Total CVEs

143,768

Critical Severity

4,091

High Severity

14,768

Last 7 Days

1,527
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 1,521 - 1,540 of 1,721 CVEs
CVE-2026-5912 HIGH - 8.8

Integer overflow in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Low)

Vendor: google
Product: chrome
Published: Apr 08, 2026
Source: NVD
CVE-2026-5911 MEDIUM - 4.3

Policy bypass in ServiceWorkers in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)

Vendor: google
Product: chrome
Published: Apr 08, 2026
Source: NVD
CVE-2026-5910 HIGH - 8.8

Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (Chromium security severity: Low)

Vendor: google
Product: chrome
Published: Apr 08, 2026
Source: NVD
CVE-2026-5909 HIGH - 8.8

Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (Chromium security severity: Low)

Vendor: google
Product: chrome
Published: Apr 08, 2026
Source: NVD
CVE-2026-5908 HIGH - 8.8

Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (Chromium security severity: Low)

Vendor: google
Product: chrome
Published: Apr 08, 2026
Source: NVD
CVE-2026-5907 HIGH - 8.1

Insufficient data validation in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory read via a crafted video file. (Chromium security severity: Low)

Vendor: google
Product: chrome
Published: Apr 08, 2026
Source: NVD
CVE-2026-5906 MEDIUM - 4.3

Incorrect security UI in Omnibox in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)

Vendor: google
Product: chrome
Published: Apr 08, 2026
Source: NVD
CVE-2026-5905 MEDIUM - 6.5

Incorrect security UI in Permissions in Google Chrome on Windows prior to 147.0.7727.55 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)

Vendor: google
Product: chrome
Published: Apr 08, 2026
Source: NVD
CVE-2026-5904 HIGH - 8.8

Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Low)

Vendor: google
Product: chrome
Published: Apr 08, 2026
Source: NVD
CVE-2026-5903 MEDIUM - 6.5

Policy bypass in IFrameSandbox in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)

Vendor: google
Product: chrome
Published: Apr 08, 2026
Source: NVD
CVE-2026-5902 CRITICAL - 9.8

Race in Media in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to corrupt media stream metadata via a crafted HTML page. (Chromium security severity: Low)

Vendor: google
Product: chrome
Published: Apr 08, 2026
Source: NVD
CVE-2026-5901 MEDIUM - 6.5

Insufficient policy enforcement in DevTools in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to bypass enterprise host restrictions for cookie modification via a crafted Chrome Extension. (Chromium security severity: Low)

Vendor: google
Product: chrome
Published: Apr 08, 2026
Source: NVD
CVE-2026-5900 MEDIUM - 4.3

Policy bypass in Downloads in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass of multi-download protections via a crafted HTML page. (Chromium security severity: Low)

Vendor: google
Product: chrome
Published: Apr 08, 2026
Source: NVD
CVE-2026-5899 MEDIUM - 6.1

Insufficient policy enforcement in History Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Low)

Vendor: google
Product: chrome
Published: Apr 08, 2026
Source: NVD
CVE-2026-5898 MEDIUM - 4.3

Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Vendor: google
Product: chrome
Published: Apr 08, 2026
Source: NVD
CVE-2026-5897 MEDIUM - 4.3

Incorrect security UI in Downloads in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Vendor: google
Product: chrome
Published: Apr 08, 2026
Source: NVD
CVE-2026-5896 MEDIUM - 6.1

Policy bypass in Audio in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass sandbox download restrictions via a crafted HTML page. (Chromium security severity: Low)

Vendor: google
Product: chrome
Published: Apr 08, 2026
Source: NVD
CVE-2026-5895 MEDIUM - 5.4

Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. (Chromium security severity: Low)

Vendor: google
Product: chrome
Published: Apr 08, 2026
Source: NVD
CVE-2026-5894 MEDIUM - 4.3

Inappropriate implementation in PDF in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)

Vendor: google
Product: chrome
Published: Apr 08, 2026
Source: NVD
CVE-2026-5893 MEDIUM - 6.8

Race in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: Apr 08, 2026
Source: NVD