Google CVEs & Vulnerabilities

1.820 CVEs affecting Google products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

1.820 CVEs→ All vendors

Most Affected Products

chrome 1.584android 604chrome os 21chrome-devtools-mcp 2android xr 1cloud build 1mcp toolbox for databases 1
CVE-2026-32317MEDIUM

Cryptomator for Android offers multi-platform transparent client-side encryption for files in the cloud. Prior to version 1.12.3, an integrity check vulnerability allows an attacker tamper with the vault configuration file leading to a man-in-the-middle vulnerability in Hub key loading mechanism. Before this fix, the client trusted endpoints from the vault config without host authenticity checks, which could allow token exfiltration by mixing a legitimate auth endpoint with a malicious API endpoint. Impacted are users unlocking Hub-backed vaults with affected client versions in environments where an attacker can alter the vault.cryptomator file. This issue has been patched in version 1.12.3.

20 Mar 2026
5.9
CVSS
CVE-2026-4464HIGH

Integer overflow in ANGLE in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

20 Mar 2026
8.8
CVSS
CVE-2026-4463HIGH

Heap buffer overflow in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

20 Mar 2026
8.8
CVSS
CVE-2026-4462HIGH

Out of bounds read in Blink in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

20 Mar 2026
8.8
CVSS
CVE-2026-4461HIGH

Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

20 Mar 2026
8.8
CVSS
CVE-2026-4460HIGH

Out of bounds read in Skia in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

20 Mar 2026
8.8
CVSS
CVE-2026-4459HIGH

Out of bounds read and write in WebAudio in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

20 Mar 2026
8.8
CVSS
CVE-2026-4458HIGH

Use after free in Extensions in Google Chrome prior to 146.0.7680.153 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)

20 Mar 2026
8.8
CVSS
CVE-2026-4457HIGH

Type Confusion in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

20 Mar 2026
8.8
CVSS
CVE-2026-4456HIGH

Use after free in Digital Credentials API in Google Chrome prior to 146.0.7680.153 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

20 Mar 2026
8.8
CVSS
CVE-2026-4455HIGH

Heap buffer overflow in PDFium in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)

20 Mar 2026
8.8
CVSS
CVE-2026-4454HIGH

Use after free in Network in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

20 Mar 2026
8.8
CVSS
CVE-2026-4453MEDIUM

Integer overflow in Dawn in Google Chrome on Mac prior to 146.0.7680.153 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

20 Mar 2026
4.3
CVSS
CVE-2026-4452HIGH

Integer overflow in ANGLE in Google Chrome on Windows prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

20 Mar 2026
8.8
CVSS
CVE-2026-4451HIGH

Insufficient validation of untrusted input in Navigation in Google Chrome prior to 146.0.7680.153 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

20 Mar 2026
8.8
CVSS
CVE-2026-4450HIGH

Out of bounds write in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

20 Mar 2026
8.8
CVSS
CVE-2026-4449HIGH

Use after free in Blink in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

20 Mar 2026
8.8
CVSS
CVE-2026-4448HIGH

Heap buffer overflow in ANGLE in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

20 Mar 2026
8.8
CVSS
CVE-2026-4447HIGH

Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

20 Mar 2026
8.8
CVSS
CVE-2026-4446HIGH

Use after free in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

20 Mar 2026
8.8
CVSS
CVE-2026-4445HIGH

Use after free in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

20 Mar 2026
8.8
CVSS
CVE-2026-4444HIGH

Stack buffer overflow in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High)

20 Mar 2026
8.8
CVSS
CVE-2026-4443HIGH

Heap buffer overflow in WebAudio in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

20 Mar 2026
8.8
CVSS
CVE-2026-4442HIGH

Heap buffer overflow in CSS in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

20 Mar 2026
8.8
CVSS
CVE-2026-4441HIGH

Use after free in Base in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

20 Mar 2026
8.8
CVSS
CVE-2026-4440HIGH

Out of bounds read and write in WebGL in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Critical)

20 Mar 2026
8.8
CVSS
CVE-2026-4439HIGH

Out of bounds memory access in WebGL in Google Chrome on Android prior to 146.0.7680.153 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

20 Mar 2026
8.8
CVSS
CVE-2026-3910KEVHIGHin the wild

Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

13 Mar 2026
8.8
CVSS
CVE-2026-3909KEVHIGHin the wild

Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

13 Mar 2026
8.8
CVSS
CVE-2026-3942MEDIUM

Incorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

12 Mar 2026
4.3
CVSS
CVE-2026-3941MEDIUM

Insufficient policy enforcement in DevTools in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)

12 Mar 2026
4.3
CVSS
CVE-2026-3940MEDIUM

Insufficient policy enforcement in DevTools in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)

12 Mar 2026
5.3
CVSS
CVE-2026-3939MEDIUM

Insufficient policy enforcement in PDF in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted PDF file. (Chromium security severity: Low)

12 Mar 2026
5.3
CVSS
CVE-2026-3938MEDIUM

Insufficient policy enforcement in Clipboard in Google Chrome prior to 146.0.7680.71 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

12 Mar 2026
4.3
CVSS
CVE-2026-3937MEDIUM

Incorrect security UI in Downloads in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

12 Mar 2026
6.5
CVSS
CVE-2026-3936HIGH

Use after free in WebView in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

12 Mar 2026
8.8
CVSS
CVE-2026-3935MEDIUM

Incorrect security UI in WebAppInstalls in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

12 Mar 2026
6.5
CVSS
CVE-2026-3934MEDIUM

Insufficient policy enforcement in ChromeDriver in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)

12 Mar 2026
6.5
CVSS
CVE-2026-3932HIGH

Insufficient policy enforcement in PDF in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

12 Mar 2026
7.5
CVSS
CVE-2026-3931HIGH

Heap buffer overflow in Skia in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)

12 Mar 2026
8.8
CVSS
CVE-2026-3930MEDIUM

Unsafe navigation in Navigation in Google Chrome on iOS prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

12 Mar 2026
5.3
CVSS
CVE-2026-3929LOW

Side-channel information leakage in ResourceTiming in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

12 Mar 2026
3.1
CVSS
CVE-2026-3928MEDIUM

Insufficient policy enforcement in Extensions in Google Chrome prior to 146.0.7680.71 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Medium)

12 Mar 2026
4.3
CVSS
CVE-2026-3927MEDIUM

Incorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

12 Mar 2026
4.3
CVSS
CVE-2026-3926HIGH

Out of bounds read in V8 in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)

12 Mar 2026
8.8
CVSS
CVE-2026-3925MEDIUM

Incorrect security UI in LookalikeChecks in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

12 Mar 2026
4.3
CVSS
CVE-2026-3924HIGH

use after free in WindowDialog in Google Chrome prior to 146.0.7680.71 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

12 Mar 2026
7.5
CVSS
CVE-2026-3923HIGH

Use after free in WebMIDI in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

12 Mar 2026
8.8
CVSS
← PrevPage 35 / 38Next →