Google chrome
This hub aggregates every CVE we track for Google chrome, a product in the consumer software space. Use it to gauge the current risk picture and drill into individual advisories.
5,020
CVEs tracked
375
Critical
2,582
High
75
In CISA KEV
Severity distribution
HIGH2,582MEDIUM2,004CRITICAL375LOW59
Monthly trend
48
26
22
13
7
17
9
16
13
14
10
6
16
12
1
67
19
12
20
74
144
370
583
0
2024-082026-07
Latest CVEs
The 15 most recently published vulnerabilities affecting Google chrome.
- CVE-2026-13283Use after free in AdFilter in Google Chrome on Android prior to 149.0.7827.201 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a craft...7.5
- CVE-2026-13282Use after free in Payments in Google Chrome on Android prior to 149.0.7827.201 allowed a local attacker to potentially exploit heap corruption via physical access to the device. (Chromium security ...6.8
- CVE-2026-13281Integer overflow in Mojo in Google Chrome prior to 149.0.7827.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (C...8.3
- CVE-2026-13036Use after free in Blink in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)8.8
- CVE-2026-13037Use after free in WebView in Google Chrome on Android prior to 149.0.7827.197 allowed a local attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severit...7.8
- CVE-2026-13034Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML pag...4.7
- CVE-2026-13035Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code via a malicious peripheral. (Chromium security severity: High)8.8
- CVE-2026-13030Uninitialized Use in GPU in Google Chrome on Android prior to 149.0.7827.197 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chro...5.3
- CVE-2026-13029Use after free in Web Authentication in Google Chrome prior to 149.0.7827.197 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a ...7.5
- CVE-2026-13031Use after free in Blink in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)8.8
- CVE-2026-13027Use after free in FileSystem in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8
- CVE-2026-13025Race in DevTools in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromi...8.3
- CVE-2026-13026Use after free in Digital Credentials in Google Chrome on Mac prior to 149.0.7827.197 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security se...8.8
- CVE-2026-13023Uninitialized Use in GPU in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory ...5.3
- CVE-2026-13024Insufficient validation of untrusted input in Navigation in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a c...4.2
Product normalization is registry-driven with AI assist and human review. How it works