Google Google Software and search

  1. Vendors
  2. Google

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Google product.

RSS Feeds for Google security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Google products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Google Sorted by Most Security Vulnerabilities since 2018

Google Android6109 vulnerabilities
Mobile operating system

Google Chrome4193 vulnerabilities
Web browser

Google Tensorflow432 vulnerabilities
Open source machine learning / AI library

Google ChromeOS51 vulnerabilities

Google Asylo16 vulnerabilities

Google Protobuf8 vulnerabilities

Google Gvisor7 vulnerabilities

Google Fuchsia5 vulnerabilities

Google Gerrit5 vulnerabilities

Google Protobuf Java5 vulnerabilities

Google Protobuf Javalite4 vulnerabilities

Google Protobuf Kotlin3 vulnerabilities

Google Web Toolkit3 vulnerabilities

Google Web Stories3 vulnerabilities

Google Web Designer3 vulnerabilities

Google Chromecast Firmware2 vulnerabilities

Google Firebase Php Jwt2 vulnerabilities

Google Nearby2 vulnerabilities

Google Protobuf Kotlin Lite2 vulnerabilities

Google Protobuf Python2 vulnerabilities

Google Updater2 vulnerabilities

Google Androidx Car App1 vulnerability

Google Application Integration1 vulnerability

Google Application Load Balancer1 vulnerability

Google Bazel For Android Studio1 vulnerability

Google Bazel For Clion1 vulnerability

Google Bazel For Intellij1 vulnerability

Google Car1 vulnerability

Google Cloud Looker1 vulnerability

Google Custom Search Engine1 vulnerability

Google Firebase Command Line Interface1 vulnerability

Google Firebase Javascript Sdk1 vulnerability

Google Drive1 vulnerability

Google Secops Soar1 vulnerability

Google Looker1 vulnerability

Google Migrate To Containers1 vulnerability

Google Nftables1 vulnerability

Google Osv Scalibr1 vulnerability

Google Pixel1 vulnerability

Google Pixel Watch Firmware1 vulnerability

Google Quick Share1 vulnerability

Google Reverb1 vulnerability

Google Safearchive1 vulnerability

Google Tensorflow Serving1 vulnerability

Google Tink C1 vulnerability

Google Tink Java1 vulnerability

Google Vertex Ai1 vulnerability

Google Vertex Gemini Api1 vulnerability

Recent Google Security Advisories

Advisory Title Published
2026-05-21 Chrome Releases: Chrome Stable for iOS Update (version 149) May 21, 2026
2026-05-20 Chrome Releases: Chrome for Android Update (version 148) May 20, 2026
2026-05-20 Chrome Releases: Stable Channel Update for Desktop (version 148.0.7778.178) May 20, 2026
2026-05-12 Chrome Releases: Chrome Stable for iOS Update (version 148) May 12, 2026
2026-05-12 Chrome Releases: Stable Channel Update for Desktop (version 148.0.7778.167) May 12, 2026
2026-05-12 Chrome Releases: Chrome for Android Update (version 148) May 12, 2026
2026-05-07 Chrome Releases: Stable Channel Update for ChromeOS / ChromeOS Flex May 7, 2026
2026-05-05 Chrome Releases: May 2026 May 5, 2026
2026-05-05 Chrome Releases: Chrome for Android Update (version 148) May 5, 2026
2026-05-05 Chrome Releases: Stable Channel Update for Desktop (version 148) May 5, 2026

Known Exploited Google Vulnerabilities

The following Google vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Google Dawn Use-After-Free Vulnerability Google Dawn contains an use-after-free vulnerability that could allow a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. This vulnerability could affect multiple Chromium-based products including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
CVE-2026-5281 Exploit Probability: 3.3% 		April 1, 2026
Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerabi Google Chromium V8 contains an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
CVE-2026-3910 Exploit Probability: 0.7% 		March 13, 2026
Google Skia Out-of-Bounds Write Vulnerability Google Skia contains an out-of-bounds write vulnerability that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. This vulnerability affects Google Chrome and ChromeOS, Android, Flutter, and possibly other products.
CVE-2026-3909 Exploit Probability: 0.3% 		March 13, 2026
Google Chromium CSS Use-After-Free Vulnerability Google Chromium CSS contains a use-after-free vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
CVE-2026-2441 Exploit Probability: 0.4% 		February 17, 2026
Google Chromium Out of Bounds Memory Access Vulnerability Google Chromium contains an out of bounds memory access vulnerability in ANGLE that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
CVE-2025-14174 Exploit Probability: 0.3% 		December 12, 2025
Google Chromium V8 Type Confusion Vulnerability Google Chromium V8 contains a type confusion vulnerability that allows for heap corruption.
CVE-2025-13223 Exploit Probability: 2.8% 		November 19, 2025
Google Chromium V8 Type Confusion Vulnerability Google Chromium contains a type confusion vulnerability in the V8 JavaScript and WebAssembly engine.
CVE-2025-10585 Exploit Probability: 0.8% 		September 23, 2025
Google Chromium ANGLE and GPU Improper Input Validation Vulnerability Google Chromium contains an improper input validation vulnerability in ANGLE and GPU. This vulnerability could allow a remote attacker to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
CVE-2025-6558 Exploit Probability: 0.3% 		July 22, 2025
Google Chromium V8 Type Confusion Vulnerability Google Chromium V8 contains a type confusion vulnerability that could allow a remote attacker to perform arbitrary read/write via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
CVE-2025-6554 Exploit Probability: 1.6% 		July 2, 2025
Google Chromium V8 Out-of-Bounds Read and Write Vulnerability Google Chromium V8 contains an out-of-bounds read and write vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
CVE-2025-5419 Exploit Probability: 3.5% 		June 5, 2025
Google Chromium Loader Insufficient Policy Enforcement Vulnerability Google Chromium contains an insufficient policy enforcement vulnerability that allows a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2025-4664 Exploit Probability: 0.1% 		May 15, 2025
Google Chromium Mojo Sandbox Escape Vulnerability Google Chromium Mojo on Windows contains a sandbox escape vulnerability caused by a logic error, which results from an incorrect handle being provided in unspecified circumstances. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
CVE-2025-2783 Exploit Probability: 47.5% 		March 27, 2025
Google Chromium V8 Inappropriate Implementation Vulnerability Google Chromium V8 contains an inappropriate implementation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
CVE-2024-7965 Exploit Probability: 24.2% 		August 28, 2024
Google Chromium V8 Type Confusion Vulnerability Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
CVE-2024-7971 Exploit Probability: 1.0% 		August 26, 2024
Google Chromium V8 Type Confusion Vulnerability Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
CVE-2024-5274 Exploit Probability: 6.6% 		May 28, 2024
Google Chromium V8 Type Confusion Vulnerability Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page.
CVE-2024-4947 Exploit Probability: 1.0% 		May 20, 2024
Google Chromium V8 Out-of-Bounds Memory Write Vulnerability Google Chromium V8 Engine contains an unspecified out-of-bounds memory write vulnerability via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
CVE-2024-4761 Exploit Probability: 3.1% 		May 16, 2024
Google Chromium Visuals Use-After-Free Vulnerability Google Chromium Visuals contains a use-after-free vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
CVE-2024-4671 Exploit Probability: 0.2% 		May 13, 2024
Google Chromium V8 Type Confusion Vulnerability Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page.
CVE-2023-4762 Exploit Probability: 55.8% 		February 6, 2024
Google Chromium V8 Out-of-Bounds Memory Access Vulnerability Google Chromium V8 contains an out-of-bounds memory access vulnerability. Specific impacts from exploitation are not available at this time.
CVE-2024-0519 Exploit Probability: 0.5% 		January 17, 2024

3 known exploited Google vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.

Top 10 Riskiest Google Vulnerabilities

Based on the current exploit probability, these Google vulnerabilities are on CISA's Known Exploited vulnerabilities list (KEV) and are ranked by the current EPSS exploit probability.

Rank CVE EPSS Vulnerability
1 CVE-2023-4863 93.3% Google Chromium Heap-Based Buffer Overflow Vulnerability
2 CVE-2020-15999 93.0% Google Chrome FreeType Memory Corruption
3 CVE-2018-17463 92.2% Google Chromium V8 Remote Code Execution Vulnerability
4 CVE-2021-21220 91.2% Chromium V8 Input Validation Vulnerability
5 CVE-2019-5786 89.9% Google Chrome Use-After-Free Vulnerability
6 CVE-2019-13720 89.6% Google Chrome Use-After-Free Vulnerability
7 CVE-2018-6065 89.6% Google Chromium V8 Integer Overflow Vulnerability
8 CVE-2020-6418 86.4% Chromium V8 Type Confusion Vulnerability
9 CVE-2021-30632 85.8% Google Chrome Out-of-bounds write
10 CVE-2020-16009 84.4% Chromium V8 Implementation Vulnerability

By the Year

In 2026 there have been 623 vulnerabilities in Google with an average score of 7.3 out of ten. Last year, in 2025 Google had 716 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Google in 2026 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.14.




Year Vulnerabilities Average Score
2026 623 7.28
2025 716 7.14
2024 1125 7.28
2023 1564 6.66
2022 1592 6.85
2021 1166 7.11
2020 1033 6.87
2019 858 7.33
2018 570 7.43

It may take a day or so for new Google vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Google Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2026-2264 May 26, 2026
Google Apigee SSRF via SetIntegrationRequest policy A vulnerability in the Google Cloud Apigee SetIntegrationRequest policy allowed remote attackers to perform Server-Side Request Forgery (SSRF) and exfiltrate service account access tokens. For successful exploitation, an administrator must initially establish an insecure configuration of the API proxy.
CVE-2026-9124 May 20, 2026
Chrome <148.0.7778.179 XSS via Untrusted Input Insufficient validation of untrusted input in Input in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
Chrome
CVE-2026-9123 May 20, 2026
Heap Overflow in Chromecast (Chrome <148.0.7778.179) allows local code exec Heap buffer overflow in Chromecast in Google Chrome on Android, Linux, ChromeOS prior to 148.0.7778.179 allowed a local attacker to execute arbitrary code inside a sandbox via malicious network traffic. (Chromium security severity: Medium)
Chrome
CVE-2026-9122 May 20, 2026
Chrome GPU OOB Read CVE-2026-9122 on Mac <=148.0.7778.179 Out of bounds read in GPU in Google Chrome on Mac prior to 148.0.7778.179 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
Chrome
CVE-2026-9121 May 20, 2026
Chrome GPU OOB Read for Heap Corrupt (<148.0.7778.179) Out of bounds read in GPU in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Chrome
CVE-2026-9120 May 20, 2026
Use-after-free in WebRTC of Chrome before 148.0.7778.179 allows RCE Use after free in WebRTC in Google Chrome prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-9126 May 20, 2026
Use-after-free in DOM in Google Chrome < 148.0.7778.179 Use after free in DOM in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
Chrome
CVE-2026-9119 May 20, 2026
Google Chrome Heap Buffer Overflow in WebRTC (pre-148.0.7778.179) Heap buffer overflow in WebRTC in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-9118 May 20, 2026
Google Chrome XR USEAFTERFREE Prior to 148.0.7778.179 Use after free in XR in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-9117 May 20, 2026
Chrome before 148.0.7778.179 GFX Type Confusion Sandbox Escape Type Confusion in GFX in Google Chrome on Linux, ChromeOS prior to 148.0.7778.179 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted video file. (Chromium security severity: High)
Chrome
CVE-2026-9116 May 20, 2026
Chrome ServiceWorker XOR Leak ( 148.0.7778.179) Insufficient policy enforcement in ServiceWorker in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-9115 May 20, 2026
Google Chrome 148.0 Before Fix: Service Worker Same-Origin Bypass Insufficient policy enforcement in Service Worker in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-9114 May 20, 2026
Use-after-free in QUIC (Chrome <148) - Exec arbitrary code in sandbox Use after free in QUIC in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via malicious network traffic. (Chromium security severity: High)
Chrome
CVE-2026-9113 May 20, 2026
OOB Read in GPU of Google Chrome Mac <148.0.7778.179 Out of bounds read in GPU in Google Chrome on Mac prior to 148.0.7778.179 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-9112 May 20, 2026
Google Chrome GPU UAF before 148.0.7778.179 Use after free in GPU in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-9110 May 20, 2026
Google Chrome <148.0.7778.179 Windows UI Spoofing Vulnerability Inappropriate implementation in UI in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Critical)
Chrome
CVE-2026-9111 May 20, 2026
Use-after-Free in Chrome WebRTC (Linux, <148.0.7778.179) -> remote code exec Use after free in WebRTC in Google Chrome on Linux prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
Chrome
CVE-2018-25326 May 17, 2026
Google Drive WP 2.2: Path Traversal via POST 'gdrive-ajaxs.php' Google Drive for WordPress 2.2 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by injecting directory traversal sequences in the file_name parameter. Attackers can send POST requests to gdrive-ajaxs.php with the ajaxstype parameter set to del_fl_bkp and file_name containing traversal sequences ../../wp-config.php to access sensitive configuration files.
Google Drive
CVE-2026-2031 May 15, 2026
Google Cloud App Integration Improper Access Control in Internal API Endpoints An Improper Access Control vulnerability in several internal API endpoints for Google Cloud Application Integration prior to 2026-01-23 allows a remote, unauthenticated attacker to disclose sensitive internal information and execute arbitrary code using specially crafted HTTP requests to inadvertently exposed internal API endpoints.
CVE-2026-8587 May 14, 2026
Use-after-free in Chrome Extensions <148.0.7778.168 (Mac) Use after free in Extensions in Google Chrome on Mac prior to 148.0.7778.168 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Medium)
Chrome
CVE-2026-8586 May 14, 2026
Chrome 148.0.7778.168 Chromoting Local ACL Bypass via Malicious File Inappropriate implementation in Chromoting in Google Chrome prior to 148.0.7778.168 allowed a local attacker to bypass discretionary access control via a malicious file. (Chromium security severity: Medium)
Chrome
CVE-2026-8585 May 14, 2026
Chrome iOS <148.0.7778.168 Media OOB Memory Read Inappropriate implementation in Media in Google Chrome on iOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)
Chrome
CVE-2026-8584 May 14, 2026
Chrome iOS <148.0.7778.168 Views: UI Spoofing via Crafted HTML Inappropriate implementation in Views in Google Chrome on iOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Chrome
CVE-2026-8583 May 14, 2026
Chrome WebXR Policy Bypass via Renderer Leak - <148.0.7778.168 Insufficient policy enforcement in WebXR in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
Chrome
CVE-2026-8582 May 14, 2026
Chrome 148.0.7778.168- Pre-148.0.7778.168 Dawn Obj Lifecycle flaw Object lifecycle issue in Dawn in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
Chrome
CVE-2026-8581 May 14, 2026
Chrome GPU Use-After-Free <148.0.7778.168 - Remote Code Exec Use after free in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
Chrome
CVE-2026-8580 May 14, 2026
Use-after-free in Mojo (Chrome <148.0.7778.168) enables sandbox escape Use after free in Mojo in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
Chrome
CVE-2026-8579 May 14, 2026
Chrome 148.0.7778.168 Skia OOB Write via Untrusted Print File Insufficient validation of untrusted input in Skia in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted print file. (Chromium security severity: Medium)
Chrome
CVE-2026-8578 May 14, 2026
CVE-2026-8578: OOB read in Chrome GPU before 148.0.7778.168 Out of bounds read in GPU in Google Chrome on Linux prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
Chrome
CVE-2026-8577 May 14, 2026
Google Chrome v148.0.7778.168 Integer Overflow in Font Rendering Enables Arbitrary Code Integer overflow in Fonts in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
Chrome
CVE-2026-8576 May 14, 2026
Chrome CORS Data Leak <148.0.7778.168 (Linux/ChromeOS) Inappropriate implementation in CORS in Google Chrome on Linux and ChromeOS prior to 148.0.7778.168 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
Chrome
CVE-2026-8575 May 14, 2026
Chrome <148.0.7778.168 Use-After-Free in Renderer UI (Sandbox Escape) Use after free in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
Chrome
CVE-2026-8574 May 14, 2026
Use-after-Free in Chrome Core (<148.0.7778.168) Enables Sandbox Escape Use after free in Core in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
Chrome
CVE-2026-8573 May 14, 2026
Chromium INT overflow CVE-2026-8573: Video File sandbox escape on Win<148.0.7778.168 Integer overflow in Codecs in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. (Chromium security severity: Medium)
Chrome
CVE-2026-8572 May 14, 2026
Google Chrome Android <=148.0.7778.168 Network Policy Leak (CVE-2026-8572) Insufficient policy enforcement in Network in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
Chrome
CVE-2026-8571 May 14, 2026
Chrome Android <148.0.7778.168: GPU policy flaw leads to sandbox escape Insufficient policy enforcement in GPU in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
Chrome
CVE-2026-8570 May 14, 2026
Type Confusion in V8 (Prior to 148.0.7778.168) in Google Chrome Type Confusion in V8 in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
Chrome
CVE-2026-8569 May 14, 2026
Chrome OOB Write in Codecs before 148.0.7778.168 (Mac) Out of bounds write in Codecs in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. (Chromium security severity: Medium)
Chrome
CVE-2026-8568 May 14, 2026
Chrome <148 AI Policy Bypass via Render Process Insufficient policy enforcement in AI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to bypass Site Isolation via a crafted HTML page. (Chromium security severity: Medium)
Chrome
CVE-2026-8567 May 14, 2026
Chrome <148.0.7778.168: Integer overflow in ANGLE OOB write Integer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Medium)
Chrome
CVE-2026-8566 May 14, 2026
Chrome Android Payments policy enforcement flaw <148.0.7778.168 Insufficient policy enforcement in Payments in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Medium)
Chrome
CVE-2026-8565 May 14, 2026
Google Chrome Mac <148.0.7778.168: UI Spoof via Malicious Extension Inappropriate implementation in Downloads in Google Chrome on Mac prior to 148.0.7778.168 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Medium)
Chrome
CVE-2026-8564 May 14, 2026
Google Chrome <=148.0.7778.168: Downloads UI Spoofing Incorrect security UI in Downloads in Google Chrome on Android and Mac prior to 148.0.7778.168 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Chrome
CVE-2026-8563 May 14, 2026
Chrome Vulnerability: IFrame Sandbox Bypass before 148.0.7778.168 Windows Insufficient policy enforcement in IFrame Sandbox in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
Chrome
CVE-2026-8562 May 14, 2026
Chrome Navigation VLE before 148.0.7778.168 Side-channel information leakage in Navigation in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
Chrome
CVE-2026-8561 May 14, 2026
Google Chrome <148.0.7778.168: Fullscreen UI Spoofing Incorrect security UI in Fullscreen in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Chrome
CVE-2026-8557 May 14, 2026
Use after free in Google Chrome Accessibility before 148.0.7778.168 Use after free in Accessibility in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-8559 May 14, 2026
Chrome Integer Overflow in Intl (pre-148.0.7778.168) Out-of-bounds Write Integer overflow in Internationalization in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
Chrome
CVE-2026-8560 May 14, 2026
SwiftShader Heap Overflow in Chrome <148.0.7778.168 (Mac/iOS) Heap buffer overflow in SwiftShader in Google Chrome on Mac and iOS prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)
Chrome
CVE-2026-8555 May 14, 2026
Chrome <148.0.7778.168: GTK Use-After-Free Remote Code Exec Use after free in GTK in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Chrome
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.