Total CVEs

142,250

Critical Severity

3,947

High Severity

14,209

Last 7 Days

1,911
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 15,161 - 15,180 of 38,655 CVEs
CVE-2026-7946 MEDIUM - 4.3

Insufficient policy enforcement in WebUI in Google Chrome on Linux, Mac, Windows, ChromeOS prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD
CVE-2026-7945 LOW - 3.1

Insufficient validation of untrusted input in COOP in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD
CVE-2026-7944 LOW - 3.1

Insufficient validation of untrusted input in Persistent Cache in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD
CVE-2026-7943 MEDIUM - 4.2

Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD
CVE-2026-7942 MEDIUM - 4.3

Integer overflow in ANGLE in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD
CVE-2026-7941 MEDIUM - 4.4

Insufficient validation of untrusted input in Mobile in Google Chrome on Android prior to 148.0.7778.96 allowed a local attacker to inject arbitrary scripts or HTML (UXSS) via a crafted Chrome Extension. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD
CVE-2026-7940 HIGH - 8.8

Use after free in V8 in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code inside a sandbox via a crafted Chrome Extension. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD
CVE-2026-7939 MEDIUM - 5.4

Inappropriate implementation in SanitizerAPI in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD
CVE-2026-7938 HIGH - 8.8

Use after free in CSS in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD
CVE-2026-7937 LOW - 3.1

Insufficient policy enforcement in DevTools in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD
CVE-2026-7936 MEDIUM - 4.3

Object lifecycle issue in V8 in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD
CVE-2026-7935 MEDIUM - 5.4

Inappropriate implementation in Speech in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD
CVE-2026-7934 MEDIUM - 4.2

Insufficient validation of untrusted input in Popup Blocker in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD
CVE-2026-7933 MEDIUM - 4.3

Out of bounds read in WebCodecs in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform an out of bounds memory read via a crafted video file. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD
CVE-2026-7932 MEDIUM - 4.4

Insufficient policy enforcement in Downloads in Google Chrome prior to 148.0.7778.96 allowed a local attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD
CVE-2026-7931 MEDIUM - 5.4

Insufficient validation of untrusted input in iOS in Google Chrome on iOS prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD
CVE-2026-7930 HIGH - 8.8

Insufficient validation of untrusted input in Cookies in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD
CVE-2026-7929 HIGH - 7.5

Use after free in MediaRecording in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD
CVE-2026-7928 HIGH - 8.8

Use after free in WebRTC in Google Chrome on Windows prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD
CVE-2026-7927 HIGH - 8.8

Type Confusion in Runtime in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD