Aggregates CVE and security vulnerability intelligence across all Google — Chrome, Android & Chromium Security Issues-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues involve various input-handling and memory-safety problems that may affect software stability and security.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-12035 | Use after free in Views in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | [email protected] | 8.8 | 0.19% | 2026-06-11 | 2026-06-12 |
| CVE-2026-12034 | Insufficient validation of untrusted input in Linux Toolkit Theming in Google Chrome on Linux prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High) | [email protected] | 8.3 | 0.17% | 2026-06-11 | 2026-06-12 |
| CVE-2026-12033 | Out of bounds read in VideoCapture in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the GPU process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High) | [email protected] | 5.3 | 0.17% | 2026-06-11 | 2026-06-12 |
| CVE-2026-12032 | Inappropriate implementation in Passwords in Google Chrome on Android prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High) | [email protected] | 3.1 | 0.13% | 2026-06-11 | 2026-06-12 |
| CVE-2026-12031 | Inappropriate implementation in Views in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | [email protected] | 8.3 | 0.17% | 2026-06-11 | 2026-06-12 |
| CVE-2026-12030 | Out of bounds write in GPU in Google Chrome on Android prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | [email protected] | 8.3 | 0.17% | 2026-06-11 | 2026-06-12 |
| CVE-2026-12029 | Use after free in Video in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | [email protected] | 8.3 | 0.17% | 2026-06-11 | 2026-06-12 |
| CVE-2026-12028 | Use after free in GPU in Google Chrome on Android prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | [email protected] | 8.3 | 0.21% | 2026-06-11 | 2026-06-12 |
| CVE-2026-12027 | Inappropriate implementation in Headless in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | [email protected] | 9.6 | 0.22% | 2026-06-11 | 2026-06-13 |
| CVE-2026-12026 | Out of bounds read in Video in Google Chrome on ChromeOS prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High) | [email protected] | 6.5 | 0.17% | 2026-06-11 | 2026-06-15 |
| CVE-2026-12025 | Insufficient validation of untrusted input in Network in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) | [email protected] | 5.3 | 0.22% | 2026-06-11 | 2026-06-12 |
| CVE-2026-12024 | Insufficient policy enforcement in DevTools in Google Chrome prior to 149.0.7827.115 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: High) | [email protected] | 6.5 | 0.16% | 2026-06-11 | 2026-06-13 |
| CVE-2026-12023 | Use after free in GPU in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | [email protected] | 8.3 | 0.21% | 2026-06-11 | 2026-06-12 |
| CVE-2026-12022 | Race in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High) | [email protected] | 8.3 | 0.06% | 2026-06-11 | 2026-06-13 |
| CVE-2026-12020 | Use after free in Autofill in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | [email protected] | 8.8 | 0.22% | 2026-06-11 | 2026-06-13 |
| CVE-2026-12019 | Heap buffer overflow in Codecs in Google Chrome on Linux and ChromeOS prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | [email protected] | 8.3 | 0.23% | 2026-06-11 | 2026-06-13 |
| CVE-2026-12018 | Inappropriate implementation in Mojo in Google Chrome on Windows prior to 149.0.7827.115 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High) | [email protected] | 8.8 | 0.16% | 2026-06-11 | 2026-06-12 |
| CVE-2026-12017 | Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High) | [email protected] | 3.1 | 0.18% | 2026-06-11 | 2026-06-13 |
| CVE-2026-12016 | Inappropriate implementation in DevTools in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | [email protected] | 8.3 | 0.22% | 2026-06-11 | 2026-06-13 |
| CVE-2026-12015 | Use after free in Autofill in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High) | [email protected] | 5.3 | 0.20% | 2026-06-11 | 2026-06-13 |