Google Chrome Web browser
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Google Chrome.
Recent Google Chrome Security Advisories
| Advisory | Title | Published |
|---|---|---|
| 2026-07-11 | Chrome Releases: Stable Channel Update for ChromeOS / ChromeOS Flex | July 11, 2026 |
| 2026-07-08 | Chrome Releases: Chrome Stable for iOS Update (version 150) | July 8, 2026 |
| 2026-07-08 | Chrome Releases: Stable Channel Update for Desktop (version 150.0.7871.114) | July 8, 2026 |
| 2026-07-08 | Chrome Releases: Chrome for Android Update (version 150) | July 8, 2026 |
| 2026-07-08 | Chrome Releases: Stable Channel Update for Desktop (version 150.0.7871.100) | July 8, 2026 |
| 2026-07-07 | Chrome Releases: Stable Channel Update for ChromeOS / ChromeOS Flex | July 7, 2026 |
| 2026-07-01 | Chrome Releases: July 2026 | July 1, 2026 |
| 2026-07-01 | Chrome Releases: Stable Channel Update for Desktop (version 151) | July 1, 2026 |
| 2026-07-01 | Chrome Releases: Chrome for Android Update (version 150) | July 1, 2026 |
| 2026-06-27 | Chrome Releases: Stable Channel Update for ChromeOS / ChromeOS Flex | June 27, 2026 |
Known Exploited Google Chrome Vulnerabilities
The following Google Chrome vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| Google Chrome Skia Integer Overflow Vulnerability |
Google Chrome Skia contains an integer overflow vulnerability. Specific impacts from exploitation are not available at this time. This vulnerability resides in Skia which serves as the graphics engine for Google Chrome and ChromeOS, Android, Flutter, and other products. CVE-2023-2136 Exploit Probability: 5.8% |
April 21, 2023 |
| Google Chrome Use-After-Free Vulnerability |
Google Chrome contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption. CVE-2022-3038 Exploit Probability: 24.7% |
March 30, 2023 |
| Google Chrome Heap Buffer Overflow Vulnerability |
Google Chrome GPU contains a heap buffer overflow vulnerability that allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2022-4135 Exploit Probability: 31.9% |
November 28, 2022 |
| Google Chrome Intents Insufficient Input Validation Vulnerability |
Google Chrome Intents allows for insufficient validation of untrusted input, causing unknown impacts. CISA will update this description if more information becomes available. CVE-2022-2856 Exploit Probability: 4.5% |
August 18, 2022 |
| Google Chrome Use-After-Free Vulnerability |
Use-after-free in WebAudio in Google Chrome allows a remote attacker to potentially exploit heap corruption. CVE-2019-13720 Exploit Probability: 73.0% |
May 23, 2022 |
| Google Chrome Use-After-Free Vulnerability |
Google Chrome contains a heap use-after-free vulnerability which allows an attacker to potentially perform out of bounds memory access. CVE-2019-5786 Exploit Probability: 61.5% |
May 23, 2022 |
| Google Chrome Use-After-Free Vulnerability |
The vulnerability exists due to a use-after-free error within the Animation component in Google Chrome. CVE-2022-0609 Exploit Probability: 23.5% |
February 15, 2022 |
| Google Chrome Prior to 81.0.4044.92 Use-After-Free Vulnerability |
Use-after-free vulnerability in Media in Google Chrome prior to 81.0.4044.92 allowed a Remote attacker to execute arbitrary code via a crafted HTML page. CVE-2020-6572 Exploit Probability: 10.6% |
January 10, 2022 |
| Google Chrome Browser V8 Arbitrary Code Execution |
Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30563 Exploit Probability: 8.9% |
November 3, 2021 |
| Google Chrome FreeType Memory Corruption |
Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-15999 Exploit Probability: 50.6% |
November 3, 2021 |
| Google Chrome WebGL Use-After-Free Vulnerability |
Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30554 Exploit Probability: 7.4% |
November 3, 2021 |
| Google Chrome Use-After-Free Vulnerability |
Google Chrome use-after-free error within the V8 browser engine. CVE-2021-37975 Exploit Probability: 34.9% |
November 3, 2021 |
| Google Chrome Use-After-Free Vulnerability |
Use-after-free weakness in Portals, Google's new web page navigation system for Chrome. Successful exploitation can let attackers to execute code. CVE-2021-37973 Exploit Probability: 11.7% |
November 3, 2021 |
| Google Chrome Use-After-Free Vulnerability |
Google Chrome Use-After-Free vulnerability CVE-2021-30633 Exploit Probability: 32.7% |
November 3, 2021 |
| Google Chrome Out-of-bounds write |
Google Chrome out-of-bounds write that allows to execute arbitrary code on the target system. CVE-2021-30632 Exploit Probability: 64.5% |
November 3, 2021 |
| Google Chrome Information Leakage |
Information disclosure in Google Chrome that exists due to excessive data output in core. CVE-2021-37976 Exploit Probability: 19.9% |
November 3, 2021 |
| Google Chrome Site Isolation Component Use-After-Free Remote Code Execution vulnerability |
Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2020-16017 Exploit Probability: 2.7% |
November 3, 2021 |
| Google Chrome Heap Buffer Overflow in WebAudio Vulnerability |
Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21166 Exploit Probability: 26.5% |
November 3, 2021 |
Of the known exploited vulnerabilities above, 3 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings. 10 known exploited Google Chrome vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.
EOL Dates
Ensure that you are using a supported version of Google Chrome. Here are some end of life, and end of support dates for Google Chrome.
| Release | EOL Date | Status |
|---|---|---|
| 150 | July 28, 2026 |
EOL This Year
Google Chrome 150 will become EOL this year, in July 2026. |
| 149 | June 30, 2026 |
EOL
Google Chrome 149 became EOL in 2026. |
| 148 | June 2, 2026 |
EOL
Google Chrome 148 became EOL in 2026. |
| 147 | May 5, 2026 |
EOL
Google Chrome 147 became EOL in 2026. |
| 146 | April 7, 2026 |
EOL
Google Chrome 146 became EOL in 2026. |
| 145 | March 10, 2026 |
EOL
Google Chrome 145 became EOL in 2026. |
| 144 | February 10, 2026 |
EOL
Google Chrome 144 became EOL in 2026. |
| 143 | January 13, 2026 |
EOL
Google Chrome 143 became EOL in 2026. |
| 142 | December 2, 2025 |
EOL
Google Chrome 142 became EOL in 2025. |
| 141 | October 28, 2025 |
EOL
Google Chrome 141 became EOL in 2025. |
| 140 | September 30, 2025 |
EOL
Google Chrome 140 became EOL in 2025. |
| 139 | September 2, 2025 |
EOL
Google Chrome 139 became EOL in 2025. |
| 138 | August 5, 2025 |
EOL
Google Chrome 138 became EOL in 2025. |
| 137 | June 24, 2025 |
EOL
Google Chrome 137 became EOL in 2025. |
| 136 | May 27, 2025 |
EOL
Google Chrome 136 became EOL in 2025. |
| 135 | April 29, 2025 |
EOL
Google Chrome 135 became EOL in 2025. |
| 134 | April 1, 2025 |
EOL
Google Chrome 134 became EOL in 2025. |
| 133 | March 4, 2025 |
EOL
Google Chrome 133 became EOL in 2025. |
| 132 | February 4, 2025 |
EOL
Google Chrome 132 became EOL in 2025. |
| 131 | January 14, 2025 |
EOL
Google Chrome 131 became EOL in 2025. |
By the Year
In 2026 there have been 1671 vulnerabilities in Google Chrome with an average score of 7.2 out of ten. Last year, in 2025 Chrome had 247 security vulnerabilities published. That is, 1424 more vulnerabilities have already been reported in 2026 as compared to last year. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.24.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 1671 | 7.23 |
| 2025 | 247 | 6.99 |
| 2024 | 290 | 7.70 |
| 2023 | 331 | 7.40 |
| 2022 | 356 | 7.95 |
| 2021 | 373 | 7.96 |
| 2020 | 264 | 8.02 |
| 2019 | 353 | 7.34 |
| 2018 | 127 | 7.10 |
It may take a day or so for new Chrome vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Google Chrome Security Vulnerabilities
Chrome Navigation Site Isolation Bypass <150.0.7871.115
CVE-2026-15131
4.3 - Medium
- July 08, 2026
Inappropriate implementation in Navigation in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium)
Improper Input Validation
Use-after-Free in Chrome IndexedDB (before 150.0.7871.115)
CVE-2026-15107
8.8 - High
- July 08, 2026
Use after free in IndexedDB in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
Dangling pointer
Insufficient policy enforcement in Chrome Navigation prior to 150.0.7871.115
CVE-2026-15130
4.3 - Medium
- July 08, 2026
Insufficient policy enforcement in Navigation in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: High)
Client-Side Enforcement of Server-Side Security
Google Chrome 150.0.7871.115 - Forms UXSS via arbitrary script injection
CVE-2026-15128
6.1 - Medium
- July 08, 2026
Inappropriate implementation in Forms in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: High)
XSS
Chrome <150.0.7871.115 UXSS via WebGL
CVE-2026-15127
6.1 - Medium
- July 08, 2026
Inappropriate implementation in WebGL in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: High)
XSS
Google Chrome <150.0.7871.115 UAF in Forms sandboxed exec
CVE-2026-15126
8.8 - High
- July 08, 2026
Use after free in Forms in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Insecure Forms Remote Code Exec in Chrome <150.0.7871.115
CVE-2026-15125
8.8 - High
- July 08, 2026
Inappropriate implementation in Forms in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
AuthZ
GoogleChrome 150.0.7871.115 Password Policy Bypass (Same-Origin)
CVE-2026-15124
4.3 - Medium
- July 08, 2026
Insufficient policy enforcement in Passwords in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: High)
Improper Input Validation
Chrome DOM heap corruption CVE-2026-15123 prior to 150.0.7871.115
CVE-2026-15123
8.8 - High
- July 08, 2026
Inappropriate implementation in DOM in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Heap-based Buffer Overflow
Chrome 150.0.7871.115 Codecs NL sandbox escape via crafted HTML
CVE-2026-15122
8.3 - High
- July 08, 2026
Insufficient validation of untrusted input in Codecs in Google Chrome on Windows prior to 150.0.7871.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Improper Input Validation
UaF in WebRTC of Chrome <150.0.7871.115
CVE-2026-15121
8.8 - High
- July 08, 2026
Use after free in WebRTC in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Use-After-Free in Chrome Core (pre-150.0.7871.115) Enables sandbox escape
CVE-2026-15120
8.3 - High
- July 08, 2026
Use after free in Core in Google Chrome on Windows prior to 150.0.7871.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Chrome GetUserMedia Race Condition Before 150.0.7871.115 Enables Sandbox Escape
CVE-2026-15119
8.3 - High
- July 08, 2026
Race in GetUserMedia in Google Chrome prior to 150.0.7871.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Race Condition
Google Chrome UA-free in Input before 150.0.7871.115
CVE-2026-15118
8.8 - High
- July 08, 2026
Use after free in Input in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Google Chrome <150.0.7871.115 Use-after-Free in Payments API
CVE-2026-15117
7.5 - High
- July 08, 2026
Use after free in Payments in Google Chrome prior to 150.0.7871.115 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Chrome UAF in Actor (<150.0.7871.115) allows RCE via crafted HTML
CVE-2026-15116
8.8 - High
- July 08, 2026
Use after free in Actor in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Chrome Android <150.0.7871.115 Same-Origin Bypass via WebAppInstalls
CVE-2026-15115
3.3 - Low
- July 08, 2026
Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.115 allowed a local attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: High)
Improper Input Validation
Chrome OOB Read/Write in Codecs before 150.0.7871.115
CVE-2026-15114
8.8 - High
- July 08, 2026
Out of bounds read and write in Codecs in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (Chromium security severity: High)
Out-of-bounds Read
Google Chrome Android <150.0.7871.115 Use-after-Free in Autofill
CVE-2026-15113
9.6 - Critical
- July 08, 2026
Use after free in Autofill in Google Chrome on Android prior to 150.0.7871.115 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
UAF in Chrome Views (pre-150.0.7871.115)
CVE-2026-15111
7.5 - High
- July 08, 2026
Use after free in Views in Google Chrome prior to 150.0.7871.115 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Google Chrome Use-After-Free in Extensions before 150.0.7871.115
CVE-2026-15110
8.8 - High
- July 08, 2026
Use after free in Extensions in Google Chrome prior to 150.0.7871.115 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)
Dangling pointer
Chrome ANGLE uninitialized use before 150.0.7871.115 enables memory disclosure
CVE-2026-15109
6.5 - Medium
- July 08, 2026
Uninitialized Use in ANGLE in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
Use of Uninitialized Variable
Chrome <150.0.7871.115 Integer Overflow in Extensions API
CVE-2026-15108
4.3 - Medium
- July 08, 2026
Integer overflow in Extensions API in Google Chrome prior to 150.0.7871.115 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted Chrome Extension. (Chromium security severity: High)
Integer Overflow or Wraparound
Google Chrome <150.0.7871.115 UAF in InterestGroups via crafted HTML
CVE-2026-15133
8.8 - High
- July 08, 2026
Use after free in InterestGroups in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Uninitialized Use in V8 5.5 in Chrome <150.0.7871.115 (sandbox escape)
CVE-2026-15132
8.8 - High
- July 08, 2026
Uninitialized Use in V8 in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Use of Uninitialized Variable
UAF in Views, Chrome <150.0.7871.115
CVE-2026-15129
8.8 - High
- July 08, 2026
Use after free in Views in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
Dangling pointer
Chrome UAF in Ozone before 150.0.7871.115 (heap corrupt)
CVE-2026-15112
8.8 - High
- July 08, 2026
Use after free in Ozone in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
Dangling pointer
Google Chrome V8 use-after-free before 150.0.7871.46
CVE-2026-14394
8.8 - High
- July 01, 2026
Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)
Dangling pointer
Google Chrome V8 UAF prior to 150.0.7871.46
CVE-2026-14426
7.5 - High
- July 01, 2026
Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Google Chrome V8 UAF before 150.0.7871.46
CVE-2026-14432
8.8 - High
- July 01, 2026
Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
Dangling pointer
Use after free in V8 in Chrome < 150.0.7871.46
CVE-2026-14393
8.8 - High
- July 01, 2026
Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
Dangling pointer
V8 UAF in Chrome <150.0.7871.46: remote code exec
CVE-2026-14403
8.8 - High
- July 01, 2026
Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)
Dangling pointer
Chrome Skia UAF <150.0.7871.46 Sandbox Escape
CVE-2026-14419
9.6 - Critical
- July 01, 2026
Use after free in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
Dangling pointer
Use after free in Dawn (Chrome <150.0.7871.46 on macOS) allows sandbox escape
CVE-2026-14424
9.6 - Critical
- July 01, 2026
Use after free in Dawn in Google Chrome on Mac prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Use-after-free in Chrome Dawn before 150.0.7871.46 MAY allow sandbox escape
CVE-2026-14417
9.6 - Critical
- July 01, 2026
Use after free in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
Dangling pointer
Use-after-free in ANGLE (Chrome<150.0.7871.46) => sandbox escape
CVE-2026-14425
9.6 - Critical
- July 01, 2026
Use after free in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Use-After-Free in ANGLE (Chrome <150.0.7871.46) Enables Sandbox Escape
CVE-2026-14398
9.6 - Critical
- July 01, 2026
Use after free in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
Dangling pointer
Use-after-free in ANGLE in Google Chrome <150.0.7871.46 sandbox escape
CVE-2026-14390
9.6 - Critical
- July 01, 2026
Use after free in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Chrome Dawn Uninitialized Use before v150.0.7871.46 leads to Info Disclosure
CVE-2026-14399
6.5 - Medium
- July 01, 2026
Uninitialized Use in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
Use of Uninitialized Variable
V8 Uninitialized Use Allows Remote Code Exec in Chrome <=150.0.7871.46
CVE-2026-14405
9.6 - Critical
- July 01, 2026
Uninitialized Use in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)
Use of Uninitialized Variable
Chrome 150.0.7871.46 Dawn Uninitialized Use CVE-2026-14421
CVE-2026-14421
6.5 - Medium
- July 01, 2026
Uninitialized Use in Dawn in Google Chrome on ChromeOS prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
Use of Uninitialized Variable
Chrome: Uninitialized Use in Dawn (pre-150.0.7871.46) Remote Info Leak
CVE-2026-14408
6.5 - Medium
- July 01, 2026
Uninitialized Use in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
Use of Uninitialized Variable
ANGLE Uninitialized Use Sandbox Escape in Chrome <150.0.7871.46
CVE-2026-14413
8.3 - High
- July 01, 2026
Uninitialized Use in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Use of Uninitialized Variable
Chrome ANGLE Uninitialized Use on Windows <150.0.7871.46
CVE-2026-14402
6.5 - Medium
- July 01, 2026
Uninitialized Use in ANGLE in Google Chrome on Windows prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
Use of Uninitialized Variable
Uninitialized Use in ANGLE (Chrome <150.0.7871.46) Remote Cross-Origin Leakage
CVE-2026-14418
4.3 - Medium
- July 01, 2026
Uninitialized Use in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
Use of Uninitialized Variable
Chrome <150.0.7871.46: Tint Type Confusion sandbox escape
CVE-2026-14423
9.6 - Critical
- July 01, 2026
Type Confusion in Tint in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Object Type Confusion
Type Confusion: V8 Engine Chrome <150.0.7871.46 Remote Code Exec
CVE-2026-14431
8.8 - High
- July 01, 2026
Type Confusion in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Object Type Confusion
Out-of-Bounds Write in V8 (Chrome <150.0.7871.46) Remote Code via Crafted HTML
CVE-2026-14395
8.8 - High
- July 01, 2026
Out of bounds write in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)
Memory Corruption
Chrome <150.0.7871.46: Out-of-Bounds Write in Tint (Potential Sandbox Escape)
CVE-2026-14392
9.6 - Critical
- July 01, 2026
Out of bounds write in Tint in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Memory Corruption
Chrome 150.0.7871.46 - ANGLE OOB Write & Sandbox Escape (Remote)
CVE-2026-14400
8.3 - High
- July 01, 2026
Out of bounds write in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Memory Corruption
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Google Chrome or by Google? Click the Watch button to subscribe.