The ChromeOS Stable channel is being updated to OS version 16667.47.0 (Browser version 149.0.7827.153) for most ChromeOS devices.
Visit our ChromeOS communities
General: Chromebook Help Community
Beta Specific: ChromeOS Beta Help Community
Report an issue or send feedback on Chrome
Interested in switching channels? Find out how.
Luis Menezes
Google ChromeOS
N/A
High Fixes [LPE] Patchpanel ConnectNamespace PID Gate Bypass Allows CAP_NET_ADMIN Root Netns Operations
Medium Fixes [PSP-376][PowerVR] Resource leak and improper locking in DevmemIntMapPMR error path if remapping with incompatible policy
High Fixes CVE-2026-41157 [PSP-419][PowerVR] OOB Write in CalculateNPOTTwiddleSparsePageMap3D
Android Security fixes can be found here
[$TBD] [517046249] Critical CVE-2026-10902 Use after free in Ozone on 2026-05-27
[$TBD] [516653777] Critical CVE-2026-10899 Use after free in Ozone on 2026-05-26
[$TBD] [516311623] High CVE-2026-10989 Inappropriate implementation in V8 on 2026-05-24
[$TBD] [515465685] High CVE-2026-10988 Use after free in Views on 2026-05-21
[$TBD] [515431687] High CVE-2026-10987 Integer overflow in V8 on 2026-05-21
[$TBD] [514744613] High CVE-2026-10986 Integer overflow in Media on 2026-05-19
[$TBD] [514082801] High CVE-2026-10985 Out of bounds read in Skia on 2026-05-17
[$TBD] [513947609] High CVE-2026-10983 Insufficient validation of untrusted input in Dawn on 2026-05-16
[$TBD] [513946753] Critical CVE-2026-10898 Stack buffer overflow in GPU on 2026-05-16
[$TBD] [513774197] High CVE-2026-10982 Use after free in WebXR on 2026-05-16
[$TBD] [513762354] High CVE-2026-10981 Insufficient validation of untrusted input in Codecs on 2026-05-16
[$TBD] [513713927] High CVE-2026-10980 Insufficient validation of untrusted input in DevTools on 2026-05-15
[$TBD] [513543143] Critical CVE-2026-10897 Out of bounds write in GPU on 2026-05-15
[$TBD] [513468021] High CVE-2026-10979 Out of bounds read in ANGLE on 2026-05-15
[$TBD] [513454018] Critical CVE-2026-10895 Use after free in Ozone on 2026-05-15
[$TBD] [513445101] Critical CVE-2026-10894 Use after free in Printing on 2026-05-14
[$TBD] [513340227] High CVE-2026-10977 Uninitialized Use in Skia on 2026-05-14
[$TBD] [513249847] High CVE-2026-10976 Uninitialized Use in Dawn on 2026-05-14
[$TBD] [513231432] Critical CVE-2026-10893 Use after free in Chromoting on 2026-05-14
[$TBD] [513160681] Critical CVE-2026-10891 Use after free in GFX on 2026-05-14
[$TBD] [513154132] High CVE-2026-10975 Use after free in WebRTC on 2026-05-14
[$TBD] [513136593] Critical CVE-2026-10890 Use after free in Cast on 2026-05-14
[$TBD] [513135862] High CVE-2026-10974 Insufficient validation of untrusted input in ANGLE on sampler-only structs in ESSL 3.00+ on 2026-05-14
[$TBD] [513042859] High CVE-2026-10973 Uninitialized Use in Dawn on ChromeOS/Linux Mali GPUs in WebGPU on 2026-05-13
[$TBD] [513006660] High CVE-2026-10972 Use after free in Ozone on Linux on 2026-05-13
[$TBD] [513003797] Critical CVE-2026-10889 Out of bounds read in ANGLE on 2026-05-13
[$TBD] [512772489] High CVE-2026-10970 Insufficient validation of untrusted input in InterestGroups on 2026-05-13
[$TBD] [511765713] High CVE-2026-10969 Insufficient validation of untrusted input in Extensions on 2026-05-10
[$TBD] [511713779] High CVE-2026-10966 Insufficient validation of untrusted input in Codecs on 2026-05-10
[$TBD] [511290038] High CVE-2026-10965 Integer overflow in DevTools on 2026-05-08
[$TBD] [511228272] High CVE-2026-10964 Integer overflow in V8 on 2026-05-08
[$TBD] [511218177] High CVE-2026-10963 Integer overflow in V8 on 2026-05-08
[$500.0] [508811477] High CVE-2026-10910 Type Confusion in V8 Reported by [Mufeed VH from Winfunc Research (winfunc.com)] on 2026-05-02
[$1000.0] [508092644] High CVE-2026-10909 Use after free in Dawn on 2026-04-30
[$TBD] [507382702] Medium CVE-2026-11213 Insufficient validation of untrusted input in Reading Mode on 2026-04-28
[$TBD] [507258786] High CVE-2026-10960 Uninitialized Use in Codecs on 2026-04-27
[$TBD] [507216833] Medium CVE-2026-11212 Insufficient policy enforcement in DevTools on 2026-04-27
[$8000.0] [506855825] High CVE-2026-10904 Inappropriate implementation in V8 Reported by [[303f06e3]] on 2026-04-27
[$TBD] [506629455] Medium CVE-2026-11211 Integer overflow in V8 on 2026-04-26
[$TBD] [506473226] Medium CVE-2026-11210 Insufficient policy enforcement in Safe Browsing on 2026-04-25
[$TBD] [506392934] Low CVE-2026-11309 Insufficient policy enforcement in History on 2026-04-25
[$TBD] [506391032] Medium CVE-2026-11209 Insufficient policy enforcement in Passwords on 2026-04-25
[$TBD] [506387278] Medium CVE-2026-11208 Use after free in Codecs on 2026-04-25
[$TBD] [506377279] High CVE-2026-10957 Use after free in Glic on 2026-04-25
[$TBD] [506375731] High CVE-2026-10956 Use after free in MimeHandlerView on 2026-04-25
[$TBD] [506150628] High CVE-2026-10954 Use after free in Actor on 2026-04-24
[$TBD] [506127858] Medium CVE-2026-11207 Insufficient validation of untrusted input in Autofill on 2026-04-24
[$TBD] [505945112] Low CVE-2026-11308 Inappropriate implementation in Extensions on 2026-04-23
[$TBD] [505815080] Critical CVE-2026-10888 Use after free in Cast Streaming on 2026-04-23
[$2000.0] [505427216] Medium CVE-2026-11206 Policy bypass in ServiceWorker Reported by [David Bors, Catalin Iovita ] on 2026-04-23
[$2000.0] [505371980] Medium CVE-2026-10995 Heap buffer overflow in TabStrip Reported by [] on 2026-04-22
[$TBD] [505068950] Low CVE-2026-11201 Use after free in ServiceWorker on 2026-04-21
[$TBD] [505096898] Critical CVE-2026-10886 Use after free in FileSystem on 2026-04-21
[$2000.0] [505045913] High CVE-2026-10908 Use after free in FullScreen Reported by [Mihnea Nicolau] on 2026-04-21
[$2000.0] [504820809] Medium CVE-2026-10994 Uninitialized Use in ANGLE Reported by [Mufeed VH from Winfunc Research (winfunc.com)] on 2026-04-21
[$TBD] [504644843] High CVE-2026-10949 Heap buffer overflow in Video on 2026-04-20
[$TBD] [504597736] High CVE-2026-10947 Use after free in WebRTC on 2026-04-20
[$TBD] [504599749] High CVE-2026-10948 Use after free in WebRTC on 2026-04-20
[$TBD] [504587797] High CVE-2026-10946 Heap buffer overflow in Media on 2026-04-20
[$TBD] [504579798] Medium CVE-2026-11200 Inappropriate implementation in WebRTC on 2026-04-20
[$TBD] [504572664] Medium CVE-2026-11199 Insufficient validation of untrusted input in WebRTC on 2026-04-20
[$TBD] [504551617] Low CVE-2026-11307 Use after free in PDFium on 2026-04-20
[$TBD] [504548949] Low CVE-2026-11306 Use after free in PDFium on 2026-04-20
[$TBD] [504545544] Low CVE-2026-11305 Use after free in PDFium on 2026-04-20
[$TBD] [504418475] Low CVE-2026-11304 Use after free in PDFium on 2026-04-19
[$TBD] [504417768] High CVE-2026-10945 Use after free in PDF on 2026-04-19
[$TBD] [504416752] Low CVE-2026-11303 Use after free in PDFium on 2026-04-19
[$TBD] [504395300] Medium CVE-2026-11198 Insufficient validation of untrusted input in Codecs on 2026-04-19
[$TBD] [504194151] High CVE-2026-10943 Heap-UAF in RtpSenderBase::DetachTrackAndGetStopTask during SDP rollback Reported by [] on 2026-04-19
[$TBD] [504180386] Low CVE-2026-11301 Out of bounds read in LiveCaption on 2026-04-18
[$2000.0] [504160794] Medium CVE-2026-10993 Heap buffer overflow in Skia on the default Rust ICC path on 2026-04-18
[$3000.0] [504073872] Medium CVE-2026-11197 SharedWorker same-origin check bypass for chrome-extension:// — DedicatedWorker hardening (8bde565) not applied to sibling SharedWorker path Reported by [*VEZEKA*] on 2026-04-18
[$TBD] [503958940] High CVE-2026-10941 Out of bounds memory access in Skia on 2026-04-17
[$TBD] [503879106] Medium CVE-2026-11196 Type Confusion in XML on 2026-04-17
[$TBD] [503865896] Medium CVE-2026-11195 Inappropriate implementation in MHTML on 2026-04-17
[$5000.0] [503768143] Critical CVE-2026-10883 Out of bounds write in ANGLE on 2026-04-17
[$TBD] [503719488] Medium CVE-2026-11194 Inappropriate implementation in Network on 2026-04-17
[$3000.0] [503553614] Medium CVE-2026-10991 Use after free in V8 Reported by [Alisa Esage (@alisaesage) ] on 2026-04-17
[$TBD] [503642586] Medium CVE-2026-11193 Insufficient policy enforcement in Password Manager on 2026-04-17
[$TBD] [503617302] Critical CVE-2026-10884 Use after free in Chromecast on 2026-04-17
[$TBD] [503614310] Low CVE-2026-11300 Inappropriate implementation in Permissions on 2026-04-17
[$11000.0] [503422316] High CVE-2026-10903 Use after free in WebRTC on 2026-04-17
[$43000.0] [503420443] Critical CVE-2026-10882 Use after free in Network on 2026-04-16
[$3000.0] [503420438] High CVE-2026-10906 Use after free in WebAuthentication Reported by [] on 2026-04-16
[$TBD] [503502607] High CVE-2026-10939 Use after free in WebRTC on 2026-04-16
[$TBD] [503490678] Medium CVE-2026-11192 Insufficient validation of untrusted input in Password Manager on 2026-04-16
[$TBD] [503392431] Medium CVE-2026-11191 Out of bounds memory access in ANGLE on 2026-04-16
[$TBD] [503375371] Medium CVE-2026-11190 Insufficient policy enforcement in Extensions on 2026-04-16
[$500.0] [503346647] Low CVE-2026-11225 I identified that the Chrome browser’s Reading List feature introduces an origin confusion issue by reordering domain names. This behavior can mislead users about the true origin of a website. on 2026-04-16
[$TBD] [503197481] Medium CVE-2026-11189 Insufficient validation of untrusted input in DevTools Reported by [lebr0nli of National Yang Ming Chiao Tung University, Dept. of CS, Security and Systems Lab.] on 2026-04-16
[$TBD] [502819675] Medium CVE-2026-11187 Insufficient policy enforcement in Glic on 2026-04-15
[$TBD] [502805170] Medium CVE-2026-11186 Inappropriate implementation in CSS on 2026-04-15
[$TBD] [502784366] Medium CVE-2026-11185 Use after free in V8 on 2026-04-14
[$TBD] [502777516] Medium CVE-2026-11184 Insufficient policy enforcement in Actor on 2026-04-14
[$TBD] [502681591] High CVE-2026-10938 Insufficient validation of untrusted input in Input on 2026-04-14
[$TBD] [502651056] High CVE-2026-10937 Inappropriate implementation in Passwords on 2026-04-14
[$TBD] [502651014] Medium CVE-2026-11182 Inappropriate implementation in SVG on 2026-04-14
[$TBD] [502633299] Medium CVE-2026-11181 Inappropriate implementation in Media Session on 2026-04-14
[$TBD] [502631225] Medium CVE-2026-11180 Policy bypass in SVG on 2026-04-14
[$TBD] [502615170] Medium CVE-2026-11179 Inappropriate implementation in ORB on duplicate X-Content-Type-Options headers leaking JSON arrays on 2026-04-14
[$TBD] [502598424] Low CVE-2026-11299 Out of bounds read in Fonts on 32-bit via integer wraparound in Buffer::ReadU8 bounds check with crafted TTC font offset. on 2026-04-14
[$TBD] [502449864] Medium CVE-2026-11177 Use after free in Omnibox Reported by [gevakun] on 2026-04-14
[$500.0] [502461760] Low CVE-2026-11224 Use after free in Chromoting Reported by [David Bors, Catalin Iovita] on 2026-04-14
[$TBD] [502493950] Low CVE-2026-11296 Inappropriate implementation in ImageCapture on 2026-04-14
[$TBD] [502439789] High CVE-2026-10936 Type Confusion in V8 on 2026-04-14
[$TBD] [502403953] Low CVE-2026-11294 Inappropriate implementation in Passwords on 2026-04-13
[$TBD] [502371717] Medium CVE-2026-11176 Inappropriate implementation in Media on 2026-04-13
[$TBD] [502358901] Low CVE-2026-11292 Policy bypass in Blink on 2026-04-13
[$TBD] [502348223] Medium CVE-2026-11174 Insufficient policy enforcement in Site Isolation on 2026-04-13
[$TBD] [502337304] Medium CVE-2026-11173 Out of bounds write in V8 on 2026-04-13
[$TBD] [502322596] Medium CVE-2026-11170 Inappropriate implementation in Chromoting on 2026-04-13
[$TBD] [502322843] Medium CVE-2026-11171 Integer overflow in Blink on 2026-04-13
[$TBD] [502285273] Medium CVE-2026-11169 Inappropriate implementation in XML on 2026-04-13
[$TBD] [502256049] Medium CVE-2026-11168 Insufficient policy enforcement in Extensions on 2026-04-13
[$TBD] [502239897] Low CVE-2026-11289 Side-channel information leakage in Paint on 2026-04-13
[$TBD] [502231588] Low CVE-2026-11288 Policy bypass in CSS on 2026-04-13
[$TBD] [502118936] Medium CVE-2026-11166 Inappropriate implementation in SVG on 2026-04-13
[$TBD] [502110170] Low CVE-2026-11286 Insufficient validation of untrusted input in Wallet on 2026-04-13
[$TBD] [502089411] Medium CVE-2026-11164 Use after free in Blink on 2026-04-13
[$TBD] [502073069] Low CVE-2026-11284 Side-channel information leakage in PerformanceAPIs on 2026-04-13
[$TBD] [502035074] Medium CVE-2026-11162 Insufficient policy enforcement in CSS on 2026-04-12
[$TBD] [502023400] Low CVE-2026-11282 Policy bypass in Sandbox on 2026-04-12
[$TBD] [501920294] Medium CVE-2026-11161 Insufficient data validation in DataTransfer on 2026-04-12
[$TBD] [501898683] High CVE-2026-10935 Inappropriate implementation in V8 on 2026-04-12
[$TBD] [501878477] Low CVE-2026-11279 Out of bounds read in DevTools on 2026-04-12
[$TBD] [501862016] Medium CVE-2026-11160 Out of bounds read in Input on 2026-04-12
[$TBD] [501861921] Medium CVE-2026-11159 Uninitialized Use in Skia on 2026-04-12
[$TBD] [501823385] Medium CVE-2026-11157 Script injection in Accessibility on 2026-04-11
[$TBD] [501810226] Medium CVE-2026-11156 Inappropriate implementation in CSS on 2026-04-11
[$TBD] [501801823] Medium CVE-2026-11155 Insufficient policy enforcement in CSS on registered custom properties on 2026-04-11
[$TBD] [501789156] Medium CVE-2026-11154 Use after free in Dawn on 2026-04-11
[$TBD] [501780338] Low CVE-2026-11276 Inappropriate implementation in Cast on 2026-04-11
[$TBD] [501779840] Medium CVE-2026-11153 Side-channel information leakage in Forms on 2026-04-11
[$TBD] [501762953] Medium CVE-2026-11152 Object lifecycle issue in Dawn on 2026-04-11
[$TBD] [501757688] Low CVE-2026-11273 Insufficient validation of untrusted input in Omnibox on 2026-04-11
[$TBD] [501740323] Medium CVE-2026-11151 Insufficient validation of untrusted input in Password Manager on 2026-04-11
[$TBD] [501740299] Medium CVE-2026-11150 Inappropriate implementation in XML on 2026-04-11
[$TBD] [501739206] Medium CVE-2026-11149 Insufficient validation of untrusted input in Extensions on 2026-04-11
[$TBD] [501709220] Medium CVE-2026-11146 Insufficient validation of untrusted input in Chromoting on 2026-04-11
[$TBD] [501685207] Low CVE-2026-11271 Incorrect security UI in Passwords on 2026-04-11
[$TBD] [501676175] Medium CVE-2026-11144 Use after free in Media on 2026-04-11
[$TBD] [501674219] Medium CVE-2026-11143 Heap buffer overflow in Extensions on 2026-04-11
[$TBD] [501668745] Medium CVE-2026-11142 Policy bypass in Paint on 2026-04-11
[$TBD] [501667839] Medium CVE-2026-11141 Uninitialized Use in Audio on 2026-04-11
[$TBD] [501659253] Medium CVE-2026-11140 Insufficient validation of untrusted input in Chromecast on 2026-04-11
[$TBD] [501650594] Medium CVE-2026-11139 Policy bypass in Paint on 2026-04-11
[$TBD] [501650354] Medium CVE-2026-11138 Uninitialized Use in ANGLE on 2026-04-11
[$TBD] [501647943] Medium CVE-2026-11137 Uninitialized Use in ANGLE on 2026-04-11
[$7000.0] [501646327] High CVE-CVE-2026-11136 Use after free in Canvas on 2026-04-11
[$TBD] [501644835] Medium CVE-2026-11135 Insufficient policy enforcement in Autofill on 2026-04-11
[$TBD] [501640084] Medium CVE-2026-11134 Insufficient data validation in Media on 2026-04-11
[$TBD] [501606085] Medium CVE-2026-11133 Insufficient policy enforcement in Paint on 2026-04-10
[$TBD] [501597365] Medium CVE-2026-11132 Policy bypass in Paint on 2026-04-10
[$TBD] [501546443] Medium CVE-2026-11130 Use after free in Media on 2026-04-10
[$TBD] [501541962] Medium CVE-2026-11129 Inappropriate implementation in Extensions on 2026-04-10
[$TBD] [501528031] Medium CVE-2026-11126 Insufficient validation of untrusted input in DevTools on 2026-04-10
[$TBD] [501517520] Medium CVE-2026-11125 Use after free in Compositing on 2026-04-10
[$TBD] [501511299] Medium CVE-2026-11124 Heap buffer overflow in Skia on 2026-04-10
[$TBD] [501505198] Medium CVE-2026-11123 Uninitialized Use in ANGLE on 2026-04-10
[$TBD] [501485453] Medium CVE-2026-11122 Inappropriate implementation in Keyboard on 2026-04-10
[$TBD] [501483855] Medium CVE-2026-11121 Insufficient validation of untrusted input in Skia on 2026-04-10
[$TBD] [501467566] Medium CVE-2026-11120 Insufficient validation of untrusted input in Enterprise Reporting on 2026-04-10
[$TBD] [501424047] Medium CVE-2026-11118 Use after free in WebRTC on 2026-04-10
[$TBD] [501376612] Medium CVE-2026-11116 Use after free in Chromoting on 2026-04-10
[$10000.0] [501115599] High CVE-2026-10931 Use after free in FileSystem Reported by [asjidkalam] on 2026-04-09
[$TBD] [500560764] Medium CVE-2026-11113 Insufficient validation of untrusted input in ANGLE on 2026-04-07
[$TBD] [500551122] Low CVE-2026-11269 Inappropriate implementation in Extensions on 2026-04-07
[$TBD] [500541413] Medium CVE-2026-11112 Insufficient validation of untrusted input in Chromoting on 2026-04-07
[$TBD] [500530720] Medium CVE-2026-11111 Out of bounds read in ANGLE on 2026-04-07
[$TBD] [500528864] Medium CVE-2026-11110 Uninitialized Use in ANGLE on 2026-04-07
[$TBD] [500528267] Low CVE-2026-11267 Insufficient policy enforcement in Extensions on 2026-04-07
[$TBD] [500524833] Medium CVE-2026-11109 Uninitialized Use in ANGLE on 2026-04-07
[$TBD] [500521311] Low CVE-2026-11266 Policy bypass in SafeBrowsing on 2026-04-07
[$TBD] [500510384] Medium CVE-2026-11107 Inappropriate implementation in Downloads on 2026-04-07
[$TBD] [500508725] Medium CVE-2026-11106 Inappropriate implementation in Media on 2026-04-07
[$TBD] [500505339] Medium CVE-2026-11105 Insufficient validation of untrusted input in WebUI on 2026-04-07
[$TBD] [500501226] Medium CVE-2026-11104 Uninitialized Use in ANGLE on 2026-04-07
[$TBD] [500468338] Medium CVE-2026-11102 Inappropriate implementation in Isolated Web Apps on 2026-04-07
[$TBD] [500414865] Medium CVE-2026-11099 Vulnerability in Skia on 2026-04-07
[$TBD] [500315455] Medium CVE-2026-11098 Insufficient validation of untrusted input in GPU on 2026-04-07
[$TBD] [500296311] Medium CVE-2026-11096 Out of bounds read in WebRTC on 2026-04-07
[$TBD] [500293394] Medium CVE-2026-11095 Insufficient validation of untrusted input in Codecs on 2026-04-07
[$TBD] [500262869] Low CVE-2026-11265 Insufficient data validation in Autofill on 2026-04-07
[$TBD] [500172365] Medium CVE-2026-11093 Insufficient validation of untrusted input in Printing on 2026-04-06
[$TBD] [500170887] Medium CVE-2026-11092 Insufficient policy enforcement in DevTools on restricted hosts on 2026-04-06
[$TBD] [500162791] Medium CVE-2026-11091 Inappropriate implementation in Dawn on 2026-04-06
[$TBD] [500161302] Medium CVE-2026-11090 Uninitialized Use in ANGLE on 2026-04-06
[$TBD] [500154880] Medium CVE-2026-11089 Uninitialized Use in Media on Odd Dimensions on 2026-04-06
[$TBD] [500144879] Medium CVE-2026-11088 Integer overflow in ANGLE on 2026-04-06
[$TBD] [500140111] Medium CVE-2026-11086 Insufficient validation of untrusted input in Dawn on 2026-04-06
[$TBD] [500140149] Medium CVE-2026-11087 Uninitialized Use in ANGLE on 2026-04-06
[$TBD] [500132379] Medium CVE-2026-11085 Integer overflow in GPU on 2026-04-06
[$TBD] [500124500] Medium CVE-2026-11084 Inappropriate implementation in Password Manager on 2026-04-06
[$TBD] [500124367] High CVE-2026-10928 Script injection in Headless on 2026-04-06
[$TBD] [500099106] Low CVE-2026-11264 Policy bypass in Content Security Policy on 2026-04-06
[$TBD] [500095743] Medium CVE-2026-11083 Inappropriate implementation in Password Manager on 2026-04-06
[$TBD] [500076131] Medium CVE-2026-11081 Policy bypass in Canvas on 2026-04-06
[$TBD] [500075522] High CVE-2026-10926 Use after free in Cast on 2026-04-06
[$TBD] [500055357] High CVE-2026-10924 Integer overflow in Chromecast on 2026-04-06
[$TBD] [500028989] Medium CVE-2026-11079 Insufficient validation of untrusted input in Codecs on 2026-04-06
[$3000.0] [499659070] Medium CVE-2026-11075 Out of bounds read in V8 Reported by [Junyoung Park(@candymate) of KAIST Hacking Lab] on 2026-04-06
[$TBD] [499784386] Medium CVE-2026-11076 Type Confusion in CSS on 2026-04-05
[$4000.0] [499587071] Medium CVE-2026-11074 Use after free in WebRTC on Wayland KDE (Slack screen share) on 2026-04-05
[$TBD] [499386363] Low CVE-2026-11262 Use after free in TabStrip on 2026-04-03
[$TBD] [499365904] Medium CVE-2026-11073 Use after free in WebGL on 2026-04-03
[$TBD] [499262832] Low CVE-2026-11261 Insufficient validation of untrusted input in PDF on 2026-04-03
[$TBD] [499257860] Low CVE-2026-11260 Policy bypass in Permissions on 2026-04-03
[$TBD] [499227659] Medium CVE-2026-11071 Use after free in Base on 2026-04-03
[$TBD] [499215943] Low CVE-2026-11259 Insufficient validation of untrusted input in Cast on 2026-04-03
[$TBD] [499213367] Medium CVE-2026-11069 Insufficient validation of untrusted input in Cast on 2026-04-03
[$TBD] [499194333] Medium CVE-2026-11068 Use after free in WebSockets on 2026-04-03
[$TBD] [499164652] High CVE-2026-10922 Insufficient validation of untrusted input in DevTools on 2026-04-02
[$TBD] [499159695] High CVE-2026-10921 Integer overflow in Dawn on 2026-04-02
[$TBD] [499140183] Medium CVE-2026-11067 Uninitialized Use in Dawn on 2026-04-02
[$TBD] [499124128] Medium CVE-2026-11066 Insufficient validation of untrusted input in ANGLE on 2026-04-02
[$TBD] [499078161] Low CVE-2026-11258 Inappropriate implementation in File System Access on 2026-04-02
[$TBD] [499051898] Low CVE-2026-11257 Inappropriate implementation in Browser on 2026-04-02
[$TBD] [499033012] Medium CVE-2026-11062 Insufficient policy enforcement in Extensions on 2026-04-02
[$TBD] [499031961] Medium CVE-2026-11061 Out of bounds read in ANGLE on 2026-04-02
[$TBD] [498991983] Medium CVE-2026-11059 Use after free in Blink on 2026-04-02
[$TBD] [498951946] Medium CVE-2026-11057 Uninitialized Use in Skia on 2026-04-02
[$97000.0] [498904293] Critical CVE-2026-10881 Out of bounds read and write in ANGLE Reported by [Anonymous] on 2026-04-02
[$2000.0] [498828605] Medium CVE-2026-11051 Out of bounds read in ANGLE on 2026-04-02
[$TBD] [498872764] High CVE-2026-10919 Use after free in ANGLE on 2026-04-02
[$TBD] [498856565] Low CVE-2026-11256 Out of bounds read in GPU on 2026-04-02
[$TBD] [498845284] Medium CVE-2026-11054 Use after free in WebRTC on 2026-04-02
[$TBD] [498841456] Medium CVE-2026-11053 VULNERABILITY in WebRTC on 2026-04-02
[$TBD] [498834967] Medium CVE-2026-11052 Type Confusion in GPU on 2026-04-01
[$TBD] [498818402] Medium CVE-2026-11050 Use after free in V8 on 2026-04-01
[$TBD] [498815068] Medium CVE-2026-11049 Use after free in Password Manager on 2026-04-01
[$TBD] [498808432] Medium CVE-2026-11048 Inappropriate implementation in Extensions on 2026-04-01
[$TBD] [498728857] Medium CVE-2026-11046 Insufficient validation of untrusted input in Media on 2026-04-01
[$TBD] [498720094] Medium CVE-2026-11042 Use after free in Views on 2026-04-01
[$TBD] [498417152] Low CVE-2026-11255 Insufficient validation of untrusted input in Storage Access API on 2026-03-31
[$TBD] [498405554] Low CVE-2026-11254 Inappropriate implementation in Permissions on 2026-03-31
[$TBD] [498397912] Low CVE-2026-11253 Race in Permissions on 2026-03-31
[$TBD] [498373018] Low CVE-2026-11252 Policy bypass in Content Settings on 2026-03-31
[$TBD] [498371085] Medium CVE-2026-11040 Use after free in ANGLE on 2026-03-31
[$TBD] [498301853] Low CVE-2026-11251 Insufficient validation of untrusted input in Password Manager on 2026-03-31
[$TBD] [498281224] Low CVE-2026-11250 Inappropriate implementation in DevTools on 2026-03-31
[$TBD] [498259721] High CVE-2026-10918 Use after free in Viz on 2026-03-31
[$TBD] [498204112] Medium CVE-2026-11039 Uninitialized Use in Skia on 2026-03-31
[$TBD] [498080391] Medium CVE-2026-11038 Insufficient validation of untrusted input in Subresource Integrity on 2026-03-31
[$TBD] [497989379] Low CVE-2026-11249 Use after free in Network on 2026-03-30
[$TBD] [497971287] Medium CVE-2026-11037 Out of bounds write in Codecs on 2026-03-30
[$TBD] [497964917] Medium CVE-2026-11036 Inappropriate implementation in DOM on 2026-03-30
[$TBD] [497946941] Low CVE-2026-11248 Policy bypass in Google Lens on 2026-03-30
[$TBD] [497929481] High CVE-2026-10917 Insufficient validation of untrusted input in Media on 2026-03-30
[$TBD] [497831111] Medium CVE-2026-11032 Insufficient data validation in Password Manager on 2026-03-30
[$TBD] [497748760] Medium CVE-2026-11031 Insufficient validation of untrusted input in Password Manager on 2026-03-30
[$TBD] [497722502] Medium CVE-2026-11030 Use after free in Network on 2026-03-30
[$TBD] [497660733] Low CVE-2026-11246 Insufficient validation of untrusted input in IndexedDB on 2026-03-29
[$TBD] [497643690] High CVE-2026-10916 Insufficient validation of untrusted input in DevTools on 2026-03-29
[$TBD] [497627277] Medium CVE-2026-11028 Use after free in Media on 2026-03-29
[$TBD] [497610654] Low CVE-2026-11245 Inappropriate implementation in Payments on 2026-03-29
[$TBD] [497609145] Low CVE-2026-11244 Insufficient validation of untrusted input in WebAuthentication on 2026-03-29
[$TBD] [497604407] Medium CVE-2026-11027 Insufficient validation of untrusted input in Glic on 2026-03-29
[$TBD] [497599683] Medium CVE-2026-11026 Insufficient policy enforcement in Extensions on 2026-03-29
[$TBD] [497595264] Medium CVE-2026-11025 Insufficient policy enforcement in Navigation on 2026-03-29
[$TBD] [497591594] Medium CVE-2026-11024 Stack buffer overflow in Skia on 2026-03-29
[$TBD] [497538899] Medium CVE-2026-11023 Insufficient validation of untrusted input in WebAppInstalls on 2026-03-29
[$TBD] [497532918] Medium CVE-2026-11022 Insufficient validation of untrusted input in DevTools on 2026-03-29
[$TBD] [497440270] Medium CVE-2026-11020 Inappropriate implementation in Extensions on 2026-03-29
[$TBD] [497394061] Low CVE-2026-11243 Incorrect security UI in Downloads on 2026-03-29
[$TBD] [497385823] Low CVE-2026-11242 Insufficient validation of untrusted input in Plugins on 2026-03-29
[$TBD] [497342466] Medium CVE-2026-11018 Insufficient policy enforcement in Actor on 2026-03-28
[$TBD] [497336872] Medium CVE-2026-11017 Inappropriate implementation in Link Preview on 2026-03-28
[$TBD] [497183443] Medium CVE-2026-11015 Out of bounds read in WebGPU on 2026-03-28
[$TBD] [497278395] Medium CVE-2026-11016 Insufficient validation of untrusted input in Network on 2026-03-28
[$TBD] [497203741] Low CVE-2026-11241 Insufficient validation of untrusted input in Cast on 2026-03-28
[$TBD] [497058611] Medium CVE-2026-11014 Insufficient policy enforcement in Extensions on 2026-03-27
[$TBD] [497056412] Medium CVE-2026-11013 Insufficient validation of untrusted input in Network on 2026-03-27
[$TBD] [497030032] Low CVE-2026-11240 Insufficient validation of untrusted input in Loader on 2026-03-27
[$TBD] [497025738] Low CVE-2026-11239 Insufficient validation of untrusted input in Extensions on 2026-03-27
[$TBD] [496705691] Low CVE-2026-11238 Inappropriate implementation in DevTools on 2026-03-26
[$TBD] [496702621] Medium CVE-2026-11011 Insufficient policy enforcement in Password Manager on 2026-03-26
[$TBD] [496617698] Low CVE-2026-11237 Insufficient validation of untrusted input in Media on 2026-03-26
[$TBD] [496614553] High CVE-2026-10912 Insufficient validation of untrusted input in Extensions on 2026-03-26
[$TBD] [496427030] Low CVE-2026-11236 Insufficient policy enforcement in Web Bluetooth on 2026-03-26
[$TBD] [496419374] Low CVE-2026-11235 Insufficient validation of untrusted input in Compositing on 2026-03-26
[$TBD] [496095145] Low CVE-2026-11234 Insufficient policy enforcement in FoldableAPIs on 2026-03-25
[$TBD] [496088449] Low CVE-2026-11233 Insufficient validation of untrusted input in FoldableAPIs on 2026-03-25
[$TBD] [495981782] Low CVE-2026-11232 Inappropriate implementation in TabGroups on 2026-03-24
[$TBD] [495864099] Medium CVE-2026-11008 Insufficient validation of untrusted input in WebAppInstalls on 2026-03-24
[$TBD] [495819067] High CVE-2026-10911 Insufficient validation of untrusted input in Media on 2026-03-24
[$TBD] [495489174] Medium CVE-2026-11006 Out of bounds read in Dawn on 2026-03-23
[$TBD] [494823889] Medium CVE-2026-11004 Out of bounds read in ANGLE on 2026-03-22
[$1000.0] [494800494] Low CVE-2026-11223 Insufficient validation of untrusted input in Network on 2026-03-21
[$TBD] [494740162] Medium CVE-2026-11002 Use after free in Autofill on 2026-03-21
[$TBD] [493691489] Medium CVE-2026-11001 Incorrect security UI in Payments on 2026-03-17
[$2000.0] [493534964] Medium CVE-2026-10992 Insufficient data validation in Animation Reported by [heapracer] on 2026-03-17
[$TBD] [493225428] Low CVE-2026-11230 Use after free in Extensions on 2026-03-16
[$TBD] [492374380] Medium CVE-2026-11000 Use after free in Fonts on 2026-03-13
[$2000.0] [489071023] High CVE-2026-10907 Out of bounds write in ANGLE on 2026-03-02
[$5000.0] [487357841] High CVE-2026-10905 Use after free in Network on Android) on 2026-02-25
[$3000.0] [487564032] Low CVE-2026-11217 Insufficient policy enforcement in Fenced Frames on 2026-02-25
[$2000.0] [487300831] Low CVE-2026-11220 Insufficient validation of untrusted input in Navigation on 2026-02-24
[$TBD] [486536242] Medium CVE-2026-10998 Out of bounds read in Media Reported by [] on 2026-02-22
[$TBD] [482713603] Low CVE-2026-11229 Insufficient policy enforcement in Enterprise on 2026-02-07
[$3000.0] [474583539] Low CVE-2026-11216 Incorrect security UI in File Input Reported by [] on 2026-01-10
[$2000.0] [464217867] Medium CVE-2026-10997 Insufficient policy enforcement in Extensions on 2025-11-28
[$1000.0] [458442542] Low CVE-2026-11222 Popup window tab doesn't show the origin correctly on 2025-11-06
[$TBD] [448421954] Low CVE-2026-11227 Incorrect security UI in Tab Hover Cards on 2025-09-30
[$TBD] [40051700] Low CVE-2026-10996 Inappropriate implementation in Workers on 2020-03-05
[$TBD] [518105731] High CVE-2026-11697 Insufficient validation of untrusted input in UI on 2026-05-29
[$TBD] [518043597] Critical CVE-2026-11644 Use after free in Views on Linux/X11 on 2026-05-29
[$TBD] [518006379] Critical CVE-2026-11643 Use after free in Proxy on 2026-05-29
[$TBD] [517762104] High CVE-2026-11695 Inappropriate implementation in Passwords on 2026-05-28
[$TBD] [517705966] High CVE-2026-11694 Use after free in ServiceWorker on 2026-05-28
[$TBD] [517678820] Critical CVE-2026-11642 Use after free in Web Apps on 2026-05-28
[$TBD] [517644287] High CVE-2026-11693 Inappropriate implementation in Plugins on 2026-05-28
[$TBD] [517607902] High CVE-2026-11692 Use after free in Read Anything on 2026-05-28
[$TBD] [517585486] High CVE-2026-11691 Insufficient validation of untrusted input in New Tab Page on 2026-05-28
[$TBD] [517486004] High CVE-2026-11689 Insufficient validation of untrusted input in Passwords on 2026-05-28
[$TBD] [517339758] Critical CVE-2026-11640 Integer overflow in libyuv on 2026-05-27
[$TBD] [517309206] High CVE-2026-11688 Object lifecycle issue in SVG on 2026-05-27
[$500.0] [517168239] High CVE-2026-11646 Use after free in ViewTransitions on 2026-05-27
[$TBD] [517130229] High CVE-2026-11684 Insufficient policy enforcement in Network on 2026-05-27
[$TBD] [517129549] High CVE-2026-11683 Use after free in WebCodecs on 2026-05-27
[$TBD] [517103584] High CVE-2026-11682 Insufficient validation of untrusted input in Views on 2026-05-27
[$TBD] [517050585] High CVE-2026-11681 Use after free in Ozone on 2026-05-27
[$TBD] [517047197] Critical CVE-2026-11638 Use after free in Printing on 2026-05-27
[$TBD] [516986556] High CVE-2026-11678 Integer overflow in libyuv on 2026-05-26
[$TBD] [516949298] High CVE-2026-11676 Insufficient validation of untrusted input in Dawn on 2026-05-26
[$TBD] [516915337] High CVE-2026-11675 Insufficient validation of untrusted input in Skia on 2026-05-26
[$TBD] [516910450] High CVE-2026-11674 Use after free in Guest View on 2026-05-26
[$TBD] [516902973] High CVE-2026-11673 Use after free in InterestGroups on 2026-05-26
[$TBD] [516794471] High CVE-2026-11672 Out of bounds write in GPU on 2026-05-26
[$TBD] [516707881] Critical CVE-2026-11632 Use after free in TabStrip on 2026-05-26
[$TBD] [516677924] Critical CVE-2026-11630 Use after free in File Input on 2026-05-26
[$TBD] [516674532] Critical CVE-2026-11629 Use after free in Ozone on 2026-05-26
[$TBD] [516608438] High CVE-2026-11671 Use after free in Navigation on 2026-05-25
[$TBD] [516501794] Critical CVE-2026-11628 Use after free in Ozone on 2026-05-25
[$TBD] [516413817] Medium CVE-2026-11701 Insufficient validation of untrusted input in Guest View on 2026-05-25
[$TBD] [515469283] High CVE-2026-11670 Use after free in PDF on 2026-05-21
[$TBD] [515429352] High CVE-2026-11669 Integer overflow in Media on ChromeOS on 2026-05-21
[$TBD] [515419790] High CVE-2026-11668 Uninitialized Use in Codecs on 2026-05-21
[$TBD] [514671098] High CVE-2026-11667 Out of bounds read in WebRTC on 2026-05-19
[$TBD] [514009323] High CVE-2026-11666 Insufficient validation of untrusted input in Input on 2026-05-17
[$TBD] [513830374] High CVE-2026-11664 Use after free in Payments on 2026-05-16
[$TBD] [513820666] High CVE-2026-11663 Use after free in Skia on 2026-05-16
[$TBD] [513773313] High CVE-2026-11662 Type Confusion in Bindings on 2026-05-16
[$TBD] [513731890] High CVE-2026-11660 Insufficient validation of untrusted input in New Tab Page on 2026-05-15
[$TBD] [513702971] High CVE-2026-11659 Insufficient validation of untrusted input in UI on 2026-05-15
[$TBD] [513564337] High CVE-2026-11658 Insufficient validation of untrusted input in Extensions on 2026-05-15
[$TBD] [513424000] High CVE-2026-11656 Use after free in ServiceWorker on 2026-05-14
[$TBD] [513321171] High CVE-2026-11653 Insufficient validation of untrusted input in Extensions on 2026-05-14
[$TBD] [513156160] High CVE-2026-11652 Use after free in Extensions on 2026-05-14
[$TBD] [511736002] High CVE-2026-11651 Use after free in Network on 2026-05-10
[$TBD] [511732085] Medium CVE-2026-11700 Use after free in Tracing on 2026-05-10
[$TBD] [511279942] High CVE-2026-11650 Use after free in V8 on 2026-05-08
[$TBD] [511270083] High CVE-2026-11649 Use after free in V8 on 2026-05-08
[$55000.0] [506689381] High CVE-2026-11645 Out of bounds memory access in V8 Reported by [[303f06e3]] on 2026-04-26
[$TBD] [519258799] High CVE-2026-12034 Insufficient validation of untrusted input on 2026-06-02
[$TBD] [519248779] High CVE-2026-12033 Out of bounds read on 2026-06-02
[$TBD] [517517155] High CVE-2026-12027 Insufficient policy enforcement on 2026-05-28
[$TBD] [517347084] High CVE-2026-12026 Out of bounds read on 2026-05-27
[$TBD] [517153191] High CVE-2026-12025 Insufficient validation of untrusted input on 2026-05-27
[$TBD] [517086161] High CVE-2026-12024 Insufficient policy enforcement on 2026-05-27
[$TBD] [517018374] High CVE-2026-12023 Use after free on 2026-05-27
[$TBD] [516942828] Critical CVE-2026-12008 Use after free on 2026-05-26
[$TBD] [516872067] High CVE-2026-12019 Out of bounds write on 2026-05-26
[$TBD] [516797143] High CVE-2026-12017 Insufficient validation of untrusted input on subframe error pages on 2026-05-26
[$TBD] [516482138] High CVE-2026-12016 Insufficient validation of untrusted input on 2026-05-25
[$TBD] [515463295] High CVE-2026-12015 Use after free on 2026-05-21
[$TBD] [514742747] High CVE-2026-12014 Use after free on 2026-05-19
[$TBD] [499182801] High CVE-2026-12012 Use after free on 2026-04-03