Google Software and search
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Google product.
RSS Feeds for Google security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in Google products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by Google Sorted by Most Security Vulnerabilities since 2018
Recent Google Security Advisories
| Advisory | Title | Published |
|---|---|---|
| 2026-07-08 | Chrome Releases: Stable Channel Update for Desktop (version 150.0.7871.100) | July 8, 2026 |
| 2026-07-07 | Chrome Releases: Stable Channel Update for ChromeOS / ChromeOS Flex | July 7, 2026 |
| 2026-07-01 | Chrome Releases: July 2026 | July 1, 2026 |
| 2026-07-01 | Chrome Releases: Stable Channel Update for Desktop (version 151) | July 1, 2026 |
| 2026-07-01 | Chrome Releases: Chrome for Android Update (version 150) | July 1, 2026 |
| 2026-07-01 | Android Security Bulletin—July 2026 | July 1, 2026 |
| 2026-06-27 | Chrome Releases: Stable Channel Update for ChromeOS / ChromeOS Flex | June 27, 2026 |
| 2026-06-26 | Chrome Releases: Stable Channel Update for Desktop (version 149.0.7827.200) | June 26, 2026 |
| 2026-06-26 | Chrome Releases: Chrome for Android Update (version 149) | June 26, 2026 |
| 2026-06-24 | Chrome Releases: Chrome Stable for iOS Update (version 150) | June 24, 2026 |
Known Exploited Google Vulnerabilities
The following Google vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| Google Chromium V8 Out-of-Bounds Read and Write Vulnerability |
Google Chromium V8 out-of-bounds read and write vulnerability that could allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. CVE-2026-11645 Exploit Probability: 0.7% |
June 9, 2026 |
| Google Dawn Use-After-Free Vulnerability |
Google Dawn contains an use-after-free vulnerability that could allow a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. This vulnerability could affect multiple Chromium-based products including, but not limited to, Google Chrome, Microsoft Edge, and Opera. CVE-2026-5281 Exploit Probability: 5.5% |
April 1, 2026 |
| Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerabi |
Google Chromium V8 contains an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. CVE-2026-3910 Exploit Probability: 2.1% |
March 13, 2026 |
| Google Skia Out-of-Bounds Write Vulnerability |
Google Skia contains an out-of-bounds write vulnerability that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. This vulnerability affects Google Chrome and ChromeOS, Android, Flutter, and possibly other products. CVE-2026-3909 Exploit Probability: 1.6% |
March 13, 2026 |
| Google Chromium CSS Use-After-Free Vulnerability |
Google Chromium CSS contains a use-after-free vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. CVE-2026-2441 Exploit Probability: 22.0% |
February 17, 2026 |
| Google Chromium Out of Bounds Memory Access Vulnerability |
Google Chromium contains an out of bounds memory access vulnerability in ANGLE that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. CVE-2025-14174 Exploit Probability: 22.4% |
December 12, 2025 |
| Google Chromium V8 Type Confusion Vulnerability |
Google Chromium V8 contains a type confusion vulnerability that allows for heap corruption. CVE-2025-13223 Exploit Probability: 4.8% |
November 19, 2025 |
| Google Chromium V8 Type Confusion Vulnerability |
Google Chromium contains a type confusion vulnerability in the V8 JavaScript and WebAssembly engine. CVE-2025-10585 Exploit Probability: 5.4% |
September 23, 2025 |
| Google Chromium ANGLE and GPU Improper Input Validation Vulnerability |
Google Chromium contains an improper input validation vulnerability in ANGLE and GPU. This vulnerability could allow a remote attacker to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. CVE-2025-6558 Exploit Probability: 9.5% |
July 22, 2025 |
| Google Chromium V8 Type Confusion Vulnerability |
Google Chromium V8 contains a type confusion vulnerability that could allow a remote attacker to perform arbitrary read/write via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. CVE-2025-6554 Exploit Probability: 6.6% |
July 2, 2025 |
| Google Chromium V8 Out-of-Bounds Read and Write Vulnerability |
Google Chromium V8 contains an out-of-bounds read and write vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. CVE-2025-5419 Exploit Probability: 6.5% |
June 5, 2025 |
| Google Chromium Loader Insufficient Policy Enforcement Vulnerability |
Google Chromium contains an insufficient policy enforcement vulnerability that allows a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2025-4664 Exploit Probability: 5.3% |
May 15, 2025 |
| Google Chromium Mojo Sandbox Escape Vulnerability |
Google Chromium Mojo on Windows contains a sandbox escape vulnerability caused by a logic error, which results from an incorrect handle being provided in unspecified circumstances. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. CVE-2025-2783 Exploit Probability: 8.4% |
March 27, 2025 |
| Google Chromium V8 Inappropriate Implementation Vulnerability |
Google Chromium V8 contains an inappropriate implementation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. CVE-2024-7965 Exploit Probability: 17.2% |
August 28, 2024 |
| Google Chromium V8 Type Confusion Vulnerability |
Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. CVE-2024-7971 Exploit Probability: 19.3% |
August 26, 2024 |
| Google Chromium V8 Type Confusion Vulnerability |
Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. CVE-2024-5274 Exploit Probability: 10.0% |
May 28, 2024 |
| Google Chromium V8 Type Confusion Vulnerability |
Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. CVE-2024-4947 Exploit Probability: 15.1% |
May 20, 2024 |
| Google Chromium V8 Out-of-Bounds Memory Write Vulnerability |
Google Chromium V8 Engine contains an unspecified out-of-bounds memory write vulnerability via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. CVE-2024-4761 Exploit Probability: 11.0% |
May 16, 2024 |
| Google Chromium Visuals Use-After-Free Vulnerability |
Google Chromium Visuals contains a use-after-free vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. CVE-2024-4671 Exploit Probability: 8.3% |
May 13, 2024 |
| Google Chromium V8 Type Confusion Vulnerability |
Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. CVE-2023-4762 Exploit Probability: 38.0% |
February 6, 2024 |
8 known exploited Google vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.
Top 10 Riskiest Google Vulnerabilities
Based on the current exploit probability, these Google vulnerabilities are on CISA's Known Exploited vulnerabilities list (KEV) and are ranked by the current EPSS exploit probability.
| Rank | CVE | EPSS | Vulnerability |
|---|---|---|---|
| 1 | CVE-2023-4863 | 99.7% | Google Chromium Heap-Based Buffer Overflow Vulnerability |
| 2 | CVE-2018-17463 | 83.9% | Google Chromium V8 Remote Code Execution Vulnerability |
| 3 | CVE-2020-6418 | 78.8% | Chromium V8 Type Confusion Vulnerability |
| 4 | CVE-2019-13720 | 73.0% | Google Chrome Use-After-Free Vulnerability |
| 5 | CVE-2021-21220 | 70.4% | Chromium V8 Input Validation Vulnerability |
| 6 | CVE-2021-30551 | 64.7% | Chromium V8 Type Confusion Vulnerability |
| 7 | CVE-2021-30632 | 64.5% | Google Chrome Out-of-bounds write |
| 8 | CVE-2019-5786 | 61.5% | Google Chrome Use-After-Free Vulnerability |
| 9 | CVE-2018-6065 | 58.8% | Google Chromium V8 Integer Overflow Vulnerability |
| 10 | CVE-2021-21224 | 57.7% | Chromium V8 JavaScript Engine Remote Code Execution Vulnerability |
By the Year
In 2026 there have been 1965 vulnerabilities in Google with an average score of 7.2 out of ten. Last year, in 2025 Google had 720 security vulnerabilities published. That is, 1245 more vulnerabilities have already been reported in 2026 as compared to last year. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.09.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 1965 | 7.22 |
| 2025 | 720 | 7.13 |
| 2024 | 1125 | 7.28 |
| 2023 | 1564 | 6.66 |
| 2022 | 1592 | 6.85 |
| 2021 | 1166 | 7.11 |
| 2020 | 1033 | 6.87 |
| 2019 | 858 | 7.33 |
| 2018 | 570 | 7.43 |
It may take a day or so for new Google vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Google Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2026-14394 | Jul 01, 2026 |
Google Chrome V8 use-after-free before 150.0.7871.46Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) |
|
| CVE-2026-14426 | Jul 01, 2026 |
Google Chrome V8 UAF prior to 150.0.7871.46Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) |
|
| CVE-2026-14432 | Jul 01, 2026 |
Google Chrome V8 UAF before 150.0.7871.46Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) |
|
| CVE-2026-14393 | Jul 01, 2026 |
Use after free in V8 in Chrome < 150.0.7871.46Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) |
|
| CVE-2026-14419 | Jul 01, 2026 |
Chrome Skia UAF <150.0.7871.46 Sandbox EscapeUse after free in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) |
|
| CVE-2026-14403 | Jul 01, 2026 |
V8 UAF in Chrome <150.0.7871.46: remote code execUse after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low) |
|
| CVE-2026-14424 | Jul 01, 2026 |
Use after free in Dawn (Chrome <150.0.7871.46 on macOS) allows sandbox escapeUse after free in Dawn in Google Chrome on Mac prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) |
|
| CVE-2026-14417 | Jul 01, 2026 |
Use-after-free in Chrome Dawn before 150.0.7871.46 MAY allow sandbox escapeUse after free in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) |
|
| CVE-2026-14425 | Jul 01, 2026 |
Use-after-free in ANGLE (Chrome<150.0.7871.46) => sandbox escapeUse after free in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) |
|
| CVE-2026-14390 | Jul 01, 2026 |
Use-after-free in ANGLE in Google Chrome <150.0.7871.46 sandbox escapeUse after free in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) |
|
| CVE-2026-14398 | Jul 01, 2026 |
Use-After-Free in ANGLE (Chrome <150.0.7871.46) Enables Sandbox EscapeUse after free in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) |
|
| CVE-2026-14399 | Jul 01, 2026 |
Chrome Dawn Uninitialized Use before v150.0.7871.46 leads to Info DisclosureUninitialized Use in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) |
|
| CVE-2026-14405 | Jul 01, 2026 |
V8 Uninitialized Use Allows Remote Code Exec in Chrome <=150.0.7871.46Uninitialized Use in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low) |
|
| CVE-2026-14421 | Jul 01, 2026 |
Chrome 150.0.7871.46 Dawn Uninitialized Use CVE-2026-14421Uninitialized Use in Dawn in Google Chrome on ChromeOS prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) |
|
| CVE-2026-14408 | Jul 01, 2026 |
Chrome: Uninitialized Use in Dawn (pre-150.0.7871.46) Remote Info LeakUninitialized Use in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) |
|
| CVE-2026-14413 | Jul 01, 2026 |
ANGLE Uninitialized Use Sandbox Escape in Chrome <150.0.7871.46Uninitialized Use in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) |
|
| CVE-2026-14418 | Jul 01, 2026 |
Uninitialized Use in ANGLE (Chrome <150.0.7871.46) Remote Cross-Origin LeakageUninitialized Use in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) |
|
| CVE-2026-14402 | Jul 01, 2026 |
Chrome ANGLE Uninitialized Use on Windows <150.0.7871.46Uninitialized Use in ANGLE in Google Chrome on Windows prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High) |
|
| CVE-2026-14431 | Jul 01, 2026 |
Type Confusion: V8 Engine Chrome <150.0.7871.46 Remote Code ExecType Confusion in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) |
|
| CVE-2026-14423 | Jul 01, 2026 |
Chrome <150.0.7871.46: Tint Type Confusion sandbox escapeType Confusion in Tint in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) |
|
| CVE-2026-14395 | Jul 01, 2026 |
Out-of-Bounds Write in V8 (Chrome <150.0.7871.46) Remote Code via Crafted HTMLOut of bounds write in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low) |
|
| CVE-2026-14392 | Jul 01, 2026 |
Chrome <150.0.7871.46: Out-of-Bounds Write in Tint (Potential Sandbox Escape)Out of bounds write in Tint in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) |
|
| CVE-2026-14400 | Jul 01, 2026 |
Chrome 150.0.7871.46 - ANGLE OOB Write & Sandbox Escape (Remote)Out of bounds write in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) |
|
| CVE-2026-14397 | Jul 01, 2026 |
Out-of-bounds write in ANGLE (Chrome <150.0.7871.46)Out of bounds write in ANGLE in Google Chrome on Mac prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) |
|
| CVE-2026-14406 | Jul 01, 2026 |
OOB Read in V8 (Chrome <150.0.7871.46) via Malicious ExtensionOut of bounds read in V8 in Google Chrome prior to 150.0.7871.46 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. (Chromium security severity: Medium) |
|
| CVE-2026-14416 | Jul 01, 2026 |
Out-of-bounds read in Dawn (Chrome <150.0.7871.46) enables sandbox escapeOut of bounds read in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low) |
|
| CVE-2026-14388 | Jul 01, 2026 |
Out of bounds read in ANGLE pre-150.0.7871.46 (Chrome)Out of bounds read in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) |
|
| CVE-2026-14386 | Jul 01, 2026 |
OOB read in ANGLE (Chrome <150.0.7871.46)Out of bounds read in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High) |
|
| CVE-2026-14396 | Jul 01, 2026 |
ANGLE OOB Read in Google Chrome <=150.0.7871.46Out of bounds read in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) |
|
| CVE-2026-14384 | Jul 01, 2026 |
OOB Read in ANGLE in Chrome <150.0.7871.46Out of bounds read in ANGLE in Google Chrome on Windows prior to 150.0.7871.46 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) |
|
| CVE-2026-14420 | Jul 01, 2026 |
CVE-2026-14420: OOB Read/Write in Chrome Dawn (<150.0.7871.46) Sandbox EscapeOut of bounds read and write in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) |
|
| CVE-2026-14422 | Jul 01, 2026 |
Chrome Tint OOB Read/Write (150.0.7871.46)Out of bounds read and write in Tint in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) |
|
| CVE-2026-14430 | Jul 01, 2026 |
Chrome V8 Integer Overflow RCE prior to 150.0.7871.46Integer overflow in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) |
|
| CVE-2026-14389 | Jul 01, 2026 |
Chrome Skia Integer Overflow before 150.0.7871.46Integer overflow in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) |
|
| CVE-2026-14391 | Jul 01, 2026 |
INT Overflow in ANGLE (Chrome <=150.0.7871.46) on WindowsInteger overflow in ANGLE in Google Chrome on Windows prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) |
|
| CVE-2026-14387 | Jul 01, 2026 |
Integer overflow in Skia in Chrome <150.0.7871.46 sandbox escapeInteger overflow in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) |
|
| CVE-2026-14429 | Jul 01, 2026 |
Chrome Skia Sandbox Escape via Untrusted Input (before 150.0.7871.46)Insufficient validation of untrusted input in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) |
|
| CVE-2026-14414 | Jul 01, 2026 |
Chrome Skia External Input Leak (pre-150.0.7871.46)Insufficient validation of untrusted input in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) |
|
| CVE-2026-14428 | Jul 01, 2026 |
Chrome Android <150.0.7871.46: Dawn Input Validation Enables Sandbox EscapeInsufficient validation of untrusted input in Dawn in Google Chrome on Android prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) |
|
| CVE-2026-14411 | Jul 01, 2026 |
Chrome ANGLE Sandbox Escape via Invalid Input in Chrome <150.0.7871.46Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) |
|
| CVE-2026-14412 | Jul 01, 2026 |
ANGLE sandbox escape via crafted HTML in Chrome <150.0.7871.46Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) |
|
| CVE-2026-14382 | Jul 01, 2026 |
Chrome ANGLE Sandbox Escape before 150.0.7871.46Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) |
|
| CVE-2026-14381 | Jul 01, 2026 |
CVE-2026-14381: UI Spoofing in Chrome WebAppInstalls (150.0.7871.45)Incorrect security UI in WebAppInstalls in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) |
|
| CVE-2026-14401 | Jul 01, 2026 |
Chrome ANGLE Sandbox Escape via crafted page before 150.0.7871.46Insufficient validation of untrusted input in ANGLE in Google Chrome on Android prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) |
|
| CVE-2026-14409 | Jul 01, 2026 |
Arbitrary Code Execution in Chrome V8 <150.0.7871.46 via UI GesturesInappropriate implementation in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low) |
|
| CVE-2026-14415 | Jul 01, 2026 |
Chrome V8 Heap Corruption via UI Gestures Before 150.0.7871.46Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) |
|
| CVE-2026-14407 | Jul 01, 2026 |
Google Chrome <150.0.7871.46: V8 Sandbox Escalation via Crafted HTMLInappropriate implementation in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) |
|
| CVE-2026-14410 | Jul 01, 2026 |
Chrome Skia UI spoofing before 150.0.7871.46Inappropriate implementation in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) |
|
| CVE-2026-14383 | Jul 01, 2026 |
Chrome <150.0.7871.46: V8 RCE via crafted HTMLInappropriate implementation in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) |
|
| CVE-2026-14404 | Jul 01, 2026 |
UI Spoofing via Crafted PDF in Chrome <150.0.7871.46 (PDFium)Inappropriate implementation in PDFium in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to perform UI spoofing via a crafted PDF file. (Chromium security severity: Medium) |
|