Google Google Software and search

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Google product.

RSS Feeds for Google security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Google products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Google Sorted by Most Security Vulnerabilities since 2018

Google Android6282 vulnerabilities
Mobile operating system

Google Chrome5361 vulnerabilities
Web browser

Google Tensorflow432 vulnerabilities
Open source machine learning / AI library

Google ChromeOS51 vulnerabilities

Google Asylo16 vulnerabilities

Google Protobuf8 vulnerabilities

Google Gvisor7 vulnerabilities

Google Fuchsia5 vulnerabilities

Google Gerrit5 vulnerabilities

Google Protobuf Java5 vulnerabilities

Google Protobuf Javalite4 vulnerabilities

Google Protobuf Kotlin3 vulnerabilities

Google Web Toolkit3 vulnerabilities

Google Web Stories3 vulnerabilities

Google Web Designer3 vulnerabilities

Google Chromecast Firmware2 vulnerabilities

Google Firebase Php Jwt2 vulnerabilities

Google Nearby2 vulnerabilities

Google Protobuf Kotlin Lite2 vulnerabilities

Google Protobuf Python2 vulnerabilities

Google Updater2 vulnerabilities

Google Androidx Car App1 vulnerability

Google Bazel For Clion1 vulnerability

Google Bazel For Intellij1 vulnerability

Google Car1 vulnerability

Google Cloud Looker1 vulnerability

Google Drive1 vulnerability

Google Secops Soar1 vulnerability

Google Looker1 vulnerability

Google Nftables1 vulnerability

Google Osv Scalibr1 vulnerability

Google Pixel1 vulnerability

Google Quick Share1 vulnerability

Google Reverb1 vulnerability

Google Safearchive1 vulnerability

Google Tensorflow Serving1 vulnerability

Google Tink C1 vulnerability

Google Tink Java1 vulnerability

Google Vertex Ai1 vulnerability

Google Vertex Gemini Api1 vulnerability

Recent Google Security Advisories

Advisory Title Published
2026-07-08 Chrome Releases: Stable Channel Update for Desktop (version 150.0.7871.100) July 8, 2026
2026-07-07 Chrome Releases: Stable Channel Update for ChromeOS / ChromeOS Flex July 7, 2026
2026-07-01 Chrome Releases: July 2026 July 1, 2026
2026-07-01 Chrome Releases: Stable Channel Update for Desktop (version 151) July 1, 2026
2026-07-01 Chrome Releases: Chrome for Android Update (version 150) July 1, 2026
2026-07-01 Android Security Bulletin—July 2026 July 1, 2026
2026-06-27 Chrome Releases: Stable Channel Update for ChromeOS / ChromeOS Flex June 27, 2026
2026-06-26 Chrome Releases: Stable Channel Update for Desktop (version 149.0.7827.200) June 26, 2026
2026-06-26 Chrome Releases: Chrome for Android Update (version 149) June 26, 2026
2026-06-24 Chrome Releases: Chrome Stable for iOS Update (version 150) June 24, 2026

Known Exploited Google Vulnerabilities

The following Google vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Google Chromium V8 Out-of-Bounds Read and Write Vulnerability Google Chromium V8 out-of-bounds read and write vulnerability that could allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
CVE-2026-11645 Exploit Probability: 0.7%
June 9, 2026
Google Dawn Use-After-Free Vulnerability Google Dawn contains an use-after-free vulnerability that could allow a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. This vulnerability could affect multiple Chromium-based products including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
CVE-2026-5281 Exploit Probability: 5.5%
April 1, 2026
Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerabi Google Chromium V8 contains an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
CVE-2026-3910 Exploit Probability: 2.1%
March 13, 2026
Google Skia Out-of-Bounds Write Vulnerability Google Skia contains an out-of-bounds write vulnerability that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. This vulnerability affects Google Chrome and ChromeOS, Android, Flutter, and possibly other products.
CVE-2026-3909 Exploit Probability: 1.6%
March 13, 2026
Google Chromium CSS Use-After-Free Vulnerability Google Chromium CSS contains a use-after-free vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
CVE-2026-2441 Exploit Probability: 22.0%
February 17, 2026
Google Chromium Out of Bounds Memory Access Vulnerability Google Chromium contains an out of bounds memory access vulnerability in ANGLE that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
CVE-2025-14174 Exploit Probability: 22.4%
December 12, 2025
Google Chromium V8 Type Confusion Vulnerability Google Chromium V8 contains a type confusion vulnerability that allows for heap corruption.
CVE-2025-13223 Exploit Probability: 4.8%
November 19, 2025
Google Chromium V8 Type Confusion Vulnerability Google Chromium contains a type confusion vulnerability in the V8 JavaScript and WebAssembly engine.
CVE-2025-10585 Exploit Probability: 5.4%
September 23, 2025
Google Chromium ANGLE and GPU Improper Input Validation Vulnerability Google Chromium contains an improper input validation vulnerability in ANGLE and GPU. This vulnerability could allow a remote attacker to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
CVE-2025-6558 Exploit Probability: 9.5%
July 22, 2025
Google Chromium V8 Type Confusion Vulnerability Google Chromium V8 contains a type confusion vulnerability that could allow a remote attacker to perform arbitrary read/write via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
CVE-2025-6554 Exploit Probability: 6.6%
July 2, 2025
Google Chromium V8 Out-of-Bounds Read and Write Vulnerability Google Chromium V8 contains an out-of-bounds read and write vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
CVE-2025-5419 Exploit Probability: 6.5%
June 5, 2025
Google Chromium Loader Insufficient Policy Enforcement Vulnerability Google Chromium contains an insufficient policy enforcement vulnerability that allows a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2025-4664 Exploit Probability: 5.3%
May 15, 2025
Google Chromium Mojo Sandbox Escape Vulnerability Google Chromium Mojo on Windows contains a sandbox escape vulnerability caused by a logic error, which results from an incorrect handle being provided in unspecified circumstances. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
CVE-2025-2783 Exploit Probability: 8.4%
March 27, 2025
Google Chromium V8 Inappropriate Implementation Vulnerability Google Chromium V8 contains an inappropriate implementation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
CVE-2024-7965 Exploit Probability: 17.2%
August 28, 2024
Google Chromium V8 Type Confusion Vulnerability Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
CVE-2024-7971 Exploit Probability: 19.3%
August 26, 2024
Google Chromium V8 Type Confusion Vulnerability Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
CVE-2024-5274 Exploit Probability: 10.0%
May 28, 2024
Google Chromium V8 Type Confusion Vulnerability Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page.
CVE-2024-4947 Exploit Probability: 15.1%
May 20, 2024
Google Chromium V8 Out-of-Bounds Memory Write Vulnerability Google Chromium V8 Engine contains an unspecified out-of-bounds memory write vulnerability via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
CVE-2024-4761 Exploit Probability: 11.0%
May 16, 2024
Google Chromium Visuals Use-After-Free Vulnerability Google Chromium Visuals contains a use-after-free vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
CVE-2024-4671 Exploit Probability: 8.3%
May 13, 2024
Google Chromium V8 Type Confusion Vulnerability Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page.
CVE-2023-4762 Exploit Probability: 38.0%
February 6, 2024

8 known exploited Google vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.

Top 10 Riskiest Google Vulnerabilities

Based on the current exploit probability, these Google vulnerabilities are on CISA's Known Exploited vulnerabilities list (KEV) and are ranked by the current EPSS exploit probability.

Rank CVE EPSS Vulnerability
1 CVE-2023-4863 99.7% Google Chromium Heap-Based Buffer Overflow Vulnerability
2 CVE-2018-17463 83.9% Google Chromium V8 Remote Code Execution Vulnerability
3 CVE-2020-6418 78.8% Chromium V8 Type Confusion Vulnerability
4 CVE-2019-13720 73.0% Google Chrome Use-After-Free Vulnerability
5 CVE-2021-21220 70.4% Chromium V8 Input Validation Vulnerability
6 CVE-2021-30551 64.7% Chromium V8 Type Confusion Vulnerability
7 CVE-2021-30632 64.5% Google Chrome Out-of-bounds write
8 CVE-2019-5786 61.5% Google Chrome Use-After-Free Vulnerability
9 CVE-2018-6065 58.8% Google Chromium V8 Integer Overflow Vulnerability
10 CVE-2021-21224 57.7% Chromium V8 JavaScript Engine Remote Code Execution Vulnerability

By the Year

In 2026 there have been 1965 vulnerabilities in Google with an average score of 7.2 out of ten. Last year, in 2025 Google had 720 security vulnerabilities published. That is, 1245 more vulnerabilities have already been reported in 2026 as compared to last year. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.09.




Year Vulnerabilities Average Score
2026 1965 7.22
2025 720 7.13
2024 1125 7.28
2023 1564 6.66
2022 1592 6.85
2021 1166 7.11
2020 1033 6.87
2019 858 7.33
2018 570 7.43

It may take a day or so for new Google vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Google Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2026-14394 Jul 01, 2026
Google Chrome V8 use-after-free before 150.0.7871.46 Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)
Chrome
CVE-2026-14426 Jul 01, 2026
Google Chrome V8 UAF prior to 150.0.7871.46 Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-14432 Jul 01, 2026
Google Chrome V8 UAF before 150.0.7871.46 Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
Chrome
CVE-2026-14393 Jul 01, 2026
Use after free in V8 in Chrome < 150.0.7871.46 Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
Chrome
CVE-2026-14419 Jul 01, 2026
Chrome Skia UAF <150.0.7871.46 Sandbox Escape Use after free in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
Chrome
CVE-2026-14403 Jul 01, 2026
V8 UAF in Chrome <150.0.7871.46: remote code exec Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)
Chrome
CVE-2026-14424 Jul 01, 2026
Use after free in Dawn (Chrome <150.0.7871.46 on macOS) allows sandbox escape Use after free in Dawn in Google Chrome on Mac prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-14417 Jul 01, 2026
Use-after-free in Chrome Dawn before 150.0.7871.46 MAY allow sandbox escape Use after free in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
Chrome
CVE-2026-14425 Jul 01, 2026
Use-after-free in ANGLE (Chrome<150.0.7871.46) => sandbox escape Use after free in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-14390 Jul 01, 2026
Use-after-free in ANGLE in Google Chrome <150.0.7871.46 sandbox escape Use after free in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-14398 Jul 01, 2026
Use-After-Free in ANGLE (Chrome <150.0.7871.46) Enables Sandbox Escape Use after free in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
Chrome
CVE-2026-14399 Jul 01, 2026
Chrome Dawn Uninitialized Use before v150.0.7871.46 leads to Info Disclosure Uninitialized Use in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
Chrome
CVE-2026-14405 Jul 01, 2026
V8 Uninitialized Use Allows Remote Code Exec in Chrome <=150.0.7871.46 Uninitialized Use in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)
Chrome
CVE-2026-14421 Jul 01, 2026
Chrome 150.0.7871.46 Dawn Uninitialized Use CVE-2026-14421 Uninitialized Use in Dawn in Google Chrome on ChromeOS prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
Chrome
CVE-2026-14408 Jul 01, 2026
Chrome: Uninitialized Use in Dawn (pre-150.0.7871.46) Remote Info Leak Uninitialized Use in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
Chrome
CVE-2026-14413 Jul 01, 2026
ANGLE Uninitialized Use Sandbox Escape in Chrome <150.0.7871.46 Uninitialized Use in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-14418 Jul 01, 2026
Uninitialized Use in ANGLE (Chrome <150.0.7871.46) Remote Cross-Origin Leakage Uninitialized Use in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-14402 Jul 01, 2026
Chrome ANGLE Uninitialized Use on Windows <150.0.7871.46 Uninitialized Use in ANGLE in Google Chrome on Windows prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-14431 Jul 01, 2026
Type Confusion: V8 Engine Chrome <150.0.7871.46 Remote Code Exec Type Confusion in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-14423 Jul 01, 2026
Chrome <150.0.7871.46: Tint Type Confusion sandbox escape Type Confusion in Tint in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-14395 Jul 01, 2026
Out-of-Bounds Write in V8 (Chrome <150.0.7871.46) Remote Code via Crafted HTML Out of bounds write in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)
Chrome
CVE-2026-14392 Jul 01, 2026
Chrome <150.0.7871.46: Out-of-Bounds Write in Tint (Potential Sandbox Escape) Out of bounds write in Tint in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-14400 Jul 01, 2026
Chrome 150.0.7871.46 - ANGLE OOB Write & Sandbox Escape (Remote) Out of bounds write in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-14397 Jul 01, 2026
Out-of-bounds write in ANGLE (Chrome <150.0.7871.46) Out of bounds write in ANGLE in Google Chrome on Mac prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
Chrome
CVE-2026-14406 Jul 01, 2026
OOB Read in V8 (Chrome <150.0.7871.46) via Malicious Extension Out of bounds read in V8 in Google Chrome prior to 150.0.7871.46 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. (Chromium security severity: Medium)
Chrome
CVE-2026-14416 Jul 01, 2026
Out-of-bounds read in Dawn (Chrome <150.0.7871.46) enables sandbox escape Out of bounds read in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)
Chrome
CVE-2026-14388 Jul 01, 2026
Out of bounds read in ANGLE pre-150.0.7871.46 (Chrome) Out of bounds read in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
Chrome
CVE-2026-14386 Jul 01, 2026
OOB read in ANGLE (Chrome <150.0.7871.46) Out of bounds read in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-14396 Jul 01, 2026
ANGLE OOB Read in Google Chrome <=150.0.7871.46 Out of bounds read in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-14384 Jul 01, 2026
OOB Read in ANGLE in Chrome <150.0.7871.46 Out of bounds read in ANGLE in Google Chrome on Windows prior to 150.0.7871.46 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
Chrome
CVE-2026-14420 Jul 01, 2026
CVE-2026-14420: OOB Read/Write in Chrome Dawn (<150.0.7871.46) Sandbox Escape Out of bounds read and write in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
Chrome
CVE-2026-14422 Jul 01, 2026
Chrome Tint OOB Read/Write (150.0.7871.46) Out of bounds read and write in Tint in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-14430 Jul 01, 2026
Chrome V8 Integer Overflow RCE prior to 150.0.7871.46 Integer overflow in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-14389 Jul 01, 2026
Chrome Skia Integer Overflow before 150.0.7871.46 Integer overflow in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
Chrome
CVE-2026-14391 Jul 01, 2026
INT Overflow in ANGLE (Chrome <=150.0.7871.46) on Windows Integer overflow in ANGLE in Google Chrome on Windows prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
Chrome
CVE-2026-14387 Jul 01, 2026
Integer overflow in Skia in Chrome <150.0.7871.46 sandbox escape Integer overflow in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
Chrome
CVE-2026-14429 Jul 01, 2026
Chrome Skia Sandbox Escape via Untrusted Input (before 150.0.7871.46) Insufficient validation of untrusted input in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-14414 Jul 01, 2026
Chrome Skia External Input Leak (pre-150.0.7871.46) Insufficient validation of untrusted input in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
Chrome
CVE-2026-14428 Jul 01, 2026
Chrome Android <150.0.7871.46: Dawn Input Validation Enables Sandbox Escape Insufficient validation of untrusted input in Dawn in Google Chrome on Android prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-14411 Jul 01, 2026
Chrome ANGLE Sandbox Escape via Invalid Input in Chrome <150.0.7871.46 Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-14412 Jul 01, 2026
ANGLE sandbox escape via crafted HTML in Chrome <150.0.7871.46 Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-14382 Jul 01, 2026
Chrome ANGLE Sandbox Escape before 150.0.7871.46 Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-14381 Jul 01, 2026
CVE-2026-14381: UI Spoofing in Chrome WebAppInstalls (150.0.7871.45) Incorrect security UI in WebAppInstalls in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Chrome
CVE-2026-14401 Jul 01, 2026
Chrome ANGLE Sandbox Escape via crafted page before 150.0.7871.46 Insufficient validation of untrusted input in ANGLE in Google Chrome on Android prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-14409 Jul 01, 2026
Arbitrary Code Execution in Chrome V8 <150.0.7871.46 via UI Gestures Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)
Chrome
CVE-2026-14415 Jul 01, 2026
Chrome V8 Heap Corruption via UI Gestures Before 150.0.7871.46 Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)
Chrome
CVE-2026-14407 Jul 01, 2026
Google Chrome <150.0.7871.46: V8 Sandbox Escalation via Crafted HTML Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
Chrome
CVE-2026-14410 Jul 01, 2026
Chrome Skia UI spoofing before 150.0.7871.46 Inappropriate implementation in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Chrome
CVE-2026-14383 Jul 01, 2026
Chrome <150.0.7871.46: V8 RCE via crafted HTML Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
Chrome
CVE-2026-14404 Jul 01, 2026
UI Spoofing via Crafted PDF in Chrome <150.0.7871.46 (PDFium) Inappropriate implementation in PDFium in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to perform UI spoofing via a crafted PDF file. (Chromium security severity: Medium)
Chrome
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.