2026-4680 | Mar 24, 2026 |
Use-after-Free in Chrome FedCM (146.0.7680.164) Exec Arbitrary CodeUse after free in FedCM in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) |
Chrome
|
| CVE-2026-4678 | Mar 24, 2026 |
Use-After-Free in WebGPU before Chrome 146.0.7680.165Use after free in WebGPU in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) |
Chrome
|
| CVE-2026-4679 | Mar 24, 2026 |
Google Chrome Fonts INT Overflow CVE-2026-4679 before 146.0.7680.165Integer overflow in Fonts in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) |
Chrome
|
| CVE-2026-4676 | Mar 24, 2026 |
Use-After-Free in Dawn (Chrome < 146.0.7680.165) Enables Sandbox EscapeUse after free in Dawn in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) |
Chrome
|
| CVE-2026-4677 | Mar 24, 2026 |
Chrome WebAudio OOB Read before 146.0.7680.165Inappropriate implementation in WebAudio in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) |
Chrome
|
| CVE-2026-4673 | Mar 24, 2026 |
Google Chrome Heap Buffer Overflow in WebAudio <146.0.7680.165Heap buffer overflow in WebAudio in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) |
Chrome
|
| CVE-2026-4674 | Mar 24, 2026 |
Out-of-Bounds Read via CSS in Chrome <146.0.7680.165Out of bounds read in CSS in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) |
Chrome
|
| CVE-2026-4675 | Mar 24, 2026 |
CVE-2026-4675: Heap Buffer Overflow in WebGL before Chrome 146.0.7680.165Heap buffer overflow in WebGL in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) |
Chrome
|
| CVE-2026-4464 | Mar 20, 2026 |
Chrome ANGLE Integer Overflow <146.0.7680.153Integer overflow in ANGLE in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) |
Chrome
|
| CVE-2026-4463 | Mar 20, 2026 |
Heap overflow in WebRTC of Google Chrome <146.0.7680.153Heap buffer overflow in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
Chrome
|
| CVE-2026-4462 | Mar 20, 2026 |
OOB_READ_IN_BLINK_CHROME_PRE_146.0.7680.153Out of bounds read in Blink in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) |
Chrome
|
| CVE-2026-4461 | Mar 20, 2026 |
Google Chrome <146.0.7680.153: V8 Engine Heap CorruptionInappropriate implementation in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
Chrome
|
| CVE-2026-4460 | Mar 20, 2026 |
Chrome Skia OOB Read CVE2026-4460 (pre146.0.7680.153)Out of bounds read in Skia in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) |
Chrome
|
| CVE-2026-4459 | Mar 20, 2026 |
CVE-2026-4459: OOB Read/Write in Chrome WebAudio (pre-146.0.7680.153)Out of bounds read and write in WebAudio in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
Chrome
|
| CVE-2026-4458 | Mar 20, 2026 |
Google Chrome <146.0.7680.153: Extension Use-After-FreeUse after free in Extensions in Google Chrome prior to 146.0.7680.153 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High) |
Chrome
|
| CVE-2026-4457 | Mar 20, 2026 |
V8 Type Confusion in Chrome <146.0.7680.153 Heap CorruptType Confusion in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
Chrome
|
| CVE-2026-4456 | Mar 20, 2026 |
Chrome Digital Credentials API UAF before 146.0.7680.153Use after free in Digital Credentials API in Google Chrome prior to 146.0.7680.153 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) |
Chrome
|
| CVE-2026-4455 | Mar 20, 2026 |
Chrome PDFium Heap Buffer Overflow (<146.0.7680.153)Heap buffer overflow in PDFium in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) |
Chrome
|
| CVE-2026-4454 | Mar 20, 2026 |
Use-after-free in Chrome Network module before 146.0.7680.153Use after free in Network in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
Chrome
|
| CVE-2026-4453 | Mar 20, 2026 |
Int overflow in Dawn (Chrome Mac <146.0.7680.153) cross-origin leakInteger overflow in Dawn in Google Chrome on Mac prior to 146.0.7680.153 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) |
Chrome
|
| CVE-2026-4452 | Mar 20, 2026 |
ANGLE Integer Overflow in Chrome <146.0.7680.153 on WindowsInteger overflow in ANGLE in Google Chrome on Windows prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
Chrome
|
| CVE-2026-4451 | Mar 20, 2026 |
Google Chrome <146.0.7680.153 Navigation Sandbox Escape via Crafted HTMLInsufficient validation of untrusted input in Navigation in Google Chrome prior to 146.0.7680.153 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) |
Chrome
|
| CVE-2026-4449 | Mar 20, 2026 |
Chrome <146.0.7680.153 Blink UAF Heap CorruptionUse after free in Blink in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
Chrome
|
| CVE-2026-4450 | Mar 20, 2026 |
OOB Write in V8 Engine of Google Chrome < 146.0.7680.153Out of bounds write in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
Chrome
|
| CVE-2026-4448 | Mar 20, 2026 |
Chrome ANGLE Heap Buffer Overflow <146.0.7680.153Heap buffer overflow in ANGLE in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
Chrome
|
| CVE-2026-4446 | Mar 20, 2026 |
Use-After-Free in WebRTC in Chrome < 146.0.7680.153Use after free in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
Chrome
|
| CVE-2026-4447 | Mar 20, 2026 |
Chrome V8 RCE Remote via Crafted HTML (before 146.0.7680.153)Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) |
Chrome
|
| CVE-2026-4445 | Mar 20, 2026 |
Google Chrome WebRTC Use After Free before 146.0.7680.153Use after free in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
Chrome
|
| CVE-2026-4443 | Mar 20, 2026 |
Google Chrome WebAudio Heap Overflow <146.0.7680.153Heap buffer overflow in WebAudio in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) |
Chrome
|
| CVE-2026-4444 | Mar 20, 2026 |
WebRTC stack buffer overflow before Chrome 146.0.7680.153Stack buffer overflow in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High) |
Chrome
|
| CVE-2026-4441 | Mar 20, 2026 |
Use-After-Free in Base in Google Chrome <146.0.7680.153 (Critical)Use after free in Base in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) |
Chrome
|
| CVE-2026-4442 | Mar 20, 2026 |
Chrome CSS Heap Buffer Overflow before 146.0.7680.153Heap buffer overflow in CSS in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
Chrome
|
| CVE-2026-4440 | Mar 20, 2026 |
Google Chrome WebGL OOB Read/Write <146.0.7680.153 (CVE-2026-4440)Out of bounds read and write in WebGL in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Critical) |
Chrome
|
| CVE-2026-4439 | Mar 20, 2026 |
Chrome Android WebGL OOB mem access before 146.0.7680.153Out of bounds memory access in WebGL in Google Chrome on Android prior to 146.0.7680.153 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) |
Chrome
|
| CVE-2026-4092 | Mar 13, 2026 |
Google Clasp <3.2.0 Path Traversal RCE via Malicious Apps ScriptPath Traversal in Clasp impacting versions < 3.2.0 allows a remote attacker to perform remote code execution via a malicious Google Apps Script project containing specially crafted filenames with directory traversal sequences. |
|
| CVE-2026-3910 | Mar 12, 2026 |
Chrome V8 Remote Code Exec via HTML (pre 146.0.7680.75)Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) |
Chrome
|
| CVE-2026-3909 | Mar 12, 2026 |
Skia OOB Write in Chrome <146.0.7680.75 via crafted HTMLOut of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) |
Chrome
|
| CVE-2026-3942 | Mar 11, 2026 |
Chrome PiP UI Spoofing <146.0.7680.71Incorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) |
Chrome
|
| CVE-2026-3941 | Mar 11, 2026 |
Google Chrome DevTools Navigation Policy Bypass (Pre146.0.7680.71)Insufficient policy enforcement in DevTools in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) |
Chrome
|
| CVE-2026-3940 | Mar 11, 2026 |
DevTools Policy Bypass in Google Chrome <146.0.7680.71Insufficient policy enforcement in DevTools in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) |
Chrome
|
| CVE-2026-3939 | Mar 11, 2026 |
Chrome <146.0.7680.71 PDF Policy Bypass via Crafted PDFInsufficient policy enforcement in PDF in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted PDF file. (Chromium security severity: Low) |
Chrome
|
| CVE-2026-3938 | Mar 11, 2026 |
Chrome Clipboard Leak <146.0.7680.71Insufficient policy enforcement in Clipboard in Google Chrome prior to 146.0.7680.71 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) |
Chrome
|
| CVE-2026-3937 | Mar 11, 2026 |
Chrome Android <146.0.7680.71 UI Spoofing via DownloadsIncorrect security UI in Downloads in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) |
Chrome
|
| CVE-2026-3936 | Mar 11, 2026 |
Use-After-Free in Chrome Android WebView (pre-146.0.7680.71)Use after free in WebView in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) |
Chrome
|
| CVE-2026-3935 | Mar 11, 2026 |
Chrome <146.0.7680.71: WebAppInstalls UI Spoofing VulnerabilityIncorrect security UI in WebAppInstalls in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) |
Chrome
|
| CVE-2026-3934 | Mar 11, 2026 |
ChromeDriver SOP Bypass via Crafted HTML (Prior to 146.0.7680.71)Insufficient policy enforcement in ChromeDriver in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) |
Chrome
|
| CVE-2026-3932 | Mar 11, 2026 |
Google Chrome Android <146.0.7680.71: PDF Bypass via crafted HTMLInsufficient policy enforcement in PDF in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) |
Chrome
|
| CVE-2026-3931 | Mar 11, 2026 |
Chrome Skia Heap BOF <146.0.7680.71Heap buffer overflow in Skia in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) |
Chrome
|
| CVE-2026-3930 | Mar 11, 2026 |
Google Chrome iOS Unsafe Navigation before 146.0.7680.71Unsafe navigation in Navigation in Google Chrome on iOS prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) |
Chrome
|
| CVE-2026-3929 | Mar 11, 2026 |
Chrome <146.0.7680.71 ResourceTiming Side-Channel Leak (CVE-2026-3929)Side-channel information leakage in ResourceTiming in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) |
Chrome
|