This update includes
382 security fixes.
[N/A][
506558270] Critical CVE-2026-13774: Use after free in Extensions. Reported by Google on 2026-04-26
[N/A][
511766407] Critical CVE-2026-13775: Use after free in GPU. Reported by Google on 2026-05-10
[N/A][
513012139] Critical CVE-2026-13776: Type Confusion in Dawn. Reported by Google on 2026-05-14
[N/A][
513128566] Critical CVE-2026-13777: Insufficient validation of untrusted input in iOSWeb. Reported by Google on 2026-05-14
[N/A][
513167952] Critical CVE-2026-13778: Use after free in WebUSB. Reported by Google on 2026-05-14
[N/A][
513222854] Critical CVE-2026-13779: Use after free in Chromoting. Reported by Google on 2026-05-14
[N/A][
514769383] Critical CVE-2026-13780: Insufficient validation of untrusted input in ANGLE. Reported by Google on 2026-05-19
[N/A][
516457532] Critical CVE-2026-13781: Insufficient validation of untrusted input in Skia. Reported by Google on 2026-05-25
[N/A][
516683433] Critical CVE-2026-13782: Use after free in Browser. Reported by Google on 2026-05-26
[N/A][
516962178] Critical CVE-2026-13783: Use after free in Views. Reported by Google on 2026-05-27
[N/A][
516962715] Critical CVE-2026-13784: Use after free in Views. Reported by Google on 2026-05-27
[N/A][
517021684] Critical CVE-2026-13785: Use after free in Bluetooth. Reported by Google on 2026-05-27
[N/A][
518007821] Critical CVE-2026-13786: Use after free in Ozone. Reported by Google on 2026-05-29
[N/A][
522919313] Critical CVE-2026-13787: Use after free in Chromoting. Reported by Google on 2026-06-11
[N/A][
523119897] Critical CVE-2026-13788: Use after free in Fullscreen. Reported by Google on 2026-06-12
[$36000][
493847920] High CVE-2026-13789: Use after free in GPU. Reported by 86ac1f1587b71893ed2ad792cd7dde32 on 2026-03-18
[$10000][
457771782] High CVE-2026-13790: Side-channel information leakage in Scroll. Reported by Vsevolod Kokorin (Slonser) of Solidlab and Jorian Woltjer on 2025-11-04
[$10000][
503850012] High CVE-2026-13791: Insufficient validation of untrusted input in Downloads. Reported by Ron Masas (Imperva) on 2026-04-17
[$4000][
496012368] High CVE-2026-13792: Use after free in Touchbar. Reported by Weipeng Jiang (@Krace) of VRI on 2026-03-25
[$3000][
510829679] High CVE-2026-13793: Insufficient policy enforcement in SVG. Reported by
pakhunov.anton.n@gmail.com on 2026-05-07
[$2500][
513893425] High CVE-2026-13794: Insufficient validation of untrusted input in WebAppInstalls. Reported by Daniel Rodríguez on 2026-05-16
[$2000][
476591032] High CVE-2026-13795: Insufficient policy enforcement in Chrome for iOS. Reported by maitai on 2026-01-17
[N/A][
491894115] High CVE-2026-13796: Integer overflow in Chromecast. Reported by Google on 2026-03-11
[N/A][
499025645] High CVE-2026-13797: Insufficient validation of untrusted input in Chromecast. Reported by Google on 2026-04-02
[N/A][
499048914] High CVE-2026-13798: Heap buffer overflow in Chromecast. Reported by Google on 2026-04-02
[N/A][
499252371] High CVE-2026-13799: Use after free in QUIC. Reported by Google on 2026-04-03
[N/A][
500108770] High CVE-2026-13800: Inappropriate implementation in Updater. Reported by Google on 2026-04-06
[N/A][
500587568] High CVE-2026-13801: Integer overflow in Chromecast. Reported by Google on 2026-04-08
[N/A][
501623322] High CVE-2026-13802: Use after free in Views. Reported by Google on 2026-04-11
[N/A][
501669642] High CVE-2026-13803: Type Confusion in Chrome Tabs. Reported by Google on 2026-04-11
[N/A][
501873032] High CVE-2026-13804: Use after free in Chromecast. Reported by Google on 2026-04-12
[N/A][
502282040] High CVE-2026-13805: Use after free in GFX. Reported by Google on 2026-04-13
[N/A][
503333798] High CVE-2026-13806: Insufficient validation of untrusted input in Accessibility. Reported by Google on 2026-04-16
[N/A][
504194494] High CVE-2026-13807: Use after free in Import. Reported by Google on 2026-04-19
[N/A][
504221510] High CVE-2026-13808: Insufficient data validation in Chrome for iOS. Reported by Google on 2026-04-19
[N/A][
504222227] High CVE-2026-13809: Side-channel information leakage in Safe Browsing. eported by Google on 2026-04-19
[TBD][
504600482] High CVE-2026-13810: Inappropriate implementation in Input. Reported by
dilipsc03@gmail.com on 2026-04-20
[N/A][
506149253] High CVE-2026-13811: Use after free in IME. Reported by Google on 2026-04-24
[N/A][
508293203] High CVE-2026-13812: Insufficient validation of untrusted input in Chrome for iOS. Reported by Google on 2026-04-30
[N/A][
508462149] High CVE-2026-13813: Insufficient validation of untrusted input in Chrome for iOS. Reported by Google on 2026-05-01
[N/A][
511712766] High CVE-2026-13814: Use after free in Views. Reported by Google on 2026-05-10
[N/A][
511722207] High CVE-2026-13815: Use after free in Blink. Reported by Google on 2026-05-10
[N/A][
511735715] High CVE-2026-13816: Insufficient validation of untrusted input in File Input. Reported by Google on 2026-05-10
[N/A][
511739631] High CVE-2026-13817: Insufficient validation of untrusted input in Glic. Reported by Google on 2026-05-10
[N/A][
511823182] High CVE-2026-13818: Inappropriate implementation in Passwords. Reported by Google on 2026-05-10
[N/A][
512962749] High CVE-2026-13819: Out of bounds read in ANGLE. Reported by Google on 2026-05-13
[N/A][
512986879] High CVE-2026-13820: Out of bounds read in Skia. Reported by Google on 2026-05-13
[N/A][
513142445] High CVE-2026-13821: Use after free in Canvas. Reported by Google on 2026-05-14
[N/A][
513148038] High CVE-2026-13822: Inappropriate implementation in Extensions. Reported by Google on 2026-05-14
[N/A][
513163011] High CVE-2026-13823: Use after free in Glic. Reported by Google on 2026-05-14
[N/A][
513177497] High CVE-2026-13824: Insufficient validation of untrusted input in Extensions. Reported by Google on 2026-05-14
[N/A][
513209610] High CVE-2026-13825: Uninitialized Use in Dawn. Reported by Google on 2026-05-14
[N/A][
513237800] High CVE-2026-13826: Inappropriate implementation in Autofill. Reported by Google on 2026-05-14
[N/A][
513371963] High CVE-2026-13827: Use after free in Updater. Reported by Google on 2026-05-15
[N/A][
513399832] High CVE-2026-13828: Inappropriate implementation in Enterprise. Reported by Google on 2026-05-15
[N/A][
513490996] High CVE-2026-13829: Insufficient validation of untrusted input in Settings. Reported by Google on 2026-05-15
[N/A][
513727494] High CVE-2026-13830: Use after free in Chromoting. Reported by Google on 2026-05-16
[N/A][
513781328] High CVE-2026-13831: Use after free in GPU. Reported by Google on 2026-05-16
[N/A][
513822378] High CVE-2026-13832: Use after free in Headless. Reported by Google on 2026-05-16
[N/A][
513920082] High CVE-2026-13833: Uninitialized Use in ANGLE. Reported by Google on 2026-05-17
[N/A][
513925114] High CVE-2026-13834: Insufficient validation of untrusted input in ANGLE. Reported by Google on 2026-05-17
[N/A][
514338102] High CVE-2026-13835: Inappropriate implementation in XML. Reported by Google on 2026-05-18
[N/A][
514420555] High CVE-2026-13836: Inappropriate implementation in CSS. Reported by Google on 2026-05-18
[N/A][
514429130] High CVE-2026-13837: Inappropriate implementation in CSS. Reported by Google on 2026-05-18
[N/A][
514445398] High CVE-2026-13838: Inappropriate implementation in CSS. Reported by Google on 2026-05-18
[N/A][
514449396] High CVE-2026-13839: Inappropriate implementation in CSS. Reported by Google on 2026-05-18
[TBD][
514609778] High CVE-2026-13840: Insufficient policy enforcement in Canvas. Reported by Binglin Song on 2026-05-19
[N/A][
515467789] High CVE-2026-13841: Integer overflow in Skia. Reported by Google on 2026-05-21
[TBD][
516836297] High CVE-2026-13842: Incorrect security UI in Chrome for iOS. Reported by Azza Tegar Naufal Ataullah on 2026-05-26
[N/A][
516869032] High CVE-2026-13843: Insufficient validation of untrusted input in Chrome for iOS. Reported by Google on 2026-05-26
[N/A][
516926115] High CVE-2026-13844: Use after free in Updater. Reported by Google on 2026-05-27
[N/A][
516936863] High CVE-2026-13845: Use after free in DOM. Reported by Google on 2026-05-27
[N/A][
516999424] High CVE-2026-13846: Use after free in USB. Reported by Google on 2026-05-27
[N/A][
517073397] High CVE-2026-13847: Insufficient validation of untrusted input in Chrome for iOS. Reported by Google on 2026-05-27
[N/A][
517345069] High CVE-2026-13848: Use after free in Forms. Reported by Google on 2026-05-28
[N/A][
517351411] High CVE-2026-13849: Insufficient validation of untrusted input in Chromoting. Reported by Google on 2026-05-28
[N/A][
517610676] High CVE-2026-13850: Insufficient validation of untrusted input in Chrome for iOS. Reported by Google on 2026-05-28
[N/A][
519692255] High CVE-2026-13851: Insufficient validation of untrusted input in WebAppInstalls. Reported by Google on 2026-06-03
[N/A][
522560124] High CVE-2026-13852: Insufficient validation of untrusted input in WebAppInstalls. Reported by Google on 2026-06-11
[N/A][
523224019] High CVE-2026-13853: Use after free in Journeys. Reported by Google on 2026-06-12
[N/A][
523690961] High CVE-2026-13854: Use after free in Ozone. Reported by Google on 2026-06-13
[N/A][
524395469] High CVE-2026-13855: Use after free in Ozone. Reported by Google on 2026-06-16
[$8000][
508092634] Medium CVE-2026-13856: Insufficient validation of untrusted input in Speech. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-04-30
[$5000][
479203484] Medium CVE-2026-13857: Inappropriate implementation in Geometry. Reported by Luan Herrera (@lbherrera_) on 2026-01-27
[$3000][
507090179] Medium CVE-2026-13858: Out of bounds read in FFmpeg. Reported by Wongi Lee (@_qwerty_po) of Theori with Xint Code, Jungwoo Lee (@physicube) on 2026-04-27
[$2000][
484756087] Medium CVE-2026-13859: Inappropriate implementation in ANGLE. Reported by Jason Villaluna on 2026-02-15
[$1000][
417052041] Medium CVE-2026-13860: Incorrect security UI in Autofill. Reported by Khalil Zhani on 2025-05-12
[N/A][
495456765] Medium CVE-2026-13861: Use after free in Core. Reported by Google on 2026-03-23
[N/A][
495897416] Medium CVE-2026-13862: Insufficient policy enforcement in Web Authentication (Passkeys & Security Keys). Reported by Google on 2026-03-24
[N/A][
496012495] Medium CVE-2026-13863: Insufficient validation of untrusted input in CustomTabs. Reported by Google on 2026-03-25
[N/A][
496399913] Medium CVE-2026-13864: Insufficient policy enforcement in WebHID. Reported by Google on 2026-03-26
[N/A][
497090912] Medium CVE-2026-13865: Insufficient validation of untrusted input in Enterprise. Reported by Google on 2026-03-28
[N/A][
497207698] Medium CVE-2026-13866: Insufficient validation of untrusted input in Input. Reported by Google on 2026-03-28
[N/A][
497345177] Medium CVE-2026-13867: Inappropriate implementation in Geolocation. Reported by Google on 2026-03-29
[N/A][
497453475] Medium CVE-2026-13868: Inappropriate implementation in Network. Reported by Google on 2026-03-29
[N/A][
497610642] Medium CVE-2026-13869: Use after free in Device. Reported by Google on 2026-03-30
[N/A][
497634837] Medium CVE-2026-13870: Use after free in WebView. Reported by Google on 2026-03-30
[N/A][
497961376] Medium CVE-2026-13871: Insufficient data validation in GuestView. Reported by Google on 2026-03-30
[N/A][
497977983] Medium CVE-2026-13872: Insufficient validation of untrusted input in WebAppInstalls. Reported by Google on 2026-03-31
[N/A][
498085466] Medium CVE-2026-13873: Out of bounds memory access in Layout. Reported by Google on 2026-03-31
[N/A][
498411773] Medium CVE-2026-13874: Inappropriate implementation in DataTransfer. Reported by Google on 2026-04-01
[N/A][
498721671] Medium CVE-2026-13875: Insufficient validation of untrusted input in GPU. Reported by Google on 2026-04-01
[N/A][
498722200] Medium CVE-2026-13876: Inappropriate implementation in Network. Reported by Google on 2026-04-01
[N/A][
498820206] Medium CVE-2026-13877: Insufficient validation of untrusted input in ANGLE. Reported by Google on 2026-04-02
[N/A][
499007266] Medium CVE-2026-13878: Use after free in Bluetooth. Reported by Google on 2026-04-02
[N/A][
499022239] Medium CVE-2026-13879: Use after free in Bluetooth. Reported by Google on 2026-04-02
[N/A][
499025880] Medium CVE-2026-13880: Use after free in USB. Reported by Google on 2026-04-02
[N/A][
499100491] Medium CVE-2026-13881: Insufficient data validation in WebAppInstalls. Reported by Google on 2026-04-03
[N/A][
499162550] Medium CVE-2026-13882: Inappropriate implementation in USB. Reported by Google on 2026-04-03
[N/A][
500030250] Medium CVE-2026-13883: Type Confusion in ANGLE. Reported by Google on 2026-04-06
[N/A][
500077014] Medium CVE-2026-13884: Heap buffer overflow in Chromecast. Reported by Google on 2026-04-06
[N/A][
500474409] Medium CVE-2026-13885: Use after free in Skia. Reported by Google on 2026-04-07
[N/A][
500475136] Medium CVE-2026-13886: Policy bypass in Isolated Web Apps. Reported by Google on 2026-04-07
[N/A][
500508524] Medium CVE-2026-13887: Insufficient policy enforcement in NFC. Reported by Google on 2026-04-08
[N/A][
500566906] Medium CVE-2026-13888: Use after free in Extensions. Reported by Google on 2026-04-08
[N/A][
500588580] Medium CVE-2026-13889: Insufficient validation of untrusted input in WebAuthentication. Reported by Google on 2026-04-08
[N/A][
500601345] Medium CVE-2026-13890: Out of bounds read in Chromecast. Reported by Google on 2026-04-08
[N/A][
501631475] Medium CVE-2026-13891: Insufficient validation of untrusted input in Extensions. Reported by Google on 2026-04-11
[N/A][
501674841] Medium CVE-2026-13892: Inappropriate implementation in Chrome for iOS. Reported by Google on 2026-04-11
[N/A][
501729582] Medium CVE-2026-13893: Insufficient validation of untrusted input in WebUI. Reported by Google on 2026-04-11
[N/A][
501741117] Medium CVE-2026-13894: Insufficient policy enforcement in Network. Reported by Google on 2026-04-11
[N/A][
501770542] Medium CVE-2026-13895: Inappropriate implementation in Autofill. Reported by Google on 2026-04-12
[N/A][
501820076] Medium CVE-2026-13896: Insufficient policy enforcement in Glic. Reported by Google on 2026-04-12
[N/A][
501877896] Medium CVE-2026-13897: Insufficient policy enforcement in Chromecast. Reported by Google on 2026-04-12
[N/A][
501925480] Medium CVE-2026-13898: Use after free in Cast Receiver. Reported by Google on 2026-04-12
[N/A][
502109002] Medium CVE-2026-13899: Use after free in HTML. Reported by Google on 2026-04-13
[N/A][
502374993] Medium CVE-2026-13900: Insufficient validation of untrusted input in Chromecast. Reported by Google on 2026-04-14
[N/A][
503585173] Medium CVE-2026-13901: Insufficient validation of untrusted input in Serial. Reported by Google on 2026-04-17
[N/A][
503725717] Medium CVE-2026-13902: Inappropriate implementation in Chrome for iOS. Reported by Google on 2026-04-17
[N/A][
503912196] Medium CVE-2026-13903: Insufficient policy enforcement in Bluetooth. Reported by Google on 2026-04-18
[N/A][
504185807] Medium CVE-2026-13904: Incorrect security UI in Safe Browsing. Reported by Google on 2026-04-19
[N/A][
504192688] Medium CVE-2026-13905: Incorrect security UI in Chrome for iOS. Reported by Google on 2026-04-19
[N/A][
504613867] Medium CVE-2026-13906: Out of bounds read in Codecs. Reported by Google on 2026-04-20
[N/A][
505156685] Medium CVE-2026-13907: Inappropriate implementation in iOSWeb. Reported by Google on 2026-04-22
[N/A][
505242189] Medium CVE-2026-13908: Insufficient validation of untrusted input in Omnibox. Reported by Google on 2026-04-22
[N/A][
505933538] Medium CVE-2026-13909: Insufficient policy enforcement in DevTools. Reported by Google on 2026-04-24
[N/A][
507231605] Medium CVE-2026-13910: Insufficient policy enforcement in WebXR. Reported by Google on 2026-04-28
[N/A][
507239830] Medium CVE-2026-13911: Insufficient data validation in Spellcheck. Reported by Google on 2026-04-28
[N/A][
508259433] Medium CVE-2026-13912: Incorrect security UI in Safe Browsing. Reported by Google on 2026-04-30
[N/A][
508260619] Medium CVE-2026-13913: Insufficient policy enforcement in Autofill. Reported by Google on 2026-04-30
[N/A][
508273690] Medium CVE-2026-13914: Inappropriate implementation in Passwords. Reported by Google on 2026-04-30
[N/A][
508275293] Medium CVE-2026-13915: Use after free in Chrome for iOS. Reported by Google on 2026-04-30
[N/A][
508283108] Medium CVE-2026-13916: Inappropriate implementation in Chrome for iOS. Reported by Google on 2026-04-30
[N/A][
508286935] Medium CVE-2026-13917: Insufficient validation of untrusted input in Chrome for iOS. Reported by Google on 2026-04-30
[N/A][
509712284] Medium CVE-2026-13918: Use after free in Chrome for iOS. Reported by Google on 2026-05-05
[N/A][
511249430] Medium CVE-2026-13919: Insufficient data validation in Extensions. Reported by Google on 2026-05-08
[N/A][
511722559] Medium CVE-2026-13920: Insufficient validation of untrusted input in Media. Reported by Google on 2026-05-10
[N/A][
511738175] Medium CVE-2026-13921: Insufficient validation of untrusted input in DeviceBoundSessionCredentials. Reported by Google on 2026-05-10
[N/A][
511748106] Medium CVE-2026-13922: Side-channel information leakage in Paint. Reported by Google on 2026-05-10
[N/A][
511772034] Medium CVE-2026-13923: Uninitialized Use in GPU. Reported by Google on 2026-05-10
[N/A][
511784747] Medium CVE-2026-13924: Insufficient validation of untrusted input in WebView. Reported by Google on 2026-05-10
[N/A][
511802911] Medium CVE-2026-13925: Inappropriate implementation in Downloads. Reported by Google on 2026-05-10
[N/A][
511814550] Medium CVE-2026-13926: Insufficient validation of untrusted input in Network. Reported by Google on 2026-05-10
[N/A][
511826446] Medium CVE-2026-13927: Insufficient validation of untrusted input in UI. Reported by Google on 2026-05-10
[N/A][
512162479] Medium CVE-2026-13928: Insufficient validation of untrusted input in Enterprise. Reported by Google on 2026-05-11
[TBD][
512249559] Medium CVE-2026-13929: Insufficient validation of untrusted input in DevTools. Reported by LegioSec on 2026-05-12
[N/A][
512937764] Medium CVE-2026-13930: Insufficient policy enforcement in Actor. Reported by Google on 2026-05-13
[N/A][
512997441] Medium CVE-2026-13931: Inappropriate implementation in Media. Reported by Google on 2026-05-13
[N/A][
513001690] Medium CVE-2026-13932: Inappropriate implementation in Sharing. Reported by Google on 2026-05-14
[N/A][
513002625] Medium CVE-2026-13933: Insufficient policy enforcement in Passwords. Reported by Google on 2026-05-14
[N/A][
513006636] Medium CVE-2026-13934: Insufficient validation of untrusted input in Dawn. Reported by Google on 2026-05-14
[N/A][
513009005] Medium CVE-2026-13935: Side-channel information leakage in ComputePressure. Reported by Google on 2026-05-14
[N/A][
513044658] Medium CVE-2026-13936: Inappropriate implementation in Passwords. Reported by Google on 2026-05-14
[N/A][
513046494] Medium CVE-2026-13937: Insufficient policy enforcement in Passwords. Reported by Google on 2026-05-14
[N/A][
513143921] Medium CVE-2026-13938: Integer overflow in Fonts. Reported by Google on 2026-05-14
[N/A][
513149760] Medium CVE-2026-13939: Insufficient validation of untrusted input in WebShare. Reported by Google on 2026-05-14
[N/A][
513158425] Medium CVE-2026-13940: Uninitialized Use in Cast. Reported by Google on 2026-05-14
[N/A][
513183855] Medium CVE-2026-13941: Inappropriate implementation in SiteSettings. Reported by Google on 2026-05-14
[N/A][
513186670] Medium CVE-2026-13942: Insufficient validation of untrusted input in Video Capture. Reported by Google on 2026-05-14
[N/A][
513204116] Medium CVE-2026-13943: Uninitialized Use in CSS. Reported by Google on 2026-05-14
[N/A][
513224212] Medium CVE-2026-13944: Inappropriate implementation in DataTransfer. Reported by Google on 2026-05-14
[N/A][
513226551] Medium CVE-2026-13945: Insufficient policy enforcement in Extensions. Reported by Google on 2026-05-14
[N/A][
513274039] Medium CVE-2026-13946: Inappropriate implementation in ScriptInjections. Reported by Google on 2026-05-14
[N/A][
513280648] Medium CVE-2026-13947: Uninitialized Use in XR. Reported by Google on 2026-05-14
[N/A][
513286820] Medium CVE-2026-13948: Insufficient policy enforcement in Extensions. Reported by Google on 2026-05-14
[N/A][
513311569] Medium CVE-2026-13949: Insufficient policy enforcement in Payments. Reported by Google on 2026-05-14
[N/A][
513360781] Medium CVE-2026-13950: Uninitialized Use in GPU. Reported by Google on 2026-05-15
[N/A][
513394321] Medium CVE-2026-13951: Policy bypass in USB. Reported by Google on 2026-05-15
[N/A][
513401808] Medium CVE-2026-13952: Inappropriate implementation in PerformanceAPIs. Reported by Google on 2026-05-15
[N/A][
513459192] Medium CVE-2026-13953: Inappropriate implementation in SplitView. Reported by Google on 2026-05-15
[N/A][
513504934] Medium CVE-2026-13954: Insufficient policy enforcement in XML. Reported by Google on 2026-05-15
[N/A][
513508305] Medium CVE-2026-13955: Insufficient validation of untrusted input in CustomTabs. Reported by Google on 2026-05-15
[N/A][
513515168] Medium CVE-2026-13956: Incorrect security UI in PageInfo. Reported by Google on 2026-05-15
[N/A][
513553557] Medium CVE-2026-13957: Incorrect security UI in Extensions. Reported by Google on 2026-05-15
[N/A][
513567306] Medium CVE-2026-13958: Uninitialized Use in Codecs. Reported by Google on 2026-05-15
[N/A][
513609249] Medium CVE-2026-13959: Insufficient validation of untrusted input in Blink. Reported by Google on 2026-05-15
[N/A][
513714023] Medium CVE-2026-13960: Inappropriate implementation in Passwords. Reported by Google on 2026-05-16
[N/A][
513719481] Medium CVE-2026-13961: Insufficient validation of untrusted input in DevTools. Reported by Google on 2026-05-16
[N/A][
513721370] Medium CVE-2026-13962: Insufficient data validation in PDF. Reported by Google on 2026-05-16
[N/A][
513727626] Medium CVE-2026-13963: Inappropriate implementation in DevTools. Reported by Google on 2026-05-16
[N/A][
513735096] Medium CVE-2026-13964: Insufficient policy enforcement in WebView. Reported by Google on 2026-05-16
[N/A][
513737952] Medium CVE-2026-13965: Use after free in Oilpan. Reported by Google on 2026-05-16
[N/A][
513741393] Medium CVE-2026-13966: Inappropriate implementation in History. Reported by Google on 2026-05-16
[N/A][
513751951] Medium CVE-2026-13967: Type Confusion in V8. Reported by Google on 2026-05-16
[N/A][
513762145] Medium CVE-2026-13968: Insufficient validation of untrusted input in DevTools. Reported by Google on 2026-05-16
[N/A][
513762962] Medium CVE-2026-13969: Uninitialized Use in UI. Reported by Google on 2026-05-16
[N/A][
513779283] Medium CVE-2026-13970: Uninitialized Use in Media. Reported by Google on 2026-05-16
[N/A][
513780208] Medium CVE-2026-13971: Uninitialized Use in Skia. Reported by Google on 2026-05-16
[N/A][
513792140] Medium CVE-2026-13972: Inappropriate implementation in Paint. Reported by Google on 2026-05-16
[N/A][
513832989] Medium CVE-2026-13973: Inappropriate implementation in UI. Reported by Google on 2026-05-16
[N/A][
513850475] Medium CVE-2026-13974: Integer overflow in Safe Browsing. Reported by Google on 2026-05-16
[N/A][
513857658] Medium CVE-2026-13975: Out of bounds read in ANGLE. Reported by Google on 2026-05-16
[N/A][
513858286] Medium CVE-2026-13976: Heap buffer overflow in Storage. Reported by Google on 2026-05-16
[N/A][
513859894] Medium CVE-2026-13977: Inappropriate implementation in HTMLParser. Reported by Google on 2026-05-16
[N/A][
513866949] Medium CVE-2026-13978: Insufficient policy enforcement in PageInfo. Reported by Google on 2026-05-16
[N/A][
513988889] Medium CVE-2026-13979: Inappropriate implementation in Paint. Reported by Google on 2026-05-17
[N/A][
513989973] Medium CVE-2026-13980: Incorrect security UI in Chrome for iOS. Reported by Google on 2026-05-17
[N/A][
513990408] Medium CVE-2026-13981: Inappropriate implementation in Chrome for iOS. Reported by Google on 2026-05-17
[N/A][
514006829] Medium CVE-2026-13982: Incorrect security UI in Passwords. Reported by Google on 2026-05-17
[N/A][
514009910] Medium CVE-2026-13983: Incorrect security UI in Chrome for iOS. Reported by Google on 2026-05-17
[N/A][
514010404] Medium CVE-2026-13984: Incorrect security UI in TabStrip. Reported by Google on 2026-05-17
[N/A][
514013849] Medium CVE-2026-13985: Inappropriate implementation in MediaCapture. Reported by Google on 2026-05-17
[N/A][
514020959] Medium CVE-2026-13986: Inappropriate implementation in Media UI. Reported by Google on 2026-05-17
[N/A][
514039122] Medium CVE-2026-13987: Incorrect security UI in Mobile. Reported by Google on 2026-05-17
[N/A][
514040614] Medium CVE-2026-13988: Inappropriate implementation in Paint. Reported by Google on 2026-05-17
[N/A][
514056221] Medium CVE-2026-13989: Insufficient policy enforcement in PageInfo. Reported by Google on 2026-05-17
[N/A][
514058439] Medium CVE-2026-13990: Insufficient validation of untrusted input in DataTransfer. Reported by Google on 2026-05-17
[N/A][
514061117] Medium CVE-2026-13991: Insufficient validation of untrusted input in Chrome for iOS. Reported by Google on 2026-05-17
[N/A][
514063409] Medium CVE-2026-13992: Inappropriate implementation in UI. Reported by Google on 2026-05-17
[N/A][
514064139] Medium CVE-2026-13993: Incorrect security UI in WebAppInstalls. Reported by Google on 2026-05-17
[N/A][
514067416] Medium CVE-2026-13994: Inappropriate implementation in Credential Management. Reported by Google on 2026-05-17
[N/A][
514067524] Medium CVE-2026-13995: Insufficient validation of untrusted input in Autofill. Reported by Google on 2026-05-17
[N/A][
514068972] Medium CVE-2026-13996: Incorrect security UI in Permissions. Reported by Google on 2026-05-17
[N/A][
514069689] Medium CVE-2026-13997: Incorrect security UI in Extensions. Reported by Google on 2026-05-17
[N/A][
514070501] Medium CVE-2026-13998: Incorrect security UI in File Input. Reported by Google on 2026-05-17
[N/A][
514071697] Medium CVE-2026-13999: Inappropriate implementation in Extensions. Reported by Google on 2026-05-17
[N/A][
514461552] Medium CVE-2026-14000: Inappropriate implementation in XML. Reported by Google on 2026-05-19
[N/A][
514481943] Medium CVE-2026-14001: Inappropriate implementation in Network. Reported by Google on 2026-05-19
[N/A][
514489361] Medium CVE-2026-14002: Inappropriate implementation in Geolocation. Reported by Google on 2026-05-19
[N/A][
514503077] Medium CVE-2026-14003: Insufficient policy enforcement in Extensions. Reported by Google on 2026-05-19
[N/A][
514538751] Medium CVE-2026-14004: Inappropriate implementation in CSS. Reported by Google on 2026-05-19
[N/A][
514740273] Medium CVE-2026-14005: Use after free in Omnibox. Reported by Google on 2026-05-19
[N/A][
515423596] Medium CVE-2026-14006: Use after free in Navigation. Reported by Google on 2026-05-21
[N/A][
516425999] Medium CVE-2026-14007: Insufficient policy enforcement in PermissionsPolicy. Reported by Google on 2026-05-25
[N/A][
516781007] Medium CVE-2026-14008: Uninitialized Use in WebXR. Reported by Google on 2026-05-26
[N/A][
516819850] Medium CVE-2026-14009: Insufficient data validation in Passwords. Reported by Google on 2026-05-26
[N/A][
516924151] Medium CVE-2026-14010: Uninitialized Use in Codecs. Reported by Google on 2026-05-27
[N/A][
516944556] Medium CVE-2026-14011: Out of bounds read in SurfaceCapture. Reported by Google on 2026-05-27
[N/A][
517110749] Medium CVE-2026-14012: Side-channel information leakage in CSS. Reported by Google on 2026-05-27
[N/A][
517114175] Medium CVE-2026-14013: Inappropriate implementation in SVG. Reported by Google on 2026-05-27
[N/A][
517155893] Medium CVE-2026-14014: Inappropriate implementation in Paint. Reported by Google on 2026-05-27
[N/A][
517207235] Medium CVE-2026-14015: Inappropriate implementation in WebRTC. Reported by Google on 2026-05-27
[N/A][
517234388] Medium CVE-2026-14016: Insufficient policy enforcement in SVG. Reported by Google on 2026-05-27
[N/A][
517241992] Medium CVE-2026-14017: Inappropriate implementation in Navigation. Reported by Google on 2026-05-27
[N/A][
517350251] Medium CVE-2026-14018: Use after free in Updater. Reported by Google on 2026-05-28
[N/A][
517455455] Medium CVE-2026-14019: Inappropriate implementation in Passwords. Reported by Google on 2026-05-28
[N/A][
517598518] Medium CVE-2026-14020: Insufficient validation of untrusted input in WebXR. Reported by Google on 2026-05-28
[N/A][
517731924] Medium CVE-2026-14021: Insufficient validation of untrusted input in StorageAccessAPI. Reported by Google on 2026-05-29
[N/A][
517791835] Medium CVE-2026-14022: Insufficient validation of untrusted input in Network. Reported by Google on 2026-05-29
[N/A][
518063436] Medium CVE-2026-14023: Insufficient validation of untrusted input in SanitizerAPI. Reported by Google on 2026-05-30
[N/A][
518245882] Medium CVE-2026-14024: Use after free in Ozone. Reported by Google on 2026-05-30
[$2000][
506482786] Low CVE-2026-14025: Use after free in Views. Reported by asjidkalam on 2026-04-26
[$1000][
507263861] Low CVE-2026-14026: Incorrect security UI in SplitView. Reported by
adisahilna35@gmail.com on 2026-04-28
[TBD][
361375787] Low CVE-2026-14027: Use after free in SignIn. Reported by Sven Dysthe (@svn-dys) on 2024-08-21
[TBD][
401816601] Low CVE-2026-14028: Incorrect security UI in Chrome for iOS. Reported by Ameen Basha M K on 2025-03-09
[TBD][
488762971] Low CVE-2026-14030: Incorrect security UI in SplitView. Reported by Khalil Zhani on 2026-03-01
[N/A][
495459838] Low CVE-2026-14031: Incorrect security UI in File Input. Reported by Google on 2026-03-23
[N/A][
495783474] Low CVE-2026-14032: Use after free in Bluetooth. Reported by Google on 2026-03-24
[N/A][
495848160] Low CVE-2026-14033: Insufficient policy enforcement in Media. Reported by Google on 2026-03-24
[N/A][
496368832] Low CVE-2026-14034: Inappropriate implementation in WebXR. Reported by Google on 2026-03-26
[N/A][
496371586] Low CVE-2026-14035: Insufficient policy enforcement in Bluetooth. Reported by Google on 2026-03-26
[N/A][
496411061] Low CVE-2026-14036: Insufficient policy enforcement in Bluetooth. Reported by Google on 2026-03-26
[N/A][
496522611] Low CVE-2026-14037: Insufficient policy enforcement in GPU. Reported by Google on 2026-03-26
[N/A][
497241148] Low CVE-2026-14038: Insufficient validation of untrusted input in New Tab Page. Reported by Google on 2026-03-28
[N/A][
497358012] Low CVE-2026-14039: Insufficient policy enforcement in GetUserMedia. Reported by Google on 2026-03-29
[N/A][
497488593] Low CVE-2026-14040: Use after free in BrowserTag. Reported by Google on 2026-03-29
[N/A][
497544822] Low CVE-2026-14041: Insufficient policy enforcement in Serial. Reported by Google on 2026-03-29
[N/A][
497558336] Low CVE-2026-14042: Inappropriate implementation in Isolated Web Apps. Reported by Google on 2026-03-29
[N/A][
497632232] Low CVE-2026-14043: Use after free in GetUserMedia. Reported by Google on 2026-03-30
[N/A][
497670996] Low CVE-2026-14044: Use after free in ANGLE. Reported by Google on 2026-03-30
[N/A][
497723649] Low CVE-2026-14045: Insufficient validation of untrusted input in Network. Reported by Google on 2026-03-30
[N/A][
497959724] Low CVE-2026-14046: Inappropriate implementation in CustomTabs. Reported by Google on 2026-03-30
[N/A][
498864176] Low CVE-2026-14047: Insufficient policy enforcement in Extensions. Reported by Google on 2026-04-02
[N/A][
499189601] Low CVE-2026-14048: Use after free in Chromecast. Reported by Google on 2026-04-03
[N/A][
501659888] Low CVE-2026-14049: Inappropriate implementation in GPU. Reported by Google on 2026-04-11
[N/A][
501708647] Low CVE-2026-14050: Insufficient policy enforcement in Passwords. Reported by Google on 2026-04-11
[N/A][
501747804] Low CVE-2026-14051: Uninitialized Use in GamepadAPI. Reported by Google on 2026-04-11
[N/A][
501810874] Low CVE-2026-14052: Insufficient policy enforcement in FileSystem. Reported by Google on 2026-04-12
[N/A][
501836539] Low CVE-2026-14053: Insufficient policy enforcement in Extensions. Reported by Google on 2026-04-12
[N/A][
501851312] Low CVE-2026-14054: Insufficient policy enforcement in Network. Reported by Google on 2026-04-12
[N/A][
501857663] Low CVE-2026-14055: Insufficient validation of untrusted input in Device Trust. Reported by Google on 2026-04-12
[N/A][
501888426] Low CVE-2026-14056: Insufficient validation of untrusted input in Media. Reported by Google on 2026-04-12
[N/A][
502212647] Low CVE-2026-14057: Insufficient policy enforcement in FedCM. Reported by Google on 2026-04-13
[N/A][
502354038] Low CVE-2026-14058: Policy bypass in Parser. Reported by Google on 2026-04-14
[N/A][
502363986] Low CVE-2026-14059: Insufficient policy enforcement in Related-Website-Sets. Reported by Google on 2026-04-14
[N/A][
502372527] Low CVE-2026-14060: Insufficient validation of untrusted input in Chromoting. Reported by Google on 2026-04-14
[N/A][
502434484] Low CVE-2026-14061: Inappropriate implementation in Dawn. Reported by Google on 2026-04-14
[N/A][
502448128] Low CVE-2026-14062: Inappropriate implementation in Views. Reported by Google on 2026-04-14
[N/A][
502473563] Low CVE-2026-14063: Out of bounds memory access in Chromecast. Reported by Google on 2026-04-14
[N/A][
502714977] Low CVE-2026-14064: Use after free in PageInfo. Reported by Google on 2026-04-15
[N/A][
503617508] Low CVE-2026-14065: Insufficient validation of untrusted input in PageInfo. Reported by Google on 2026-04-17
[N/A][
503779807] Low CVE-2026-14066: Insufficient validation of untrusted input in Chrome for iOS. Reported by Google on 2026-04-17
[N/A][
504069465] Low CVE-2026-14067: Use after free in Chrome for iOS. Reported by Google on 2026-04-18
[N/A][
504210171] Low CVE-2026-14068: Inappropriate implementation in Omnibox. Reported by Google on 2026-04-19
[N/A][
505136542] Low CVE-2026-14069: Integer overflow in WebNN. Reported by Google on 2026-04-21
[N/A][
505137978] Low CVE-2026-14070: Uninitialized Use in WebNN. Reported by Google on 2026-04-21
[N/A][
506143724] Low CVE-2026-14071: Side-channel information leakage in WebAudio. Reported by Google on 2026-04-24
[N/A][
507099867] Low CVE-2026-14072: Incorrect security UI in SplitView. Reported by FARISSAL B on 2026-04-28
[N/A][
507237563] Low CVE-2026-14073: Insufficient policy enforcement in WebXR. Reported by Google on 2026-04-28
[N/A][
511743480] Low CVE-2026-14074: Side-channel information leakage in WebAuthentication. Reported by Google on 2026-05-10
[N/A][
511808800] Low CVE-2026-14075: Policy bypass in Chrome for iOS. Reported by Google on 2026-05-10
[N/A][
511815165] Low CVE-2026-14076: Policy bypass in Network. Reported by Google on 2026-05-10
[TBD][
511869411] Low CVE-2026-14077: Incorrect security UI in Select. Reported by pwn.ai on 2026-05-11
[N/A][
512953564] Low CVE-2026-14078: Policy bypass in WebRTC. Reported by Google on 2026-05-13
[N/A][
512971938] Low CVE-2026-14079: Policy bypass in Network. Reported by Google on 2026-05-13
[N/A][
512997517] Low CVE-2026-14080: Insufficient validation of untrusted input in TabSwitcher. Reported by Google on 2026-05-13
[N/A][
513030698] Low CVE-2026-14081: Insufficient policy enforcement in DevTools. Reported by Google on 2026-05-14
[N/A][
513049578] Low CVE-2026-14082: Race in Storage. Reported by Google on 2026-05-14
[N/A][
513128322] Low CVE-2026-14083: Insufficient validation of untrusted input in HTML. Reported by Google on 2026-05-14
[N/A][
513138148] Low CVE-2026-14084: Insufficient validation of untrusted input in Chromoting. Reported by Google on 2026-05-14
[N/A][
513155863] Low CVE-2026-14085: Side-channel information leakage in CSS. Reported by Google on 2026-05-14
[N/A][
513169718] Low CVE-2026-14086: Insufficient policy enforcement in HID. Reported by Google on 2026-05-14
[N/A][
513177237] Low CVE-2026-14087: Insufficient validation of untrusted input in WebNN. Reported by Google on 2026-05-14
[N/A][
513178869] Low CVE-2026-14088: Uninitialized Use in Canvas. Reported by Google on 2026-05-14
[N/A][
513188254] Low CVE-2026-14089: Insufficient validation of untrusted input in PopupBlocker. Reported by Google on 2026-05-14
[N/A][
513194241] Low CVE-2026-14090: Out of bounds read in CameraCapture. Reported by Google on 2026-05-14
[N/A][
513208773] Low CVE-2026-14091: Use after free in DevTools. Reported by Google on 2026-05-14
[N/A][
513212892] Low CVE-2026-14092: Insufficient policy enforcement in Privacy. Reported by Google on 2026-05-14
[N/A][
513240099] Low CVE-2026-14093: Use after free in Cast. Reported by Google on 2026-05-14
[N/A][
513264273] Low CVE-2026-14094: Use after free in Installer. Reported by Google on 2026-05-14
[N/A][
513271007] Low CVE-2026-14095: Insufficient validation of untrusted input in Browser. Reported by Google on 2026-05-14
[N/A][
513310821] Low CVE-2026-14096: Object lifecycle issue in Input. Reported by Google on 2026-05-14
[N/A][
513333529] Low CVE-2026-14097: Inappropriate implementation in WebAppInstalls. Reported by Google on 2026-05-14
[N/A][
513375767] Low CVE-2026-14098: Inappropriate implementation in CSS. Reported by Google on 2026-05-15
[N/A][
513382161] Low CVE-2026-14099: Use after free in Chrome for iOS. Reported by Google on 2026-05-15
[N/A][
513383891] Low CVE-2026-14100: Insufficient data validation in NetworkCache. Reported by Google on 2026-05-15
[N/A][
513454805] Low CVE-2026-14101: Insufficient policy enforcement in Sandbox. Reported by Google on 2026-05-15
[N/A][
513455047] Low CVE-2026-14102: Use after free in Passwords. Reported by Google on 2026-05-15
[N/A][
513465245] Low CVE-2026-14103: Use after free in SSL. Reported by Google on 2026-05-15
[N/A][
513484193] Low CVE-2026-14104: Insufficient validation of untrusted input in WebAppInstalls. Reported by Google on 2026-05-15
[N/A][
513528117] Low CVE-2026-14105: Insufficient policy enforcement in Speech. Reported by Google on 2026-05-15
[N/A][
513532778] Low CVE-2026-14106: Insufficient validation of untrusted input in Text. Reported by Google on 2026-05-15
[N/A][
513544566] Low CVE-2026-14107: Use after free in Scheduling. Reported by Google on 2026-05-15
[N/A][
513689974] Low CVE-2026-14108: Use after free in PDFium. Reported by Google on 2026-05-15
[N/A][
513694957] Low CVE-2026-14109: Insufficient policy enforcement in Mojo. Reported by Google on 2026-05-16
[N/A][
513698452] Low CVE-2026-14110: Inappropriate implementation in DarkMode. Reported by Google on 2026-05-16
[N/A][
513710926] Low CVE-2026-14111: Use after free in WebProtect. Reported by Google on 2026-05-16
[N/A][
513713946] Low CVE-2026-14112: Inappropriate implementation in Enterprise. Reported by Google on 2026-05-16
[N/A][
513737335] Low CVE-2026-14113: Use after free in Updater. Reported by Google on 2026-05-16
[N/A][
513743129] Low CVE-2026-14114: Inappropriate implementation in WebAppInstalls. Reported by Google on 2026-05-16
[N/A][
513745699] Low CVE-2026-14115: Insufficient validation of untrusted input in Cast. Reported by Google on 2026-05-16
[N/A][
513747800] Low CVE-2026-14116: Insufficient validation of untrusted input in DevTools. Reported by Google on 2026-05-16
[N/A][
513751020] Low CVE-2026-14117: Insufficient validation of untrusted input in DevTools. Reported by Google on 2026-05-16
[N/A][
513772764] Low CVE-2026-14118: Insufficient data validation in DevTools. Reported by Google on 2026-05-16
[N/A][
513775483] Low CVE-2026-14119: Type Confusion in Bluetooth. Reported by Google on 2026-05-16
[N/A][
513777411] Low CVE-2026-14120: Inappropriate implementation in DevTools. Reported by Google on 2026-05-16
[N/A][
513789382] Low CVE-2026-14121: Use after free in Chromoting. Reported by Google on 2026-05-16
[N/A][
513824891] Low CVE-2026-14122: Insufficient validation of untrusted input in WebAppInstalls. Reported by Google on 2026-05-16
[N/A][
513856644] Low CVE-2026-14123: Incorrect security UI in Chrome for iOS. Reported by Google on 2026-05-16
[N/A][
513867710] Low CVE-2026-14124: Inappropriate implementation in CredentialProvider. Reported by Google on 2026-05-16
[N/A][
513918431] Low CVE-2026-14125: Uninitialized Use in ANGLE. Reported by Google on 2026-05-17
[N/A][
513992796] Low CVE-2026-14126: Incorrect security UI in UI. Reported by Google on 2026-05-17
[N/A][
514009654] Low CVE-2026-14127: Inappropriate implementation in Printing. Reported by Google on 2026-05-17
[N/A][
514015836] Low CVE-2026-14128: Insufficient data validation in Chrome for iOS. Reported by Google on 2026-05-17
[N/A][
514018024] Low CVE-2026-14129: Incorrect security UI in PreviewTab. Reported by Google on 2026-05-17
[N/A][
514019522] Low CVE-2026-14130: Incorrect security UI in Omnibox. Reported by Google on 2026-05-17
[N/A][
514020982] Low CVE-2026-14131: Insufficient validation of untrusted input in WebAppInstalls. Reported by Google on 2026-05-17
[N/A][
514039492] Low CVE-2026-14132: Inappropriate implementation in WebXR. Reported by Google on 2026-05-17
[N/A][
514039947] Low CVE-2026-14133: Race in History Embeddings. Reported by Google on 2026-05-17
[N/A][
514055973] Low CVE-2026-14134: Inappropriate implementation in Autofill. Reported by Google on 2026-05-17
[N/A][
514058566] Low CVE-2026-14135: Insufficient validation of untrusted input in Network. Reported by Google on 2026-05-17
[N/A][
514068611] Low CVE-2026-14136: Incorrect security UI in Chrome for iOS. Reported by Google on 2026-05-17
[N/A][
514070067] Low CVE-2026-14137: Insufficient validation of untrusted input in Chrome for iOS. Reported by Google on 2026-05-17
[N/A][
514071775] Low CVE-2026-14138: Inappropriate implementation in WebAppInstalls. Reported by Google on 2026-05-17
[N/A][
514072495] Low CVE-2026-14139: Inappropriate implementation in TabStrip. Reported by Google on 2026-05-17
[N/A][
514072607] Low CVE-2026-14140: Insufficient validation of untrusted input in Input. Reported by Google on 2026-05-17
[N/A][
514072867] Low CVE-2026-14141: Incorrect security UI in Document Picture-in-Picture. Reported by Google on 2026-05-17
[N/A][
514073460] Low CVE-2026-14142: Inappropriate implementation in Extensions. Reported by Google on 2026-05-17
[N/A][
514075028] Low CVE-2026-14143: Incorrect security UI in Passwords. Reported by Google on 2026-05-17
[N/A][
514079793] Low CVE-2026-14144: Incorrect security UI in Views. Reported by Google on 2026-05-17
[N/A][
514485825] Low CVE-2026-14145: Inappropriate implementation in CSS. Reported by Google on 2026-05-19
[N/A][
514550047] Low CVE-2026-14146: Inappropriate implementation in CSS. Reported by Google on 2026-05-19
[N/A][
514632767] Low CVE-2026-14147: Inappropriate implementation in CSS. Reported by Google on 2026-05-19
[N/A][
515426873] Low CVE-2026-14148: Type Confusion in CSS. Reported by Google on 2026-05-21
[N/A][
515427046] Low CVE-2026-14149: Use after free in Audio. Reported by Google on 2026-05-21
[N/A][
517376041] Low CVE-2026-14150: Insufficient validation of untrusted input in Speech. Reported by Google on 2026-05-28
[N/A][
517381770] Low CVE-2026-14151: Inappropriate implementation in AI. Reported by Google on 2026-05-28
[N/A][
517534944] Low CVE-2026-14152: Out of bounds write in ANGLE. Reported by Google on 2026-05-28
[N/A][
517684077] Low CVE-2026-14153: Inappropriate implementation in Glic. Reported by Google on 2026-05-29
[N/A][
517741170] Low CVE-2026-14154: Inappropriate implementation in DevTools. Reported by Google on 2026-05-29
[N/A][
518246925] Low CVE-2026-14155: Insufficient policy enforcement in StorageAccessAPI. Reported by Google on 2026-05-30
[N/A][
518247789] Low CVE-2026-14156: Policy bypass in StorageAccessAPI. Reported by Google on 2026-05-30