Google Chrome Web browser
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Google Chrome.
Recent Google Chrome Security Advisories
| Advisory | Title | Published |
|---|---|---|
| 2026-06-12 | Chrome Releases: Chrome for Android Update (version 149) | June 12, 2026 |
| 2026-06-11 | Chrome Releases: Stable Channel Update for Desktop (version 149.0.7827.114) | June 11, 2026 |
| 2026-06-10 | Chrome Releases: Chrome Stable for iOS Update (version 149) | June 10, 2026 |
| 2026-06-09 | Chrome Releases: Stable Channel Update for Desktop (version 149.0.7827.102) | June 9, 2026 |
| 2026-06-09 | Chrome Releases: Chrome for Android Update (version 149) | June 9, 2026 |
| 2026-06-03 | Chrome Releases: Stable Channel Update for Desktop (version 149) | June 3, 2026 |
| 2026-06-03 | Chrome Releases: Chrome for Android Update (version 149) | June 3, 2026 |
| 2026-06-01 | Chrome Releases: June 2026 | June 1, 2026 |
| 2026-05-28 | Chrome Releases: Chrome for Android Update (version 148) | May 28, 2026 |
| 2026-05-28 | Chrome Releases: Chrome Stable for iOS Update (version 149) | May 28, 2026 |
Known Exploited Google Chrome Vulnerabilities
The following Google Chrome vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| Google Chrome Skia Integer Overflow Vulnerability |
Google Chrome Skia contains an integer overflow vulnerability. Specific impacts from exploitation are not available at this time. This vulnerability resides in Skia which serves as the graphics engine for Google Chrome and ChromeOS, Android, Flutter, and other products. CVE-2023-2136 Exploit Probability: 0.4% |
April 21, 2023 |
| Google Chrome Use-After-Free Vulnerability |
Google Chrome contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption. CVE-2022-3038 Exploit Probability: 36.0% |
March 30, 2023 |
| Google Chrome Heap Buffer Overflow Vulnerability |
Google Chrome GPU contains a heap buffer overflow vulnerability that allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2022-4135 Exploit Probability: 0.1% |
November 28, 2022 |
| Google Chrome Intents Insufficient Input Validation Vulnerability |
Google Chrome Intents allows for insufficient validation of untrusted input, causing unknown impacts. CISA will update this description if more information becomes available. CVE-2022-2856 Exploit Probability: 3.3% |
August 18, 2022 |
| Google Chrome Use-After-Free Vulnerability |
Use-after-free in WebAudio in Google Chrome allows a remote attacker to potentially exploit heap corruption. CVE-2019-13720 Exploit Probability: 89.6% |
May 23, 2022 |
| Google Chrome Use-After-Free Vulnerability |
Google Chrome contains a heap use-after-free vulnerability which allows an attacker to potentially perform out of bounds memory access. CVE-2019-5786 Exploit Probability: 89.9% |
May 23, 2022 |
| Google Chrome Use-After-Free Vulnerability |
The vulnerability exists due to a use-after-free error within the Animation component in Google Chrome. CVE-2022-0609 Exploit Probability: 49.0% |
February 15, 2022 |
| Google Chrome Prior to 81.0.4044.92 Use-After-Free Vulnerability |
Use-after-free vulnerability in Media in Google Chrome prior to 81.0.4044.92 allowed a Remote attacker to execute arbitrary code via a crafted HTML page. CVE-2020-6572 Exploit Probability: 19.1% |
January 10, 2022 |
| Google Chrome Browser V8 Arbitrary Code Execution |
Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30563 Exploit Probability: 2.6% |
November 3, 2021 |
| Google Chrome FreeType Memory Corruption |
Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-15999 Exploit Probability: 93.0% |
November 3, 2021 |
| Google Chrome WebGL Use-After-Free Vulnerability |
Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30554 Exploit Probability: 5.8% |
November 3, 2021 |
| Google Chrome Use-After-Free Vulnerability |
Google Chrome use-after-free error within the V8 browser engine. CVE-2021-37975 Exploit Probability: 63.0% |
November 3, 2021 |
| Google Chrome Use-After-Free Vulnerability |
Use-after-free weakness in Portals, Google's new web page navigation system for Chrome. Successful exploitation can let attackers to execute code. CVE-2021-37973 Exploit Probability: 14.8% |
November 3, 2021 |
| Google Chrome Use-After-Free Vulnerability |
Google Chrome Use-After-Free vulnerability CVE-2021-30633 Exploit Probability: 30.1% |
November 3, 2021 |
| Google Chrome Out-of-bounds write |
Google Chrome out-of-bounds write that allows to execute arbitrary code on the target system. CVE-2021-30632 Exploit Probability: 83.8% |
November 3, 2021 |
| Google Chrome Information Leakage |
Information disclosure in Google Chrome that exists due to excessive data output in core. CVE-2021-37976 Exploit Probability: 20.1% |
November 3, 2021 |
| Google Chrome Site Isolation Component Use-After-Free Remote Code Execution vulnerability |
Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2020-16017 Exploit Probability: 21.4% |
November 3, 2021 |
| Google Chrome Heap Buffer Overflow in WebAudio Vulnerability |
Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21166 Exploit Probability: 38.0% |
November 3, 2021 |
Of the known exploited vulnerabilities above, 4 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings. 8 known exploited Google Chrome vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.
EOL Dates
Ensure that you are using a supported version of Google Chrome. Here are some end of life, and end of support dates for Google Chrome.
| Release | EOL Date | Status |
|---|---|---|
| 149 | July 6, 2026 |
EOL This Year
Google Chrome 149 will become EOL this year, in July 2026. |
| 148 | June 2, 2026 |
EOL
Google Chrome 148 became EOL in 2026. |
| 147 | May 5, 2026 |
EOL
Google Chrome 147 became EOL in 2026. |
| 146 | April 7, 2026 |
EOL
Google Chrome 146 became EOL in 2026. |
| 145 | March 10, 2026 |
EOL
Google Chrome 145 became EOL in 2026. |
| 144 | February 10, 2026 |
EOL
Google Chrome 144 became EOL in 2026. |
| 143 | January 13, 2026 |
EOL
Google Chrome 143 became EOL in 2026. |
| 142 | December 2, 2025 |
EOL
Google Chrome 142 became EOL in 2025. |
| 141 | October 28, 2025 |
EOL
Google Chrome 141 became EOL in 2025. |
| 140 | September 30, 2025 |
EOL
Google Chrome 140 became EOL in 2025. |
| 139 | September 2, 2025 |
EOL
Google Chrome 139 became EOL in 2025. |
| 138 | August 5, 2025 |
EOL
Google Chrome 138 became EOL in 2025. |
| 137 | June 24, 2025 |
EOL
Google Chrome 137 became EOL in 2025. |
| 136 | May 27, 2025 |
EOL
Google Chrome 136 became EOL in 2025. |
| 135 | April 29, 2025 |
EOL
Google Chrome 135 became EOL in 2025. |
| 134 | April 1, 2025 |
EOL
Google Chrome 134 became EOL in 2025. |
| 133 | March 4, 2025 |
EOL
Google Chrome 133 became EOL in 2025. |
| 132 | February 4, 2025 |
EOL
Google Chrome 132 became EOL in 2025. |
| 131 | January 14, 2025 |
EOL
Google Chrome 131 became EOL in 2025. |
| 130 | November 12, 2024 |
EOL
Google Chrome 130 became EOL in 2024. |
By the Year
In 2026 there have been 1155 vulnerabilities in Google Chrome with an average score of 7.4 out of ten. Last year, in 2025 Chrome had 247 security vulnerabilities published. That is, 908 more vulnerabilities have already been reported in 2026 as compared to last year. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.37.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 1155 | 7.36 |
| 2025 | 247 | 6.99 |
| 2024 | 290 | 7.70 |
| 2023 | 331 | 7.40 |
| 2022 | 356 | 7.95 |
| 2021 | 373 | 7.96 |
| 2020 | 264 | 8.02 |
| 2019 | 353 | 7.34 |
| 2018 | 127 | 7.10 |
It may take a day or so for new Chrome vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Google Chrome Security Vulnerabilities
UseAfterFree in Views (Chrome <149.0.7827.115)
CVE-2026-12035
8.8 - High
- June 11, 2026
Use after free in Views in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
CVE-2026-12034: Chrome <149.0.7827.115 Remote Sandbox Escape via Linux Theming
CVE-2026-12034
8.3 - High
- June 11, 2026
Insufficient validation of untrusted input in Linux Toolkit Theming in Google Chrome on Linux prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High)
Improper Input Validation
Chrome <149.0.7827.115: OOB read in VideoCapture via GPU
CVE-2026-12033
5.3 - Medium
- June 11, 2026
Out of bounds read in VideoCapture in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the GPU process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
Out-of-bounds Read
Chrome Android <149.0.7827.115: Passwords bypass Site Isolation
CVE-2026-12032
3.1 - Low
- June 11, 2026
Inappropriate implementation in Passwords in Google Chrome on Android prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)
Origin Validation Error
Chrome Views sandbox escape prior to 149.0.7827.115
CVE-2026-12031
8.3 - High
- June 11, 2026
Inappropriate implementation in Views in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Protection Mechanism Failure
GPU out-of-bounds write in Chrome <149.0.7827.115 on Android
CVE-2026-12030
8.3 - High
- June 11, 2026
Out of bounds write in GPU in Google Chrome on Android prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Heap-based Buffer Overflow
Chrome <149 Video UA-Free Sandbox Escape via HTML
CVE-2026-12029
8.3 - High
- June 11, 2026
Use after free in Video in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Chrome Android GPU Use-After-Free <149.0.7827.115 Sandbox Escape
CVE-2026-12028
8.3 - High
- June 11, 2026
Use after free in GPU in Google Chrome on Android prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Chrome Headless Sandbox Escape via Crafted HTML (v<149.0.7827.115)
CVE-2026-12027
9.6 - Critical
- June 11, 2026
Inappropriate implementation in Headless in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Protection Mechanism Failure
Chrome Video OOB Read Before 149.0.7827.115 (ChromeOS Renderer)
CVE-2026-12026
- June 11, 2026
Out of bounds read in Video in Google Chrome on ChromeOS prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
Out-of-bounds Read
CVE-2026-12025: Chrome <149 Network XDR Leak
CVE-2026-12025
5.3 - Medium
- June 11, 2026
Insufficient validation of untrusted input in Network in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
Improper Input Validation
Chrome DevTools SOP Bypass before 149.0.7827.115
CVE-2026-12024
6.5 - Medium
- June 11, 2026
Insufficient policy enforcement in DevTools in Google Chrome prior to 149.0.7827.115 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: High)
Origin Validation Error
Use After Free in GPU (Chrome <149.0.7827.115) - Sandbox Escape via HTML on Mac
CVE-2026-12023
8.3 - High
- June 11, 2026
Use after free in GPU in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Race in SafeBrowsing in Chrome 149.0.7827.115 on macOS allows sandbox escape
CVE-2026-12022
8.3 - High
- June 11, 2026
Race in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High)
Race Condition
Use-After-Free in Chrome Autofill Before 149.0.7827.115
CVE-2026-12020
8.8 - High
- June 11, 2026
Use after free in Autofill in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Heap Buffer Overflow in Chrome Codecs Before 149.0.7827.115 (Linux/ChromeOS)
CVE-2026-12019
8.3 - High
- June 11, 2026
Heap buffer overflow in Codecs in Google Chrome on Linux and ChromeOS prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Memory Corruption
Chrome <149: Privilege Escalation via Mojo Malicious File
CVE-2026-12018
8.8 - High
- June 11, 2026
Inappropriate implementation in Mojo in Google Chrome on Windows prior to 149.0.7827.115 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High)
Improper Privilege Management
Chrome <=149.0.7827.115 Bypass Site Isolation via Crafted HTML
CVE-2026-12017
3.1 - Low
- June 11, 2026
Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)
Improper Input Validation
Chrome DevTools Sandbox Escape <149.0.7827.115 via Renderer Process
CVE-2026-12016
8.3 - High
- June 11, 2026
Inappropriate implementation in DevTools in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Improper Input Validation
CAAF in Chrome Autofill before 149.0.7827.115
CVE-2026-12015
5.3 - Medium
- June 11, 2026
Use after free in Autofill in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Google Chrome UAF in Cast (before 149.0.7827.115)
CVE-2026-12014
8.3 - High
- June 11, 2026
Use after free in Cast in Google Chrome prior to 149.0.7827.115 allowed an attacker on the local network segment to potentially perform a sandbox escape via malicious network traffic. (Chromium security severity: High)
Dangling pointer
Google Chrome UAF via crafted HTML in Media (pre-149.0.7827.115)
CVE-2026-12013
8.8 - High
- June 11, 2026
Use after free in Media in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
AfF in Chrome Network before 149.0.7827.115 (Privileged Network)
CVE-2026-12012
8.1 - High
- June 11, 2026
Use after free in Network in Google Chrome prior to 149.0.7827.115 allowed an attacker in a privileged network position to potentially exploit heap corruption via malicious network traffic. (Chromium security severity: High)
Dangling pointer
Chrome Android GPU Heap Overflow <149.0.7827.115
CVE-2026-12010
8.3 - High
- June 11, 2026
Heap buffer overflow in GPU in Google Chrome on Android prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
Heap-based Buffer Overflow
Chrome WebMIDI use-after-free <149.0.7827.115 allows sandbox escape
CVE-2026-12011
8.3 - High
- June 11, 2026
Use after free in WebMIDI in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
Dangling pointer
Chrome 149.0.7827.115 Accessibility: Remote Sandbox Escape
CVE-2026-12009
8.3 - High
- June 11, 2026
Insufficient validation of untrusted input in Accessibility in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
Improper Input Validation
Google Chrome UAF in DigitalCredentials prior 149.0.7827.115
CVE-2026-12008
8.3 - High
- June 11, 2026
Use after free in DigitalCredentials in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
Dangling pointer
Google Chrome prior 149.0.7827.115 UseAfterFree in Core (Windows)
CVE-2026-12007
8.8 - High
- June 11, 2026
Use after free in Core in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
Dangling pointer
V8 Race in Chrome before 144.0.7559.99
CVE-2026-1220
7.5 - High
- June 10, 2026
Race in V8 in Google Chrome prior to 144.0.7559.99 allowed a remote attacker to potentially exploit type confusion via a crafted HTML page. (Chromium security severity: High)
Race Condition
Google Chrome <149.0.7827.103: UI Spoofing via Guest View
CVE-2026-11701
5.4 - Medium
- June 08, 2026
Inappropriate implementation in Guest View in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Improper Input Validation
Use After Free in Chrome Tracing (149.0.7827.103)
CVE-2026-11700
8.3 - High
- June 08, 2026
Use after free in Tracing in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
Dangling pointer
Chrome <149.0.7827.103 UAFF: BT UseAfterFree on macOS
CVE-2026-11699
8.8 - High
- June 08, 2026
Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Chrome macOS Use After Free in Bluetooth before 149.0.7827.103
CVE-2026-11698
8.8 - High
- June 08, 2026
Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Google Chrome <149.0.7827.103: UI validation flaw sandbox escape
CVE-2026-11697
9.6 - Critical
- June 08, 2026
Insufficient validation of untrusted input in UI in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Improper Input Validation
Chrome <149.0.7827.103 Uninitialized Video Use in Renderer
CVE-2026-11696
5.3 - Medium
- June 08, 2026
Uninitialized Use in Video in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
Use of Uninitialized Variable
Chrome Passwords XSS via Crafted Page (before 149.0.7827.103)
CVE-2026-11695
4.3 - Medium
- June 08, 2026
Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
Protection Mechanism Failure
Use after free in ServiceWorker in Google Chrome prior to 149.0.7827.103
CVE-2026-11694
7.5 - High
- June 08, 2026
Use after free in ServiceWorker in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Chrome Plugins SiteIsolation Bypass <149.0.7827.103
CVE-2026-11693
8.1 - High
- June 08, 2026
Inappropriate implementation in Plugins in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)
Origin Validation Error
UAU in Chrome Read Anything (149.0.7827.102) Enables Sandbox Escape
CVE-2026-11692
8.3 - High
- June 08, 2026
Use after free in Read Anything in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Chrome <149: New Tab Page Data Leak via Renderer Process
CVE-2026-11691
3.1 - Low
- June 08, 2026
Insufficient validation of untrusted input in New Tab Page in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
Improper Input Validation
OOB R/W in Chrome Media (Mac) before 149.0.7827.103
CVE-2026-11690
7.5 - High
- June 08, 2026
Out of bounds read and write in Media in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Out-of-bounds Read
Chrome 149 Site Isolation Bypass via Compromised Renderer Process
CVE-2026-11689
8.1 - High
- June 08, 2026
Insufficient policy enforcement in Passwords in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)
Improper Input Validation
Google Chrome: SVG CodeExec before 149.0.7827.103 (High)
CVE-2026-11688
8.8 - High
- June 08, 2026
Inappropriate implementation in SVG in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Code Injection
Use-after-free in Chrome Dawn on macOS prior to 149.0.7827.103
CVE-2026-11687
8.8 - High
- June 08, 2026
Use after free in Dawn in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
CVE-2026-11686: Untrusted Input XSS in Chrome Dawn <149.0.7827.103 (macOS)
CVE-2026-11686
3.1 - Low
- June 08, 2026
Insufficient validation of untrusted input in Dawn in Google Chrome on macOS prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
Improper Input Validation
Chrome <149.0.7827.103 MediaCapture XSS via HTML Page
CVE-2026-11685
4.3 - Medium
- June 08, 2026
Inappropriate implementation in MediaCapture in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
Improper Input Validation
Google Chrome <149.0.7827.103: Network class policy enforcement flaw
CVE-2026-11684
3.1 - Low
- June 08, 2026
Insufficient policy enforcement in Network in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the utility process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
Protection Mechanism Failure
Use-after-free in Chrome WebCodecs before 149.0.7827.103
CVE-2026-11683
8.8 - High
- June 08, 2026
Use after free in WebCodecs in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Chrome Ozone UAF Heap Corruption before 149.0.7827.103
CVE-2026-11681
8.8 - High
- June 08, 2026
Use after free in Ozone in Google Chrome on Linux prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Chrome/Linux Views Bug Sandbox Escape in v<149.0.7827.103
CVE-2026-11682
8.3 - High
- June 08, 2026
Inappropriate implementation in Views in Google Chrome on Linux prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Improper Input Validation
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Google Chrome or by Google? Click the Watch button to subscribe.
