Total CVEs

144,090

Critical Severity

4,134

High Severity

14,909

Last 7 Days

1,572
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 3,121 - 3,140 of 40,495 CVEs
CVE-2026-13928 HIGH - 8.8

Insufficient validation of untrusted input in Enterprise in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)

Vendor: Google
Product: Chrome
Published: Jun 30, 2026
Source: NVD
CVE-2026-13927 HIGH - 7.8

Insufficient validation of untrusted input in UI in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: Medium)

Vendor: Google
Product: Chrome
Published: Jun 30, 2026
Source: NVD
CVE-2026-13926 MEDIUM - 6.5

Insufficient validation of untrusted input in Network in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

Vendor: Google
Product: Chrome
Published: Jun 30, 2026
Source: NVD
CVE-2026-13925 HIGH - 7.5

Inappropriate implementation in Downloads in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Medium)

Vendor: Google
Product: Chrome
Published: Jun 30, 2026
Source: NVD
CVE-2026-13924 MEDIUM - 6.5

Insufficient validation of untrusted input in WebView in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)

Vendor: Google
Product: Chrome
Published: Jun 30, 2026
Source: NVD
CVE-2026-13923 MEDIUM - 6.5

Uninitialized Use in GPU in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Vendor: Google
Product: Chrome
Published: Jun 30, 2026
Source: NVD
CVE-2026-13922 MEDIUM - 6.5

Side-channel information leakage in Paint in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Vendor: Google
Product: Chrome
Published: Jun 30, 2026
Source: NVD
CVE-2026-13921 MEDIUM - 6.5

Insufficient validation of untrusted input in DeviceBoundSessionCredentials in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)

Vendor: Google
Product: Chrome
Published: Jun 30, 2026
Source: NVD
CVE-2026-13920 CRITICAL - 9.6

Insufficient validation of untrusted input in Media in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Vendor: Google
Product: Chrome
Published: Jun 30, 2026
Source: NVD
CVE-2026-13919 MEDIUM - 6.5

Insufficient policy enforcement in Extensions in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium)

Vendor: Google
Product: Chrome
Published: Jun 30, 2026
Source: NVD
CVE-2026-13918 HIGH - 8.8

Use after free in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Vendor: Google
Product: Chrome
Published: Jun 30, 2026
Source: NVD
CVE-2026-13917 MEDIUM - 6.5

Insufficient validation of untrusted input in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

Vendor: Google
Product: Chrome
Published: Jun 30, 2026
Source: NVD
CVE-2026-13916 MEDIUM - 4.3

Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Vendor: Google
Product: Chrome
Published: Jun 30, 2026
Source: NVD
CVE-2026-13915 HIGH - 8.8

Use after free in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Vendor: Google
Product: Chrome
Published: Jun 30, 2026
Source: NVD
CVE-2026-13914 MEDIUM - 5.5

Inappropriate implementation in Passwords in Google Chrome on Mac prior to 150.0.7871.47 allowed a local attacker to obtain potentially sensitive information from process memory via a malicious file. (Chromium security severity: Medium)

Vendor: Google
Product: Chrome
Published: Jun 30, 2026
Source: NVD
CVE-2026-13913 MEDIUM - 6.5

Insufficient policy enforcement in Autofill in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Vendor: Google
Product: Chrome
Published: Jun 30, 2026
Source: NVD
CVE-2026-13912 MEDIUM - 4.3

Inappropriate implementation in Safe Browsing in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Vendor: Google
Product: Chrome
Published: Jun 30, 2026
Source: NVD
CVE-2026-13911 MEDIUM - 5.3

Insufficient policy enforcement in Spellcheck in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Vendor: Google
Product: Chrome
Published: Jun 30, 2026
Source: NVD
CVE-2026-13910 MEDIUM - 6.5

Insufficient policy enforcement in WebXR in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Vendor: Google
Product: Chrome
Published: Jun 30, 2026
Source: NVD
CVE-2026-13909 CRITICAL - 9.6

Insufficient policy enforcement in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Vendor: Google
Product: Chrome
Published: Jun 30, 2026
Source: NVD