Total CVEs

145,436

Critical Severity

4,245

High Severity

15,630

Last 7 Days

2,406
Quick preset (or use dates below)
Clear Filters
Showing 1,721 - 1,740 of 2,393 CVEs

captive browser, a dedicated Chrome instance to log into captive portals without messing with DNS settings. In 25.05 and earlier, when programs.captive-browser is enabled, any user of the system can run arbitrary commands with the CAP_NET_RAW capability (binding to privileged ports, spoofing localho...

Vendor: NixOS
Product: nixpkgs
Published: Feb 09, 2026
Source: NVD
CVE-2026-1862 HIGH - 8.8

Type Confusion in V8 in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Published: Feb 03, 2026
Source: NVD
CVE-2026-1861 HIGH - 8.8

Heap buffer overflow in libvpx in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Published: Feb 03, 2026
Source: NVD
CVE-2026-1504 MEDIUM - 6.5

Inappropriate implementation in Background Fetch API in Google Chrome prior to 144.0.7559.110 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

Published: Jan 27, 2026
Source: NVD
CVE-2026-0908 HIGH - 8.8

Use after free in ANGLE in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)

Published: Jan 20, 2026
Source: NVD
CVE-2026-0907 CRITICAL - 9.8

Incorrect security UI in Split View in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Published: Jan 20, 2026
Source: NVD
CVE-2026-0906 CRITICAL - 9.8

Incorrect security UI in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)

Published: Jan 20, 2026
Source: NVD
CVE-2026-0905 CRITICAL - 9.8

Insufficient policy enforcement in Network in Google Chrome prior to 144.0.7559.59 allowed an attack who obtained a network log file to potentially obtain potentially sensitive information via a network log file. (Chromium security severity: Medium)

Published: Jan 20, 2026
Source: NVD
CVE-2026-0904 MEDIUM - 5.4

Incorrect security UI in Digital Credentials in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)

Published: Jan 20, 2026
Source: NVD
CVE-2026-0903 MEDIUM - 5.4

Inappropriate implementation in Downloads in Google Chrome on Windows prior to 144.0.7559.59 allowed a remote attacker to bypass dangerous file type protections via a malicious file. (Chromium security severity: Medium)

Published: Jan 20, 2026
Source: NVD
CVE-2026-0902 HIGH - 8.8

Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)

Published: Jan 20, 2026
Source: NVD
CVE-2026-0901 MEDIUM - 5.4

Inappropriate implementation in Blink in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High)

Published: Jan 20, 2026
Source: NVD
CVE-2026-0900 HIGH - 8.8

Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)

Published: Jan 20, 2026
Source: NVD
CVE-2026-0899 HIGH - 8.8

Out of bounds memory access in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)

Published: Jan 20, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Use spinlock for context list protection lock Previously a mutex was added to protect the encoder and decoder context lists from unexpected changes originating from the SCP IP block, causing the context po...

Published: Jan 14, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: platform/chrome: cros_ec_ishtp: Fix UAF after unbinding driver After unbinding the driver, another kthread `cros_ec_console_log_work` is still accessing the device, resulting an UAF and crash. The driver doesn't unregister t...

Published: Jan 13, 2026
Source: NVD
CVE-2026-0628 HIGH - 8.8

Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Jan 07, 2026
Source: NVD

Out of bounds read and write in V8 in Google Chrome prior to 143.0.7499.147 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Published: Dec 16, 2025
Source: NVD

Use after free in WebGPU in Google Chrome prior to 143.0.7499.147 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Published: Dec 16, 2025
Source: NVD

Inappropriate implementation in Toolbar in Google Chrome on Android prior to 143.0.7499.110 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)

Published: Dec 12, 2025
Source: NVD