Google Google Software and search

  1. Vendors
  2. Google

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Google product.

RSS Feeds for Google security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Google products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Google Sorted by Most Security Vulnerabilities since 2018

Google Android6108 vulnerabilities
Mobile operating system

Google Chrome3847 vulnerabilities
Web browser

Google Tensorflow432 vulnerabilities
Open source machine learning / AI library

Google ChromeOS51 vulnerabilities

Google Asylo16 vulnerabilities

Google Protobuf8 vulnerabilities

Google Gvisor7 vulnerabilities

Google Fuchsia5 vulnerabilities

Google Protobuf Java5 vulnerabilities

Google Gerrit4 vulnerabilities

Google Protobuf Javalite4 vulnerabilities

Google Protobuf Kotlin3 vulnerabilities

Google Web Toolkit3 vulnerabilities

Google Web Stories3 vulnerabilities

Google Web Designer3 vulnerabilities

Google Chromecast Firmware2 vulnerabilities

Google Firebase Php Jwt2 vulnerabilities

Google Nearby2 vulnerabilities

Google Protobuf Kotlin Lite2 vulnerabilities

Google Protobuf Python2 vulnerabilities

Google Updater2 vulnerabilities

Google Androidx Car App1 vulnerability

Google Application Integration1 vulnerability

Google Application Load Balancer1 vulnerability

Google Bazel For Android Studio1 vulnerability

Google Bazel For Clion1 vulnerability

Google Bazel For Intellij1 vulnerability

Google Car1 vulnerability

Google Cloud Looker1 vulnerability

Google Custom Search Engine1 vulnerability

Google Firebase Command Line Interface1 vulnerability

Google Firebase Javascript Sdk1 vulnerability

Google Secops Soar1 vulnerability

Google Looker1 vulnerability

Google Migrate To Containers1 vulnerability

Google Nftables1 vulnerability

Google Osv Scalibr1 vulnerability

Google Pixel1 vulnerability

Google Pixel Watch Firmware1 vulnerability

Google Reverb1 vulnerability

Google Safearchive1 vulnerability

Google Tensorflow Serving1 vulnerability

Google Tink C1 vulnerability

Google Tink Java1 vulnerability

Google Vertex Ai1 vulnerability

Google Vertex Gemini Api1 vulnerability

Recent Google Security Advisories

Advisory Title Published
2026-04-08 Chrome Releases: Stable Channel Update for Desktop (version 147) April 8, 2026
2026-04-08 Chrome Releases: Chrome for Android Update (version 147) April 8, 2026
2026-04-06 Chrome Releases: Stable Channel Update for ChromeOS / ChromeOS Flex April 6, 2026
2026-04-02 Chrome Releases: Chrome for Android Update (version 147) April 2, 2026
2026-04-01 Chrome Releases: April 2026 April 1, 2026
2026-04-01 Chrome Releases: Chrome for Android Update (version 146) April 1, 2026
2026-04-01 Chrome Releases: Stable Channel Update for Desktop (version 146.0.7680.177) April 1, 2026
2026-04-01 Chrome Releases: Chrome Stable for iOS Update (version 147) April 1, 2026
2026-04-01 Android Security Bulletin—April 2026 April 1, 2026
2026-03-26 Chrome Releases: Chrome for Android Update (version 147) March 26, 2026

Known Exploited Google Vulnerabilities

The following Google vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Google Dawn Use-After-Free Vulnerability Google Dawn contains an use-after-free vulnerability that could allow a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. This vulnerability could affect multiple Chromium-based products including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
CVE-2026-5281 Exploit Probability: 3.0% 		April 1, 2026
Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerabi Google Chromium V8 contains an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
CVE-2026-3910 Exploit Probability: 0.8% 		March 13, 2026
Google Skia Out-of-Bounds Write Vulnerability Google Skia contains an out-of-bounds write vulnerability that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. This vulnerability affects Google Chrome and ChromeOS, Android, Flutter, and possibly other products.
CVE-2026-3909 Exploit Probability: 0.3% 		March 13, 2026
Google Chromium CSS Use-After-Free Vulnerability Google Chromium CSS contains a use-after-free vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
CVE-2026-2441 Exploit Probability: 0.2% 		February 17, 2026
Google Chromium Out of Bounds Memory Access Vulnerability Google Chromium contains an out of bounds memory access vulnerability in ANGLE that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
CVE-2025-14174 Exploit Probability: 0.9% 		December 12, 2025
Google Chromium V8 Type Confusion Vulnerability Google Chromium V8 contains a type confusion vulnerability that allows for heap corruption.
CVE-2025-13223 Exploit Probability: 2.7% 		November 19, 2025
Google Chromium V8 Type Confusion Vulnerability Google Chromium contains a type confusion vulnerability in the V8 JavaScript and WebAssembly engine.
CVE-2025-10585 Exploit Probability: 0.7% 		September 23, 2025
Google Chromium ANGLE and GPU Improper Input Validation Vulnerability Google Chromium contains an improper input validation vulnerability in ANGLE and GPU. This vulnerability could allow a remote attacker to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
CVE-2025-6558 Exploit Probability: 0.2% 		July 22, 2025
Google Chromium V8 Type Confusion Vulnerability Google Chromium V8 contains a type confusion vulnerability that could allow a remote attacker to perform arbitrary read/write via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
CVE-2025-6554 Exploit Probability: 0.9% 		July 2, 2025
Google Chromium V8 Out-of-Bounds Read and Write Vulnerability Google Chromium V8 contains an out-of-bounds read and write vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
CVE-2025-5419 Exploit Probability: 3.3% 		June 5, 2025
Google Chromium Loader Insufficient Policy Enforcement Vulnerability Google Chromium contains an insufficient policy enforcement vulnerability that allows a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2025-4664 Exploit Probability: 0.1% 		May 15, 2025
Google Chromium Mojo Sandbox Escape Vulnerability Google Chromium Mojo on Windows contains a sandbox escape vulnerability caused by a logic error, which results from an incorrect handle being provided in unspecified circumstances. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
CVE-2025-2783 Exploit Probability: 39.5% 		March 27, 2025
Google Chromium V8 Inappropriate Implementation Vulnerability Google Chromium V8 contains an inappropriate implementation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
CVE-2024-7965 Exploit Probability: 26.8% 		August 28, 2024
Google Chromium V8 Type Confusion Vulnerability Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
CVE-2024-7971 Exploit Probability: 1.0% 		August 26, 2024
Google Chromium V8 Type Confusion Vulnerability Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
CVE-2024-5274 Exploit Probability: 3.7% 		May 28, 2024
Google Chromium V8 Type Confusion Vulnerability Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page.
CVE-2024-4947 Exploit Probability: 0.3% 		May 20, 2024
Google Chromium V8 Out-of-Bounds Memory Write Vulnerability Google Chromium V8 Engine contains an unspecified out-of-bounds memory write vulnerability via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
CVE-2024-4761 Exploit Probability: 2.5% 		May 16, 2024
Google Chromium Visuals Use-After-Free Vulnerability Google Chromium Visuals contains a use-after-free vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
CVE-2024-4671 Exploit Probability: 0.2% 		May 13, 2024
Google Chromium V8 Type Confusion Vulnerability Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page.
CVE-2023-4762 Exploit Probability: 63.6% 		February 6, 2024
Google Chromium V8 Out-of-Bounds Memory Access Vulnerability Google Chromium V8 contains an out-of-bounds memory access vulnerability. Specific impacts from exploitation are not available at this time.
CVE-2024-0519 Exploit Probability: 0.1% 		January 17, 2024

3 known exploited Google vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.

Top 10 Riskiest Google Vulnerabilities

Based on the current exploit probability, these Google vulnerabilities are on CISA's Known Exploited vulnerabilities list (KEV) and are ranked by the current EPSS exploit probability.

Rank CVE EPSS Vulnerability
1 CVE-2023-4863 93.6% Google Chromium Heap-Based Buffer Overflow Vulnerability
2 CVE-2020-15999 92.9% Google Chrome FreeType Memory Corruption
3 CVE-2021-21220 92.6% Chromium V8 Input Validation Vulnerability
4 CVE-2018-17463 92.2% Google Chromium V8 Remote Code Execution Vulnerability
5 CVE-2019-13720 89.6% Google Chrome Use-After-Free Vulnerability
6 CVE-2019-5786 89.5% Google Chrome Use-After-Free Vulnerability
7 CVE-2018-6065 88.8% Google Chromium V8 Integer Overflow Vulnerability
8 CVE-2020-6418 85.2% Chromium V8 Type Confusion Vulnerability
9 CVE-2021-30632 84.9% Google Chrome Out-of-bounds write
10 CVE-2020-16009 84.4% Chromium V8 Implementation Vulnerability

By the Year

In 2026 there have been 269 vulnerabilities in Google with an average score of 7.8 out of ten. Last year, in 2025 Google had 716 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Google in 2026 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.68.




Year Vulnerabilities Average Score
2026 269 7.81
2025 716 7.14
2024 1125 7.28
2023 1564 6.66
2022 1592 6.85
2021 1166 7.11
2020 1033 6.87
2019 858 7.33
2018 570 7.43

It may take a day or so for new Google vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Google Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2026-0049 Apr 06, 2026
Google Android DoS via LocalImageResolver Header Decoded In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
Android
CVE-2025-48651 Apr 06, 2026
Android OS privilege escalation vulnerability (CVE202548651) StrongBox in Android before security patch level 2026-04-05 has a vulnerability of High Severity, aka A-434039170, A-467765081, A-467765894, and A-467762899.
Android
CVE-2026-5292 Apr 01, 2026
Google Chrome WebCodecs OOB Read <146.0.7680.178Remote HTML Attack Out of bounds read in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)
Chrome
CVE-2026-5291 Apr 01, 2026
Chrome WebGL Process Memory Disclosure (<146.0.7680.178) Inappropriate implementation in WebGL in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
Chrome
CVE-2026-5290 Apr 01, 2026
Chrome < 146: Use-after-free in Compositing allows sandbox escape Use after free in Compositing in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-5289 Apr 01, 2026
Chrome Navigation USEAF 146.0.7680.178 sandbox escape Use after free in Navigation in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-5288 Apr 01, 2026
Google Chrome Android WebView UAF before 146.0.7680.178 for sandbox escape Use after free in WebView in Google Chrome on Android prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-5287 Apr 01, 2026
Chrome <146.0.7680.178 PDF UAF: Arbitrary Code Exec Use after free in PDF in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)
Chrome
CVE-2026-5273 Apr 01, 2026
UAFree in Chrome CSS (146.0.7680.178) Remote Code Execution Use after free in CSS in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-5286 Apr 01, 2026
Chrome <146.0.7680.178 Useafterfree in Dawn engine Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-5285 Apr 01, 2026
UA-FREE in WebGL of Chrome <146.0.7680.178 Enables Remote Code Execution Use after free in WebGL in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-5284 Apr 01, 2026
Use-after-free in Dawn (Chrome <146.0.7680.178) Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-5283 Apr 01, 2026
ANGLE in Chrome <146 Cross-Origin Data Leak via Crafted Page Inappropriate implementation in ANGLE in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-5282 Apr 01, 2026
CVE-2026-5282: Out of Bounds Read in WebCodecs via HTML in Chrome <146.0.7680.178 Out of bounds read in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-5281 Apr 01, 2026
Use After Free in Dawn (Chrome <146.0.7680.178) Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-5272 Apr 01, 2026
Chrome GPU Heap Buffer Overflow <146.0.7680.178: RCE via HTML Heap buffer overflow in GPU in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-5280 Apr 01, 2026
Chrome 146 WebCodecs Use-After-Free Remote Code Exec Use after free in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-5279 Apr 01, 2026
Object corruption in V8 (Chrome <146.0.7680.178) Remote code exec Object corruption in V8 in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-5278 Apr 01, 2026
Use-After-Free in Web MIDI (Chrome Android <146.0.7680.178) Use after free in Web MIDI in Google Chrome on Android prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-5277 Apr 01, 2026
Integer overflow in ANGLE for Chrome <146.0.7680.178 Enables OOB write Integer overflow in ANGLE in Google Chrome on Windows prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-5276 Apr 01, 2026
CVE-2026-5276: WebUSB Policy Bypass in Chrome <146.0 to Leak Memory Insufficient policy enforcement in WebUSB in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-5275 Apr 01, 2026
Heap Buffer Overflow in ANGLE before Chrome 146.0.7680.178 (CVE-2026-5275) Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-5274 Apr 01, 2026
Google Chrome <146.0.7680.178: Codecs Integer overflow remote read/write Integer overflow in Codecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-4679 Mar 24, 2026
Google Chrome Fonts INT Overflow CVE-2026-4679 before 146.0.7680.165 Integer overflow in Fonts in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-4678 Mar 24, 2026
Use-After-Free in WebGPU before Chrome 146.0.7680.165 Use after free in WebGPU in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-4680 Mar 24, 2026
Use-after-Free in Chrome FedCM (146.0.7680.164) Exec Arbitrary Code Use after free in FedCM in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-4677 Mar 24, 2026
Chrome WebAudio OOB Read before 146.0.7680.165 Inappropriate implementation in WebAudio in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-4676 Mar 24, 2026
Use-After-Free in Dawn (Chrome < 146.0.7680.165) Enables Sandbox Escape Use after free in Dawn in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-4675 Mar 24, 2026
CVE-2026-4675: Heap Buffer Overflow in WebGL before Chrome 146.0.7680.165 Heap buffer overflow in WebGL in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-4674 Mar 24, 2026
Out-of-Bounds Read via CSS in Chrome <146.0.7680.165 Out of bounds read in CSS in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-4673 Mar 24, 2026
Google Chrome Heap Buffer Overflow in WebAudio <146.0.7680.165 Heap buffer overflow in WebAudio in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-4464 Mar 20, 2026
Chrome ANGLE Integer Overflow <146.0.7680.153 Integer overflow in ANGLE in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Chrome
CVE-2026-4463 Mar 20, 2026
Heap overflow in WebRTC of Google Chrome <146.0.7680.153 Heap buffer overflow in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-4462 Mar 20, 2026
OOB_READ_IN_BLINK_CHROME_PRE_146.0.7680.153 Out of bounds read in Blink in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-4461 Mar 20, 2026
Google Chrome <146.0.7680.153: V8 Engine Heap Corruption Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-4460 Mar 20, 2026
Chrome Skia OOB Read CVE2026-4460 (pre146.0.7680.153) Out of bounds read in Skia in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-4459 Mar 20, 2026
CVE-2026-4459: OOB Read/Write in Chrome WebAudio (pre-146.0.7680.153) Out of bounds read and write in WebAudio in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-4458 Mar 20, 2026
Google Chrome <146.0.7680.153: Extension Use-After-Free Use after free in Extensions in Google Chrome prior to 146.0.7680.153 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)
Chrome
CVE-2026-4457 Mar 20, 2026
V8 Type Confusion in Chrome <146.0.7680.153 Heap Corrupt Type Confusion in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-4456 Mar 20, 2026
Chrome Digital Credentials API UAF before 146.0.7680.153 Use after free in Digital Credentials API in Google Chrome prior to 146.0.7680.153 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-4455 Mar 20, 2026
Chrome PDFium Heap Buffer Overflow (<146.0.7680.153) Heap buffer overflow in PDFium in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)
Chrome
CVE-2026-4454 Mar 20, 2026
Use-after-free in Chrome Network module before 146.0.7680.153 Use after free in Network in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-4453 Mar 20, 2026
Int overflow in Dawn (Chrome Mac <146.0.7680.153) cross-origin leak Integer overflow in Dawn in Google Chrome on Mac prior to 146.0.7680.153 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-4452 Mar 20, 2026
ANGLE Integer Overflow in Chrome <146.0.7680.153 on Windows Integer overflow in ANGLE in Google Chrome on Windows prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-4451 Mar 20, 2026
Google Chrome <146.0.7680.153 Navigation Sandbox Escape via Crafted HTML Insufficient validation of untrusted input in Navigation in Google Chrome prior to 146.0.7680.153 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-4449 Mar 20, 2026
Chrome <146.0.7680.153 Blink UAF Heap Corruption Use after free in Blink in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-4450 Mar 20, 2026
OOB Write in V8 Engine of Google Chrome < 146.0.7680.153 Out of bounds write in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-4448 Mar 20, 2026
Chrome ANGLE Heap Buffer Overflow <146.0.7680.153 Heap buffer overflow in ANGLE in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-4446 Mar 20, 2026
Use-After-Free in WebRTC in Chrome < 146.0.7680.153 Use after free in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-4447 Mar 20, 2026
Chrome V8 RCE Remote via Crafted HTML (before 146.0.7680.153) Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Chrome
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.