Total CVEs

139,961

Critical Severity

3,664

High Severity

13,210

Last 7 Days

1,586
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 4,461 - 4,480 of 13,369 CVEs
CVE-2026-8004 MEDIUM - 4.3

Insufficient policy enforcement in DevTools in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Low)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD
CVE-2026-8003 MEDIUM - 5.4

Insufficient validation of untrusted input in TabGroups in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via malicious network traffic. (Chromium security severity: Low)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD
CVE-2026-7999 MEDIUM - 4.3

Inappropriate implementation in V8 in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD
CVE-2026-7998 MEDIUM - 5.4

Insufficient validation of untrusted input in Dialog in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD
CVE-2026-7996 MEDIUM - 4.2

Insufficient validation of untrusted input in SSL in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD
CVE-2026-7993 MEDIUM - 4.2

Insufficient validation of untrusted input in Payments in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD
CVE-2026-7989 MEDIUM - 4.2

Insufficient data validation in DataTransfer in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD
CVE-2026-7986 MEDIUM - 4.3

Insufficient policy enforcement in Autofill in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD
CVE-2026-7983 MEDIUM - 4.3

Out of bounds read in Dawn in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD
CVE-2026-7982 MEDIUM - 6.5

Uninitialized Use in WebCodecs in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD
CVE-2026-7981 MEDIUM - 6.5

Out of bounds read in Codecs in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to obtain potentially sensitive information from process memory via a malicious file. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD
CVE-2026-7979 MEDIUM - 4.3

Inappropriate implementation in Media in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD
CVE-2026-7977 MEDIUM - 6.3

Inappropriate implementation in Canvas in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD
CVE-2026-7972 MEDIUM - 4.3

Uninitialized Use in GPU in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD
CVE-2026-7971 MEDIUM - 6.3

Inappropriate implementation in ORB in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD
CVE-2026-7969 MEDIUM - 4.3

Integer overflow in Network in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD
CVE-2026-7964 MEDIUM - 4.2

Insufficient validation of untrusted input in FileSystem in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD
CVE-2026-7962 MEDIUM - 5.4

Insufficient policy enforcement in DirectSockets in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform arbitrary read/write via a crafted Chrome Extension. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD
CVE-2026-7961 MEDIUM - 4.3

Insufficient validation of untrusted input in Permissions in Google Chrome prior to 148.0.7778.96 allowed an attacker on the local network segment to leak cross-origin data via malicious network traffic. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD
CVE-2026-7960 MEDIUM - 5.3

Race in Speech in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD