Google CVEs & Vulnerabilities

1.820 CVEs affecting Google products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

1.820 CVEs→ All vendors

Most Affected Products

chrome 1.584android 604chrome os 21chrome-devtools-mcp 2android xr 1cloud build 1mcp toolbox for databases 1
CVE-2026-5874CRITICAL

Use after free in PrivateAI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

9 Apr 2026
9.6
CVSS
CVE-2026-5873HIGH

Out of bounds read and write in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

9 Apr 2026
8.8
CVSS
CVE-2026-5872HIGH

Use after free in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

9 Apr 2026
8.8
CVSS
CVE-2026-5871HIGH

Type Confusion in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

9 Apr 2026
8.8
CVSS
CVE-2026-5870HIGH

Integer overflow in Skia in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

9 Apr 2026
8.8
CVSS
CVE-2026-5869MEDIUM

Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

9 Apr 2026
4.3
CVSS
CVE-2026-5868HIGH

Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

9 Apr 2026
8.8
CVSS
CVE-2026-5867MEDIUM

Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

9 Apr 2026
4.3
CVSS
CVE-2026-5866HIGH

Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

9 Apr 2026
8.8
CVSS
CVE-2026-5865HIGH

Type Confusion in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

9 Apr 2026
8.8
CVSS
CVE-2026-5864MEDIUM

Heap buffer overflow in WebAudio in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

9 Apr 2026
4.3
CVSS
CVE-2026-5863HIGH

Inappropriate implementation in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

9 Apr 2026
8.8
CVSS
CVE-2026-5862HIGH

Inappropriate implementation in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

9 Apr 2026
8.8
CVSS
CVE-2026-5861HIGH

Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

9 Apr 2026
8.8
CVSS
CVE-2026-5860HIGH

Use after free in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

9 Apr 2026
8.8
CVSS
CVE-2026-5859HIGH

Integer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

9 Apr 2026
8.8
CVSS
CVE-2026-5858HIGH

Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

9 Apr 2026
8.8
CVSS
CVE-2026-0049MEDIUM

In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

6 Apr 2026
6.2
CVSS
CVE-2025-48651MEDIUM

In importWrappedKey of KMKeymasterApplet.java, there is a possible way access keys that should be restricted due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

6 Apr 2026
5.5
CVSS
CVE-2026-5292HIGH

Out of bounds read in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)

1 Apr 2026
8.8
CVSS
CVE-2026-5291MEDIUM

Inappropriate implementation in WebGL in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

1 Apr 2026
6.5
CVSS
CVE-2026-5290CRITICAL

Use after free in Compositing in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

1 Apr 2026
9.6
CVSS
CVE-2026-5289CRITICAL

Use after free in Navigation in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

1 Apr 2026
9.6
CVSS
CVE-2026-5288CRITICAL

Use after free in WebView in Google Chrome on Android prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

1 Apr 2026
9.6
CVSS
CVE-2026-5287HIGH

Use after free in PDF in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)

1 Apr 2026
8.8
CVSS
CVE-2026-5286HIGH

Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

1 Apr 2026
8.8
CVSS
CVE-2026-5285HIGH

Use after free in WebGL in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

1 Apr 2026
8.8
CVSS
CVE-2026-5284HIGH

Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

1 Apr 2026
7.5
CVSS
CVE-2026-5283MEDIUM

Inappropriate implementation in ANGLE in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

1 Apr 2026
6.5
CVSS
CVE-2026-5282HIGH

Out of bounds read in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

1 Apr 2026
8.1
CVSS
CVE-2026-5281KEVHIGHin the wild

Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

1 Apr 2026
8.8
CVSS
CVE-2026-5280HIGH

Use after free in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

1 Apr 2026
8.8
CVSS
CVE-2026-5279HIGH

Object corruption in V8 in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

1 Apr 2026
8.8
CVSS
CVE-2026-5278HIGH

Use after free in Web MIDI in Google Chrome on Android prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

1 Apr 2026
8.8
CVSS
CVE-2026-5277HIGH

Integer overflow in ANGLE in Google Chrome on Windows prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

1 Apr 2026
7.5
CVSS
CVE-2026-5276MEDIUM

Insufficient policy enforcement in WebUSB in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

1 Apr 2026
6.5
CVSS
CVE-2026-5275HIGH

Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

1 Apr 2026
8.8
CVSS
CVE-2026-5274HIGH

Integer overflow in Codecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

1 Apr 2026
8.8
CVSS
CVE-2026-5273MEDIUM

Use after free in CSS in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

1 Apr 2026
6.3
CVSS
CVE-2026-5272HIGH

Heap buffer overflow in GPU in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

1 Apr 2026
8.8
CVSS
CVE-2026-4680HIGH

Use after free in FedCM in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

24 Mar 2026
8.8
CVSS
CVE-2026-4679HIGH

Integer overflow in Fonts in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

24 Mar 2026
8.8
CVSS
CVE-2026-4678HIGH

Use after free in WebGPU in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

24 Mar 2026
8.8
CVSS
CVE-2026-4677HIGH

Inappropriate implementation in WebAudio in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

24 Mar 2026
8.8
CVSS
CVE-2026-4676HIGH

Use after free in Dawn in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

24 Mar 2026
8.8
CVSS
CVE-2026-4675HIGH

Heap buffer overflow in WebGL in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

24 Mar 2026
8.8
CVSS
CVE-2026-4674HIGH

Out of bounds read in CSS in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

24 Mar 2026
8.8
CVSS
CVE-2026-4673HIGH

Heap buffer overflow in WebAudio in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

24 Mar 2026
8.8
CVSS
← PrevPage 34 / 38Next →