Total CVEs

142,250

Critical Severity

3,947

High Severity

14,209

Last 7 Days

1,913
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 15,101 - 15,120 of 38,655 CVEs
CVE-2026-8006 MEDIUM - 5.4

Insufficient policy enforcement in DevTools in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD
CVE-2026-8005 MEDIUM - 4.3

Insufficient validation of untrusted input in Cast in Google Chrome prior to 148.0.7778.96 allowed an attacker on the local network segment to bypass same origin policy via malicious network traffic. (Chromium security severity: Low)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD
CVE-2026-8004 MEDIUM - 4.3

Insufficient policy enforcement in DevTools in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Low)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD
CVE-2026-8003 MEDIUM - 5.4

Insufficient validation of untrusted input in TabGroups in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via malicious network traffic. (Chromium security severity: Low)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD
CVE-2026-8002 HIGH - 8.8

Use after free in Audio in Google Chrome on Mac prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD
CVE-2026-8001 HIGH - 8.3

Use After Free in Printing in Google Chrome on Linux, Mac, ChromeOS prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD
CVE-2026-8000 HIGH - 8.8

Insufficient validation of untrusted input in ChromeDriver in Google Chrome on Windows prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD
CVE-2026-7999 MEDIUM - 4.3

Inappropriate implementation in V8 in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD
CVE-2026-7998 MEDIUM - 5.4

Insufficient validation of untrusted input in Dialog in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD
CVE-2026-7997 HIGH - 7.8

Insufficient validation of untrusted input in Updater in Google Chrome on Mac prior to 148.0.7778.96 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: Low)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD
CVE-2026-7996 MEDIUM - 4.2

Insufficient validation of untrusted input in SSL in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD
CVE-2026-7995 HIGH - 8.8

Out of bounds read in AdFilter in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD
CVE-2026-7994 HIGH - 7.8

Inappropriate implementation in Chromoting in Google Chrome on Windows prior to 148.0.7778.96 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD
CVE-2026-7993 MEDIUM - 4.2

Insufficient validation of untrusted input in Payments in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD
CVE-2026-7992 HIGH - 8.8

Insufficient validation of untrusted input in UI in Google Chrome on Linux, ChromeOS prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD
CVE-2026-7991 HIGH - 8.8

Use after free in UI in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD
CVE-2026-7990 HIGH - 7.8

Insufficient validation of untrusted input in Updater in Google Chrome on Windows prior to 148.0.7778.96 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD
CVE-2026-7989 MEDIUM - 4.2

Insufficient data validation in DataTransfer in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD
CVE-2026-7988 HIGH - 8.8

Type Confusion in WebRTC in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD
CVE-2026-7987 HIGH - 8.8

Use after free in WebRTC in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD