Vulnerabilities in google

5,229 results
CVE-2026-13907MEDIUMInappropriate implementation in iOSWeb in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engaEPSS 0.2%CVE-2026-13894MEDIUMInsufficient policy enforcement in Network in Google Chrome prior to 150.0.7871.47 allowed an attacker in a privileged network position to bEPSS 0.2%CVE-2024-0016MEDIUMIn multiple locations, there is a possible out of bounds read due to a missing bounds check. This could lead to paired device information diEPSS 0.2%CVE-2026-5902CRITICALRace in Media in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to corruEPSS 0.2%CVE-2026-8580CRITICALUse after free in Mojo in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafEPSS 0.2%CVE-2026-11169HIGHInappropriate implementation in XML in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML (UEPSS 0.2%CVE-2026-14381MEDIUMIncorrect security UI in WebAppInstalls in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to perform UI spoofing via a craftEPSS 0.2%CVE-2026-6920CRITICALOut of bounds read in GPU in Google Chrome on Android prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer proEPSS 0.2%CVE-2026-0156MEDIUMIn checkSsrcCollisionOnRcv of RtpSession.cpp, there is a possible memory safety issue due to a missing null check. This could lead to remoteEPSS 0.2%CVE-2026-13881MEDIUMInappropriate implementation in WebAppInstalls in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policEPSS 0.2%CVE-2024-40674MEDIUMIn validateSsid of WifiConfigurationUtil.java, there is a possible way to overflow a system configuration file due to a logic error in the cEPSS 0.2%CVE-2026-9920LOWUninitialized Use in GPU in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer procEPSS 0.2%CVE-2026-14155MEDIUMInsufficient policy enforcement in StorageAccessAPI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin dEPSS 0.2%CVE-2026-14082MEDIUMRace in Storage in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (ChromiEPSS 0.2%CVE-2026-14040HIGHUse after free in BrowserTag in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extensiEPSS 0.2%CVE-2026-2320MEDIUMInappropriate implementation in File input in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage EPSS 0.2%CVE-2025-0084HIGHIn multiple locations, there is a possible out of bounds write due to a use after free. This could lead to remote code execution over BluetoEPSS 0.2%CVE-2026-11069MEDIUMInsufficient validation of untrusted input in Cast in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin pEPSS 0.2%CVE-2026-9943MEDIUMOut of bounds read in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crEPSS 0.2%CVE-2024-32895CRITICALIn BCMFASTPATH of dhd_msgbuf.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation oEPSS 0.2%