Every CVE whose affected-product data names Google Chrome, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (200)
CVE-2012-5141 — CVSS 10.0 (critical): Google Chrome before 23.0.1271.97 does not properly restrict instantiation of the Chromoting client plug-in, which has unspecified impact…
CVE-2011-0485 — CVSS 10.0 (critical): Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle speech data, which allows remote attackers to…
CVE-2010-3112 — CVSS 10.0 (critical): Google Chrome before 5.0.375.127 does not properly implement file dialogs, which allows attackers to cause a denial of service (memory…
CVE-2011-0474 — CVSS 10.0 (critical): Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle Cascading Style Sheets (CSS) token sequences in…
CVE-2010-3111 — CVSS 10.0 (critical): Google Chrome before 6.0.472.53 does not properly mitigate an unspecified flaw in the Windows kernel, which has unknown impact and attack…
CVE-2012-5140 — CVSS 10.0 (critical): Use-after-free vulnerability in Google Chrome before 23.0.1271.97 allows remote attackers to cause a denial of service or possibly have…
CVE-2012-5139 — CVSS 10.0 (critical): Use-after-free vulnerability in Google Chrome before 23.0.1271.97 allows remote attackers to cause a denial of service or possibly have…
CVE-2013-2931 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in Google Chrome before 31.0.1650.48 allow attackers to execute arbitrary code or possibly have other…
CVE-2011-3086 — CVSS 10.0 (critical): Use-after-free vulnerability in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have…
CVE-2015-6791 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in Google Chrome before 47.0.2526.80 allow attackers to cause a denial of service or possibly have…
CVE-2011-3046 — CVSS 10.0 (critical): The extension subsystem in Google Chrome before 17.0.963.78 does not properly handle history navigation, which allows remote attackers to…
CVE-2012-5138 — CVSS 10.0 (critical): Google Chrome before 23.0.1271.95 does not properly handle file paths, which has unspecified impact and attack vectors.
CVE-2011-1806 — CVSS 10.0 (critical): Google Chrome before 11.0.696.71 does not properly implement the GPU command buffer, which allows remote attackers to execute arbitrary…
CVE-2011-0473 — CVSS 10.0 (critical): Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle Cascading Style Sheets (CSS) token sequences in…
CVE-2010-3120 — CVSS 10.0 (critical): Google Chrome before 5.0.375.127 does not properly implement the Geolocation feature, which allows remote attackers to cause a denial of…
CVE-2011-1807 — CVSS 10.0 (critical): Google Chrome before 11.0.696.71 does not properly handle blobs, which allows remote attackers to execute arbitrary code via unspecified…
CVE-2010-3254 — CVSS 10.0 (critical): The WebSockets implementation in Google Chrome before 6.0.472.53 does not properly handle integer values, which allows remote attackers to…
CVE-2010-1233 — CVSS 10.0 (critical): Multiple integer overflows in Google Chrome before 4.1.249.1036 allow remote attackers to have an unspecified impact via vectors involving…
CVE-2010-2107 — CVSS 10.0 (critical): Unspecified vulnerability in Google Chrome before 5.0.375.55 allows attackers to cause a denial of service (memory error) or possibly have…
CVE-2011-0471 — CVSS 10.0 (critical): The node-iteration implementation in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 does not properly handle pointers…
CVE-2012-5137 — CVSS 10.0 (critical): Use-after-free vulnerability in Google Chrome before 23.0.1271.95 allows remote attackers to cause a denial of service or possibly have…
CVE-2010-3119 — CVSS 10.0 (critical): Google Chrome before 5.0.375.127 and webkitgtk before 1.2.6 do not properly support the Ruby language, which allows attackers to cause a…
CVE-2010-2900 — CVSS 10.0 (critical): Google Chrome before 5.0.375.125 does not properly handle a large canvas, which has unspecified impact and remote attack vectors.
CVE-2014-3175 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in Google Chrome before 37.0.2062.94 allow attackers to cause a denial of service or possibly have…
CVE-2010-2105 — CVSS 10.0 (critical): Google Chrome before 5.0.375.55 does not properly follow the Safe Browsing specification's requirements for canonicalization of URLs, which…
CVE-2010-2898 — CVSS 10.0 (critical): Google Chrome before 5.0.375.125 does not properly mitigate an unspecified flaw in the GNU C Library, which has unknown impact and attack…
CVE-2011-3079 — CVSS 10.0 (critical): The Inter-process Communication (IPC) implementation in Google Chrome before 18.0.1025.168, as used in Mozilla Firefox before 38.0 and…
CVE-2010-2897 — CVSS 10.0 (critical): Google Chrome before 5.0.375.125 does not properly mitigate an unspecified flaw in the Windows kernel, which has unknown impact and attack…
CVE-2012-5112 — CVSS 10.0 (critical): Use-after-free vulnerability in the SVG implementation in WebKit, as used in Google Chrome before 22.0.1229.94, allows remote attackers to…
CVE-2011-3089 — CVSS 10.0 (critical): Use-after-free vulnerability in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have…
CVE-2015-8480 — CVSS 10.0 (critical): The VideoFramePool::PoolImpl::CreateFrame function in media/base/video_frame_pool.cc in Google Chrome before 47.0.2526.73 does not…
CVE-2010-2302 — CVSS 10.0 (critical): Use-after-free vulnerability in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to cause a denial of service…
CVE-2015-8548 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in Google V8 before 4.7.80.23, as used in Google Chrome before 47.0.2526.80, allow attackers to cause…
CVE-2010-2300 — CVSS 10.0 (critical): Use-after-free vulnerability in the Element::normalizeAttributes function in dom/Element.cpp in WebCore in WebKit in Google Chrome before…
CVE-2010-2299 — CVSS 10.0 (critical): The Clipboard::DispatchObject function in app/clipboard/clipboard.cc in Google Chrome before 5.0.375.70 does not properly handle…
CVE-2010-2298 — CVSS 10.0 (critical): browser/renderer_host/database_dispatcher_host.cc in Google Chrome before 5.0.375.70 on Linux does not properly handle…
CVE-2010-3117 — CVSS 10.0 (critical): Google Chrome before 5.0.375.127 does not properly implement the notifications feature, which allows remote attackers to cause a denial of…
CVE-2014-1704 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in Google V8 before 3.23.17.18, as used in Google Chrome before 33.0.1750.149, allow attackers to…
CVE-2014-3176 — CVSS 10.0 (critical): Google Chrome before 37.0.2062.94 does not properly handle the interaction of extensions, IPC, the sync API, and Google V8, which allows…
CVE-2014-1681 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in Google Chrome before 32.0.1700.102 have unknown impact and attack vectors, related to 12 "security…
CVE-2015-6765 — CVSS 10.0 (critical): Use-after-free vulnerability in content/browser/appcache/appcache_update_job.cc in Google Chrome before 47.0.2526.73 allows remote…
CVE-2009-2935 — CVSS 10.0 (critical): Google V8, as used in Google Chrome before 2.0.172.43, allows remote attackers to bypass intended restrictions on reading memory, and…
CVE-2011-3099 — CVSS 10.0 (critical): Use-after-free vulnerability in the PDF functionality in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of…
CVE-2011-3097 — CVSS 10.0 (critical): The PDF functionality in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have…
CVE-2011-3101 — CVSS 10.0 (critical): Google Chrome before 19.0.1084.46 on Linux does not properly mitigate an unspecified flaw in an NVIDIA driver, which has unknown impact and…
CVE-2013-2863 — CVSS 10.0 (critical): Google Chrome before 27.0.1453.110 does not properly handle SSL sockets, which allows remote attackers to execute arbitrary code or cause a…
CVE-2011-3106 — CVSS 10.0 (critical): The WebSockets implementation in Google Chrome before 19.0.1084.52 does not properly handle use of SSL, which allows remote attackers to…
CVE-2013-0842 — CVSS 10.0 (critical): Google Chrome before 24.0.1312.56 does not properly handle %00 characters in pathnames, which has unspecified impact and attack vectors.
CVE-2026-13782 — CVSS 10.0 (critical): Use after free in Browser in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to…
CVE-2010-1229 — CVSS 10.0 (critical): The sandbox infrastructure in Google Chrome before 4.1.249.1036 does not properly use pointers, which has unspecified impact and attack…
CVE-2010-3253 — CVSS 10.0 (critical): The implementation of notification permissions in Google Chrome before 6.0.472.53 allows attackers to cause a denial of service (memory…
CVE-2011-3087 — CVSS 10.0 (critical): Google Chrome before 19.0.1084.46 does not properly perform window navigation, which has unspecified impact and remote attack vectors.
CVE-2011-3091 — CVSS 10.0 (critical): Use-after-free vulnerability in the IndexedDB implementation in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial…
CVE-2011-3092 — CVSS 10.0 (critical): The regex implementation in Google V8, as used in Google Chrome before 19.0.1084.46, allows remote attackers to cause a denial of service…
CVE-2010-1505 — CVSS 10.0 (critical): Google Chrome before 4.1.249.1059 does not prevent pages from loading with the New Tab page's privileges, which has unknown impact and…
CVE-2010-3252 — CVSS 10.0 (critical): Use-after-free vulnerability in the Notifications presenter in Google Chrome before 6.0.472.53 allows attackers to cause a denial of…
CVE-2015-6787 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in Google Chrome before 47.0.2526.73 allow attackers to cause a denial of service or possibly have…
CVE-2010-1228 — CVSS 10.0 (critical): Multiple race conditions in the sandbox infrastructure in Google Chrome before 4.1.249.1036 have unspecified impact and attack vectors.
CVE-2015-6788 — CVSS 10.0 (critical): The ObjectBackedNativeHandler class in extensions/renderer/object_backed_native_handler.cc in the extensions subsystem in Google Chrome…
CVE-2014-3188 — CVSS 10.0 (critical): Google Chrome before 38.0.2125.101 and Chrome OS before 38.0.2125.101 do not properly handle the interaction of IPC and Google V8, which…
CVE-2010-3116 — CVSS 10.0 (critical): Multiple use-after-free vulnerabilities in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before…
CVE-2013-0840 — CVSS 10.0 (critical): Google Chrome before 24.0.1312.56 does not validate URLs during the opening of new windows, which has unspecified impact and remote attack…
CVE-2011-2806 — CVSS 10.0 (critical): Google Chrome before 13.0.782.215 on Windows does not properly handle vertex data, which allows remote attackers to execute arbitrary code…
CVE-2011-3108 — CVSS 10.0 (critical): Use-after-free vulnerability in Google Chrome before 19.0.1084.52 allows remote attackers to execute arbitrary code via vectors related to…
CVE-2010-0646 — CVSS 10.0 (critical): Multiple integer signedness errors in factory.cc in Google V8 before r3560, as used in Google Chrome before 4.0.249.89, allow remote…
CVE-2011-0982 — CVSS 10.0 (critical): Use-after-free vulnerability in Google Chrome before 9.0.597.94 allows remote attackers to cause a denial of service or possibly have…
CVE-2010-1230 — CVSS 10.0 (critical): Google Chrome before 4.1.249.1036 does not have the expected behavior for attempts to delete Web SQL Databases and clear the Strict…
CVE-2012-1846 — CVSS 10.0 (critical): Google Chrome 17.0.963.66 and earlier allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a…
CVE-2011-0477 — CVSS 10.0 (critical): Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle a mismatch in video frame sizes, which allows…
CVE-2011-0478 — CVSS 10.0 (critical): Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle SVG use elements, which allows remote attackers to…
CVE-2010-3114 — CVSS 10.0 (critical): The text-editing implementation in Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, does not check a node type before…
CVE-2011-1300 — CVSS 10.0 (critical): The Program::getActiveUniformMaxLength function in libGLESv2/Program.cpp in libGLESv2.dll in the WebGLES library in Almost Native Graphics…
CVE-2011-3095 — CVSS 10.0 (critical): The OGG container in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified…
CVE-2010-2902 — CVSS 10.0 (critical): The SVG implementation in Google Chrome before 5.0.375.125 allows remote attackers to cause a denial of service (memory corruption) or…
CVE-2010-3113 — CVSS 10.0 (critical): Google Chrome before 5.0.375.127, and webkitgtk before 1.2.5, does not properly handle SVG documents, which allows remote attackers to…
CVE-2011-0476 — CVSS 10.0 (critical): Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allow remote attackers to cause a denial of service (stack memory…
CVE-2012-5144 — CVSS 10.0 (critical): Google Chrome before 23.0.1271.97, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, do not properly perform AAC decoding, which allows…
CVE-2011-2822 — CVSS 10.0 (critical): Google Chrome before 13.0.782.215 on Windows does not properly parse URLs located on the command line, which has unspecified impact and…
CVE-2012-5143 — CVSS 10.0 (critical): Integer overflow in Google Chrome before 23.0.1271.97 allows remote attackers to cause a denial of service or possibly have unspecified…
CVE-2010-2901 — CVSS 10.0 (critical): The rendering implementation in Google Chrome before 5.0.375.125 allows remote attackers to cause a denial of service (memory corruption)…
CVE-2010-1663 — CVSS 10.0 (critical): The Google URL Parsing Library (aka google-url or GURL) in Google Chrome before 4.1.249.1064 allows remote attackers to bypass the Same…
CVE-2010-3415 — CVSS 10.0 (critical): Google Chrome before 6.0.472.59 does not properly implement Geolocation, which allows remote attackers to cause a denial of service (memory…
CVE-2012-5142 — CVSS 10.0 (critical): Google Chrome before 23.0.1271.97 does not properly handle history navigation, which allows remote attackers to execute arbitrary code or…
CVE-2014-3177 — CVSS 10.0 (critical): Google Chrome before 37.0.2062.94 does not properly handle the interaction of extensions, IPC, the sync API, and Google V8, which allows…
CVE-2010-3414 — CVSS 10.0 (critical): Google Chrome before 6.0.472.59 on Mac OS X does not properly implement file dialogs, which allows attackers to cause a denial of service…
CVE-2010-4203 — CVSS 9.8 (critical): WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome before 7.0.517.44, allows remote attackers to cause a denial of…
CVE-2016-5178 — CVSS 9.8 (critical): Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers to cause a denial of service or possibly…
CVE-2026-14104 — CVSS 9.8 (critical): Insufficient validation of untrusted input in WebAppInstalls in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute…
CVE-2023-1529 — CVSS 9.8 (critical): Out of bounds memory access in WebHID in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap…
CVE-2010-4042 — CVSS 9.8 (critical): Google Chrome before 7.0.517.41 does not properly handle element maps, which allows remote attackers to cause a denial of service or…
CVE-2016-1662 — CVSS 9.8 (critical): extensions/renderer/gc_callback.cc in Google Chrome before 50.0.2661.94 does not prevent fallback execution once the Garbage Collection…
CVE-2010-4204 — CVSS 9.8 (critical): WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, accesses a frame object after this object…
CVE-2024-0808 — CVSS 9.8 (critical): Integer underflow in WebUI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2022-2587 — CVSS 9.8 (critical): Out of bounds write in Chrome OS Audio Server in Google Chrome on Chrome OS prior to 102.0.5005.125 allowed a remote attacker to…
CVE-2024-1284 — CVSS 9.8 (critical): Use after free in Mojo in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2010-4205 — CVSS 9.8 (critical): Google Chrome before 7.0.517.44 does not properly handle the data types of event objects, which allows remote attackers to cause a denial…
CVE-2016-1629 — CVSS 9.8 (critical): Google Chrome before 48.0.2564.116 allows remote attackers to bypass the Blink Same Origin Policy and a sandbox protection mechanism via…
CVE-2016-1633 — CVSS 9.8 (critical): Use-after-free vulnerability in Blink, as used in Google Chrome before 49.0.2623.75, allows remote attackers to cause a denial of service…
CVE-2010-1205 — CVSS 9.8 (critical): Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote…
CVE-2016-5140 — CVSS 9.8 (critical): Heap-based buffer overflow in the opj_j2k_read_SQcd_SQcc function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before…
CVE-2026-13776 — CVSS 9.8 (critical): Type Confusion in Dawn in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to…
CVE-2026-0907 — CVSS 9.8 (critical): Incorrect security UI in Split View in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform UI spoofing via a crafted…
CVE-2016-1635 — CVSS 9.8 (critical): extensions/renderer/render_frame_observer_natives.cc in Google Chrome before 49.0.2623.75 does not properly consider object lifetimes and…
CVE-2016-1666 — CVSS 9.8 (critical): Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.94 allow attackers to cause a denial of service or possibly have…
CVE-2026-0906 — CVSS 9.8 (critical): Incorrect security UI in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to spoof the contents of the Omnibox…
CVE-2016-5142 — CVSS 9.8 (critical): The Web Cryptography API (aka WebCrypto) implementation in Blink, as used in Google Chrome before 52.0.2743.116, does not properly copy…
CVE-2016-5143 — CVSS 9.8 (critical): The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname…
CVE-2014-9654 — CVSS 9.8 (critical): The Regular Expressions package in International Components for Unicode (ICU) for C/C++ before 2014-12-03, as used in Google Chrome before…
CVE-2026-0905 — CVSS 9.8 (critical): Insufficient policy enforcement in Network in Google Chrome prior to 144.0.7559.59 allowed an attack who obtained a network log file to…
CVE-2020-15993 — CVSS 9.8 (critical): Use after free in printing in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2016-5144 — CVSS 9.8 (critical): The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname…
CVE-2010-4041 — CVSS 9.8 (critical): The sandbox implementation in Google Chrome before 7.0.517.41 on Linux does not properly constrain worker processes, which might allow…
CVE-2016-1636 — CVSS 9.8 (critical): The PendingScript::notifyFinished function in WebKit/Source/core/dom/PendingScript.cpp in Google Chrome before 49.0.2623.75 relies on…
CVE-2016-5146 — CVSS 9.8 (critical): Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.116 allow attackers to cause a denial of service or possibly have…
CVE-2016-1639 — CVSS 9.8 (critical): Use-after-free vulnerability in browser/extensions/api/webrtc_audio_private/webrtc_audio_private_api.cc in the WebRTC Audio Private API…
CVE-2026-13775 — CVSS 9.8 (critical): Use after free in GPU in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to…
CVE-2016-1642 — CVSS 9.8 (critical): Multiple unspecified vulnerabilities in Google Chrome before 49.0.2623.75 allow attackers to cause a denial of service or possibly have…
CVE-2016-2843 — CVSS 9.8 (critical): Multiple unspecified vulnerabilities in Google V8 before 4.9.385.26, as used in Google Chrome before 49.0.2623.75, allow attackers to cause…
CVE-2016-2051 — CVSS 9.8 (critical): Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17, as used in Google Chrome before 48.0.2564.82, allow attackers to cause…
CVE-2026-14121 — CVSS 9.8 (critical): Use after free in Chromoting in Google Chrome on Linux prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via…
CVE-2016-1659 — CVSS 9.8 (critical): Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.75 allow attackers to cause a denial of service or possibly have…
CVE-2010-3416 — CVSS 9.8 (critical): Google Chrome before 6.0.472.59 on Linux does not properly implement the Khmer locale, which allows remote attackers to cause a denial of…
CVE-2025-4052 — CVSS 9.8 (critical): Inappropriate implementation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage…
CVE-2010-3729 — CVSS 9.8 (critical): The SPDY protocol implementation in Google Chrome before 6.0.472.62 does not properly manage buffers, which might allow remote attackers to…
CVE-2019-5866 — CVSS 9.8 (critical): Out of bounds memory access in JavaScript in Google Chrome prior to 75.0.3770.142 allowed a remote attacker to potentially exploit heap…
CVE-2010-4197 — CVSS 9.8 (critical): Use-after-free vulnerability in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows…
CVE-2015-6792 — CVSS 9.8 (critical): The MIDI subsystem in Google Chrome before 47.0.2526.106 does not properly handle the sending of data, which allows remote attackers to…
CVE-2010-4201 — CVSS 9.8 (critical): Use-after-free vulnerability in Google Chrome before 7.0.517.44 allows remote attackers to cause a denial of service or possibly have…
CVE-2026-5902 — CVSS 9.8 (critical): Race in Media in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to…
CVE-2010-4202 — CVSS 9.8 (critical): Multiple integer overflows in Google Chrome before 7.0.517.44 on Linux allow remote attackers to cause a denial of service or possibly have…
CVE-2026-3062 — CVSS 9.8 (critical): Out of bounds read and write in Tint in Google Chrome on Mac prior to 145.0.7632.116 allowed a remote attacker to perform out of bounds…
CVE-2015-6764 — CVSS 9.8 (critical): The BasicJsonStringifier::SerializeJSArray function in json-stringifier.h in the JSON stringifier in Google V8, as used in Google Chrome…
CVE-2010-4039 — CVSS 9.8 (critical): Google Chrome before 7.0.517.41 on Linux does not properly set the PATH environment variable, which has unspecified impact and attack…
CVE-2017-15398 — CVSS 9.8 (critical): A stack buffer overflow in the QUIC networking stack in Google Chrome prior to 62.0.3202.89 allowed a remote attacker to gain code…
CVE-2024-1283 — CVSS 9.8 (critical): Heap buffer overflow in Skia in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via…
CVE-2015-1276 — CVSS 9.8 (critical): Use-after-free vulnerability in content/browser/indexed_db/indexed_db_backing_store.cc in the IndexedDB implementation in Google Chrome…
CVE-2022-0452 — CVSS 9.6 (critical): Use after free in Safe Browsing in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially perform a sandbox escape…
CVE-2026-13798 — CVSS 9.6 (critical): Heap buffer overflow in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer…
CVE-2026-9886 — CVSS 9.6 (critical): Use after free in Base in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape…
CVE-2026-14398 — CVSS 9.6 (critical): Use after free in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a…
CVE-2026-11213 — CVSS 9.6 (critical): Insufficient validation of untrusted input in Reading Mode in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had…
CVE-2020-6509 — CVSS 9.6 (critical): Use after free in extensions in Google Chrome prior to 83.0.4103.116 allowed an attacker who convinced a user to install a malicious…
CVE-2026-11100 — CVSS 9.6 (critical): Use after free in File Input in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in…
CVE-2020-6457 — CVSS 9.6 (critical): Use after free in speech recognizer in Google Chrome prior to 81.0.4044.113 allowed a remote attacker to potentially perform a sandbox…
CVE-2022-0466 — CVSS 9.6 (critical): Inappropriate implementation in Extensions Platform in Google Chrome prior to 98.0.4758.80 allowed an attacker who convinced a user to…
CVE-2026-11207 — CVSS 9.6 (critical): Insufficient validation of untrusted input in Autofill in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially…
CVE-2020-6461 — CVSS 9.6 (critical): Use after free in storage in Google Chrome prior to 81.0.4044.129 allowed a remote attacker who had compromised the renderer process to…
CVE-2020-6462 — CVSS 9.6 (critical): Use after free in task scheduling in Google Chrome prior to 81.0.4044.129 allowed a remote attacker who had compromised the renderer…
CVE-2020-6505 — CVSS 9.6 (critical): Use after free in speech in Google Chrome prior to 83.0.4103.106 allowed a remote attacker to potentially perform a sandbox escape via a…
CVE-2020-6465 — CVSS 9.6 (critical): Use after free in reader mode in Google Chrome on Android prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer…
CVE-2020-6466 — CVSS 9.6 (critical): Use after free in media in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to…
CVE-2026-14411 — CVSS 9.6 (critical): Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially…
CVE-2026-14043 — CVSS 9.6 (critical): Use after free in GetUserMedia in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process…
CVE-2020-6469 — CVSS 9.6 (critical): Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to…
CVE-2020-6471 — CVSS 9.6 (critical): Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to…
CVE-2026-14044 — CVSS 9.6 (critical): Use after free in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to…
CVE-2026-10990 — CVSS 9.6 (critical): Use after free in Glic in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to…
CVE-2026-10983 — CVSS 9.6 (critical): Insufficient validation of untrusted input in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform…
CVE-2026-11095 — CVSS 9.6 (critical): Insufficient validation of untrusted input in Codecs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised…
CVE-2026-9876 — CVSS 9.6 (critical): Use after free in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox…
CVE-2020-6492 — CVSS 9.6 (critical): Use after free in ANGLE in Google Chrome prior to 83.0.4103.97 allowed a remote attacker to potentially perform a sandbox escape via a…
CVE-2022-1309 — CVSS 9.6 (critical): Insufficient policy enforcement in developer tools in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially perform…
CVE-2020-6493 — CVSS 9.6 (critical): Use after free in WebAuthentication in Google Chrome prior to 83.0.4103.97 allowed a remote attacker who had compromised the renderer…
CVE-2022-1312 — CVSS 9.6 (critical): Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed an attacker who convinced a user to install a malicious extension…
CVE-2026-9875 — CVSS 9.6 (critical): Out of bounds read in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox…
CVE-2026-9874 — CVSS 9.6 (critical): Use after free in Dawn in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a…
CVE-2026-14109 — CVSS 9.6 (critical): Insufficient policy enforcement in Mojo in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer…
CVE-2022-0977 — CVSS 9.6 (critical): Use after free in Browser UI in Google Chrome on Chrome OS prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage…
CVE-2026-9918 — CVSS 9.6 (critical): Inappropriate implementation in Tint in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox…
CVE-2026-11066 — CVSS 9.6 (critical): Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially…
CVE-2021-21132 — CVSS 9.6 (critical): Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox…
CVE-2022-0973 — CVSS 9.6 (critical): Use after free in Safe Browsing in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via…
CVE-2026-8511 — CVSS 9.6 (critical): Use after free in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a…
CVE-2026-13854 — CVSS 9.6 (critical): Use after free in Ozone in Google Chrome on Linux prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process…
CVE-2026-10974 — CVSS 9.6 (critical): Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially…
CVE-2026-10972 — CVSS 9.6 (critical): Use after free in Ozone in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape…
CVE-2021-21142 — CVSS 9.6 (critical): Use after free in Payments in Google Chrome on Mac prior to 88.0.4324.146 allowed a remote attacker to potentially perform a sandbox escape…
CVE-2026-10971 — CVSS 9.6 (critical): Insufficient validation of untrusted input in Printing in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had…
CVE-2026-11065 — CVSS 9.6 (critical): Use after free in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to…
CVE-2021-21146 — CVSS 9.6 (critical): Use after free in Navigation in Google Chrome prior to 88.0.4324.146 allowed a remote attacker who had compromised the renderer process to…
CVE-2026-10966 — CVSS 9.6 (critical): Inappropriate implementation in Codecs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox…
CVE-2021-21150 — CVSS 9.6 (critical): Use after free in Downloads in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer…
CVE-2021-21151 — CVSS 9.6 (critical): Use after free in Payments in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially perform a sandbox escape via a…
CVE-2026-11063 — CVSS 9.6 (critical): Insufficient validation of untrusted input in WebNN in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had…
CVE-2021-21154 — CVSS 9.6 (critical): Heap buffer overflow in Tab Strip in Google Chrome prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer…
CVE-2021-21155 — CVSS 9.6 (critical): Heap buffer overflow in Tab Strip in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the…
CVE-2026-8580 — CVSS 9.6 (critical): Use after free in Mojo in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a…
CVE-2026-13859 — CVSS 9.6 (critical): Inappropriate implementation in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially perform a sandbox…
CVE-2026-14095 — CVSS 9.6 (critical): Insufficient policy enforcement in Browser in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the…
CVE-2026-11061 — CVSS 9.6 (critical): Type Confusion in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a…
CVE-2026-14097 — CVSS 9.6 (critical): Inappropriate implementation in WebAppInstalls in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who had compromised…
CVE-2026-11056 — CVSS 9.6 (critical): Insufficient validation of untrusted input in SiteIsolation in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker…
CVE-2026-11052 — CVSS 9.6 (critical): Type Confusion in GPU in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process…
CVE-2026-14101 — CVSS 9.6 (critical): Insufficient policy enforcement in Sandbox in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who had compromised the…
CVE-2022-0790 — CVSS 9.6 (critical): Use after free in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user…