Google Chrome Web browser
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Google Chrome.
Recent Google Chrome Security Advisories
| Advisory | Title | Published |
|---|---|---|
| 2026-03-06 | Chrome Releases: Chrome for Android Update (version 146) | March 6, 2026 |
| 2026-03-05 | Chrome Releases: February 2026 | March 5, 2026 |
| 2026-03-05 | Chrome Releases: March 2026 | March 5, 2026 |
| 2026-03-04 | Chrome Releases: Chrome Stable for iOS Update (version 146) | March 4, 2026 |
| 2026-03-04 | Chrome Releases: Chrome for Android Update (version 145) | March 4, 2026 |
| 2026-03-03 | Chrome Releases: Stable Channel Update for Desktop (version 145.0.7632.159) | March 3, 2026 |
| 2026-02-26 | Chrome Releases: Chrome for Android Update (version 146) | February 26, 2026 |
| 2026-02-26 | Chrome Releases: Chrome Stable for iOS Update (version 146) | February 26, 2026 |
| 2026-02-24 | Chrome Releases: Chrome for Android Update (version 145) | February 24, 2026 |
| 2026-02-23 | Chrome Releases: Stable Channel Update for Desktop (version 145.0.7632.116) | February 23, 2026 |
Known Exploited Google Chrome Vulnerabilities
The following Google Chrome vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| Google Chrome Skia Integer Overflow Vulnerability |
Google Chrome Skia contains an integer overflow vulnerability. Specific impacts from exploitation are not available at this time. This vulnerability resides in Skia which serves as the graphics engine for Google Chrome and ChromeOS, Android, Flutter, and other products. CVE-2023-2136 Exploit Probability: 0.4% |
April 21, 2023 |
| Google Chrome Use-After-Free Vulnerability |
Google Chrome contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption. CVE-2022-3038 Exploit Probability: 36.0% |
March 30, 2023 |
| Google Chrome Heap Buffer Overflow Vulnerability |
Google Chrome GPU contains a heap buffer overflow vulnerability that allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2022-4135 Exploit Probability: 0.1% |
November 28, 2022 |
| Google Chrome Intents Insufficient Input Validation Vulnerability |
Google Chrome Intents allows for insufficient validation of untrusted input, causing unknown impacts. CISA will update this description if more information becomes available. CVE-2022-2856 Exploit Probability: 5.1% |
August 18, 2022 |
| Google Chrome Use-After-Free Vulnerability |
Use-after-free in WebAudio in Google Chrome allows a remote attacker to potentially exploit heap corruption. CVE-2019-13720 Exploit Probability: 88.2% |
May 23, 2022 |
| Google Chrome Use-After-Free Vulnerability |
Google Chrome contains a heap use-after-free vulnerability which allows an attacker to potentially perform out of bounds memory access. CVE-2019-5786 Exploit Probability: 89.5% |
May 23, 2022 |
| Google Chrome Use-After-Free Vulnerability |
The vulnerability exists due to a use-after-free error within the Animation component in Google Chrome. CVE-2022-0609 Exploit Probability: 39.5% |
February 15, 2022 |
| Google Chrome Prior to 81.0.4044.92 Use-After-Free Vulnerability |
Use-after-free vulnerability in Media in Google Chrome prior to 81.0.4044.92 allowed a Remote attacker to execute arbitrary code via a crafted HTML page. CVE-2020-6572 Exploit Probability: 19.1% |
January 10, 2022 |
| Google Chrome Browser V8 Arbitrary Code Execution |
Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30563 Exploit Probability: 3.1% |
November 3, 2021 |
| Google Chrome FreeType Memory Corruption |
Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-15999 Exploit Probability: 92.9% |
November 3, 2021 |
| Google Chrome WebGL Use-After-Free Vulnerability |
Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30554 Exploit Probability: 3.9% |
November 3, 2021 |
| Google Chrome Use-After-Free Vulnerability |
Google Chrome use-after-free error within the V8 browser engine. CVE-2021-37975 Exploit Probability: 55.2% |
November 3, 2021 |
| Google Chrome Use-After-Free Vulnerability |
Use-after-free weakness in Portals, Google's new web page navigation system for Chrome. Successful exploitation can let attackers to execute code. CVE-2021-37973 Exploit Probability: 12.6% |
November 3, 2021 |
| Google Chrome Use-After-Free Vulnerability |
Google Chrome Use-After-Free vulnerability CVE-2021-30633 Exploit Probability: 38.2% |
November 3, 2021 |
| Google Chrome Out-of-bounds write |
Google Chrome out-of-bounds write that allows to execute arbitrary code on the target system. CVE-2021-30632 Exploit Probability: 84.9% |
November 3, 2021 |
| Google Chrome Information Leakage |
Information disclosure in Google Chrome that exists due to excessive data output in core. CVE-2021-37976 Exploit Probability: 14.6% |
November 3, 2021 |
| Google Chrome Site Isolation Component Use-After-Free Remote Code Execution vulnerability |
Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2020-16017 Exploit Probability: 21.4% |
November 3, 2021 |
| Google Chrome Heap Buffer Overflow in WebAudio Vulnerability |
Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21166 Exploit Probability: 36.3% |
November 3, 2021 |
Of the known exploited vulnerabilities above, 4 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings. 7 known exploited Google Chrome vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.
EOL Dates
Ensure that you are using a supported version of Google Chrome. Here are some end of life, and end of support dates for Google Chrome.
| Release | EOL Date | Status |
|---|---|---|
| 145 | - |
Active
|
| 144 | February 10, 2026 |
EOL
Google Chrome 144 became EOL in 2026. |
| 143 | January 13, 2026 |
EOL
Google Chrome 143 became EOL in 2026. |
| 142 | December 2, 2025 |
EOL
Google Chrome 142 became EOL in 2025. |
| 141 | October 28, 2025 |
EOL
Google Chrome 141 became EOL in 2025. |
| 140 | September 30, 2025 |
EOL
Google Chrome 140 became EOL in 2025. |
| 139 | September 2, 2025 |
EOL
Google Chrome 139 became EOL in 2025. |
| 138 | August 5, 2025 |
EOL
Google Chrome 138 became EOL in 2025. |
| 137 | June 24, 2025 |
EOL
Google Chrome 137 became EOL in 2025. |
| 136 | May 27, 2025 |
EOL
Google Chrome 136 became EOL in 2025. |
| 135 | April 29, 2025 |
EOL
Google Chrome 135 became EOL in 2025. |
| 134 | April 1, 2025 |
EOL
Google Chrome 134 became EOL in 2025. |
| 133 | March 4, 2025 |
EOL
Google Chrome 133 became EOL in 2025. |
| 132 | February 4, 2025 |
EOL
Google Chrome 132 became EOL in 2025. |
| 131 | January 14, 2025 |
EOL
Google Chrome 131 became EOL in 2025. |
| 130 | November 12, 2024 |
EOL
Google Chrome 130 became EOL in 2024. |
| 129 | October 15, 2024 |
EOL
Google Chrome 129 became EOL in 2024. |
| 128 | September 17, 2024 |
EOL
Google Chrome 128 became EOL in 2024. |
| 127 | August 20, 2024 |
EOL
Google Chrome 127 became EOL in 2024. |
| 126 | July 23, 2024 |
EOL
Google Chrome 126 became EOL in 2024. |
By the Year
In 2026 there have been 42 vulnerabilities in Google Chrome with an average score of 8.1 out of ten. Last year, in 2025 Chrome had 218 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Chrome in 2026 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2026 is greater by 1.12.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 42 | 8.11 |
| 2025 | 218 | 6.99 |
| 2024 | 266 | 7.73 |
| 2023 | 297 | 7.39 |
| 2022 | 342 | 7.96 |
| 2021 | 340 | 7.99 |
| 2020 | 247 | 8.14 |
| 2019 | 323 | 7.34 |
| 2018 | 114 | 7.09 |
It may take a day or so for new Chrome vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Google Chrome Security Vulnerabilities
Chrome 145 Sandbox Escape via Navigation Insufficient Data Validation
CVE-2026-3545
9.6 - Critical
- March 04, 2026
Insufficient data validation in Navigation in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Improper Input Validation
CVE-2026-3544: Chrome 145.0.7632.159 WebCodecs Heap Overflow
CVE-2026-3544
8.8 - High
- March 04, 2026
Heap buffer overflow in WebCodecs in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
Heap-based Buffer Overflow
V8 OOB memory access in Google Chrome <145.0.7632.159
CVE-2026-3543
8.8 - High
- March 04, 2026
Inappropriate implementation in V8 in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Authorization
Google Chrome OOB Memory Access via WebAssembly (Pre-145.0.7632.159)
CVE-2026-3542
8.8 - High
- March 04, 2026
Inappropriate implementation in WebAssembly in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Authorization
Google Chrome <=145: CSS OOB Memory Read via Crafted HTML
CVE-2026-3541
8.8 - High
- March 04, 2026
Inappropriate implementation in CSS in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
Authorization
Chrome WebAudio OOB Access <145.0.7632.159
CVE-2026-3540
8.8 - High
- March 04, 2026
Inappropriate implementation in WebAudio in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Chrome <145.0.7632.159 Skia Integer Overflow OOB Memory Access
CVE-2026-3538
- March 04, 2026
Integer overflow in Skia in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Critical)
Assumed-Immutable Parameter Tampering
Chrome Android <145.0.7632.159 Remote Heap Corruption via PowerVR
CVE-2026-3537
- March 04, 2026
Object lifecycle issue in PowerVR in Google Chrome on Android prior to 145.0.7632.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
Chrome DevTools Obj Lifecycle Heap Corrupt (v<145.0.7632.159)
CVE-2026-3539
8.8 - High
- March 04, 2026
Object lifecycle issue in DevTools in Google Chrome prior to 145.0.7632.159 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)
Use of Object without Invoking Destructor Method
ANGLE Integer Overflow in Chrome <145.0.7632.159
CVE-2026-3536
- March 04, 2026
Integer overflow in ANGLE in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Critical)
Assumed-Immutable Parameter Tampering
Chrome DevTools Script Injection via Malicious Extension (<145)
CVE-2026-3063
8.8 - High
- February 23, 2026
Inappropriate implementation in DevTools in Google Chrome prior to 145.0.7632.116 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via DevTools. (Chromium security severity: High)
OOB read/write in Tint (Chrome Mac <145.0.7632.116)
CVE-2026-3062
8.8 - High
- February 23, 2026
Out of bounds read and write in Tint in Google Chrome on Mac prior to 145.0.7632.116 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Out-of-bounds Read
Chrome media OOB Read CVE-2026-3061
CVE-2026-3061
8.8 - High
- February 23, 2026
Out of bounds read in Media in Google Chrome prior to 145.0.7632.116 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
Out-of-bounds Read
Chrome Media Heap Overflow <145.0.7632.109
CVE-2026-2650
8.8 - High
- February 18, 2026
Heap buffer overflow in Media in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Heap-based Buffer Overflow
Chrome V8 Integer Overflow Prior to 145.0.7632.109 Heap Corruption
CVE-2026-2649
8.8 - High
- February 18, 2026
Integer overflow in V8 in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Assumed-Immutable Parameter Tampering
Chrome <145.0.7632.109 PDFium Heap Overflow via PDF
CVE-2026-2648
8.8 - High
- February 18, 2026
Heap buffer overflow in PDFium in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to perform an out of bounds memory write via a crafted PDF file. (Chromium security severity: High)
Heap-based Buffer Overflow
UAF in Chrome CSS prior 145.0.7632.75 (Sandbox escape)
CVE-2026-2441
8.8 - High
- February 13, 2026
Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Chrome 145.0.7632.45 or earlier: Downloads UI Spoofing via crafted page
CVE-2026-2323
4.3 - Medium
- February 11, 2026
Inappropriate implementation in Downloads in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
User Interface (UI) Misrepresentation of Critical Information
Chrome UI Spoofing via File Input before 145.0.7632.45
CVE-2026-2322
5.4 - Medium
- February 11, 2026
Inappropriate implementation in File input in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
User Interface (UI) Misrepresentation of Critical Information
Google Chrome <145.0.7632.45 Ozone UAF Heap Corruption
CVE-2026-2321
8.8 - High
- February 11, 2026
Use after free in Ozone in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Dangling pointer
Google Chrome <145.0.7632.45: File Input UI Spoofing
CVE-2026-2320
6.5 - Medium
- February 11, 2026
Inappropriate implementation in File input in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
User Interface (UI) Misrepresentation of Critical Information
Chrome DevTools Race Before 145.0.7632.45 Allows Remote Object Corruption
CVE-2026-2319
7.5 - High
- February 11, 2026
Race in DevTools in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures and install a malicious extension to potentially exploit object corruption via a malicious file. (Chromium security severity: Medium)
Race Condition
UI Spoofing in Chrome PictureInPicture prior to v145.0.7632.45
CVE-2026-2318
6.5 - Medium
- February 11, 2026
Inappropriate implementation in PictureInPicture in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
User Interface (UI) Misrepresentation of Critical Information
Google Chrome <145.0.7632.45: Animation Cross-Orig Data Leak (CVE-2026-2317)
CVE-2026-2317
6.5 - Medium
- February 11, 2026
Inappropriate implementation in Animation in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
Session Riding
Google Chrome <145.0.7632.45: UI Spoofing via Frame Policy Bypass
CVE-2026-2316
6.5 - Medium
- February 11, 2026
Insufficient policy enforcement in Frames in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
User Interface (UI) Misrepresentation of Critical Information
Chrome WebGPU OOB MEM Access - <145.0.7632.45
CVE-2026-2315
8.8 - High
- February 11, 2026
Inappropriate implementation in WebGPU in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Chrome < 145.0.7632.45 Heap Buffer Overflow in Codecs (CVE-2026-2314)
CVE-2026-2314
8.8 - High
- February 11, 2026
Heap buffer overflow in Codecs in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Heap-based Buffer Overflow
Chrome EAF in CSS before 145.0.7632.45
CVE-2026-2313
8.8 - High
- February 11, 2026
Use after free in CSS in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
V8 Heap Corruption via Type Confusion (Chrome <144.0.7559.132)
CVE-2026-1862
8.8 - High
- February 03, 2026
Type Confusion in V8 in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Object Type Confusion
Heap B.OVF in libvpx (Chrome <144.0.7559.132) via crafted HTML
CVE-2026-1861
8.8 - High
- February 03, 2026
Heap buffer overflow in libvpx in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Heap-based Buffer Overflow
Background Fetch API Chrome <=144.0.7559.110 enables cross-origin data leakage
CVE-2026-1504
6.5 - Medium
- January 27, 2026
Inappropriate implementation in Background Fetch API in Google Chrome prior to 144.0.7559.110 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
Use-after-free in Chrome ANGLE pre-144.0.7559.59
CVE-2026-0908
8.8 - High
- January 20, 2026
Use after free in ANGLE in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)
Dangling pointer
UI Spoofing via Split View in Chrome <144.0.7559.59
CVE-2026-0907
9.8 - Critical
- January 20, 2026
Incorrect security UI in Split View in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
User Interface (UI) Misrepresentation of Critical Information
Android Chrome <144.0.7559.59 Omnibox UI Spoof Vulnerability
CVE-2026-0906
9.8 - Critical
- January 20, 2026
Incorrect security UI in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)
User Interface (UI) Misrepresentation of Critical Information
Chrome <144.0.7559.59: Network Log Policy Bypass
CVE-2026-0905
9.8 - Critical
- January 20, 2026
Insufficient policy enforcement in Network in Google Chrome prior to 144.0.7559.59 allowed an attack who obtained a network log file to potentially obtain potentially sensitive information via a network log file. (Chromium security severity: Medium)
Information Disclosure
Downloads Bypass in Google Chrome <144.0.7559.59 on Windows
CVE-2026-0903
5.4 - Medium
- January 20, 2026
Inappropriate implementation in Downloads in Google Chrome on Windows prior to 144.0.7559.59 allowed a remote attacker to bypass dangerous file type protections via a malicious file. (Chromium security severity: Medium)
Improper Input Validation
Google Chrome <144.0.7559.59 Incorrect Security UI Allows Domain Spoofing
CVE-2026-0904
5.4 - Medium
- January 20, 2026
Incorrect security UI in Digital Credentials in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)
User Interface (UI) Misrepresentation of Critical Information
UI Spoofing in Blink <=144.0.7559.59 in Chrome Android
CVE-2026-0901
5.4 - Medium
- January 20, 2026
Inappropriate implementation in Blink in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High)
User Interface (UI) Misrepresentation of Critical Information
Chrome V8 OOB Read via Crafted HTML before 144.0.7559.59
CVE-2026-0902
8.8 - High
- January 20, 2026
Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)
Use of Function with Inconsistent Implementations
Out-of-bounds Memory Access in V8 (Chrome <144.0.7559.59)
CVE-2026-0899
8.8 - High
- January 20, 2026
Out of bounds memory access in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
Out-of-bounds Read
Chrome V8 Object Corrupt via Crafted HTML (V<144.0.7559.59)
CVE-2026-0900
8.8 - High
- January 20, 2026
Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
Chrome WebView tag <143.0.7499.192 policy bypass via malicious extension
CVE-2026-0628
8.8 - High
- January 06, 2026
Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: High)
AuthZ
Google Chrome WebGPU UAF in v143.0.7499.147
CVE-2025-14765
8.8 - High
- December 16, 2025
Use after free in WebGPU in Google Chrome prior to 143.0.7499.147 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
V8 OOB Read/Write in Google Chrome <143.0.7499.147
CVE-2025-14766
8.8 - High
- December 16, 2025
Out of bounds read and write in V8 in Google Chrome prior to 143.0.7499.147 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Out-of-bounds Read
Chrome Android <143.0.7499.110 Domain Spoof via Toolbar (Chromium)
CVE-2025-14373
4.3 - Medium
- December 12, 2025
Inappropriate implementation in Toolbar in Google Chrome on Android prior to 143.0.7499.110 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)
Clickjacking
Out-of-Bounds in ANGLE, Google Chrome <143.0.7499.110, Mac
CVE-2025-14174
8.8 - High
- December 12, 2025
Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Buffer Overflow
UAF in Chrome Password Manager <143.0.7499.110 sandbox escape
CVE-2025-14372
6.1 - Medium
- December 12, 2025
Use after free in Password Manager in Google Chrome prior to 143.0.7499.110 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
Dangling pointer
CVE-2025-13992: Chrome Side-Channel Leak Bypass Isolation pre-139.0.7258.66
CVE-2025-13992
4.7 - Medium
- December 03, 2025
Side-channel information leakage in Navigation and Loading in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium)
Improper Protection Against Physical Side Channels
UAF via Digital Credentials Heap Corruption in Chrome <143.0.7499.41
CVE-2025-13633
8.8 - High
- December 02, 2025
Use after free in Digital Credentials in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Heap Corruption Race in V8 -> Chrome <143.0.7499.41
CVE-2025-13721
7.5 - High
- December 02, 2025
Race in v8 in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Race Condition
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Google Chrome or by Google? Click the Watch button to subscribe.
