Multiple vulnerabilities in Google Chrome

Description

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, obtain sensitive information, execute arbitrary code, spoof user interface.

Below is a complete list of vulnerabilities:

1. Policy bypass vulnerability in LocalNetworkAccess can be exploited to bypass security restrictions.
2. Policy bypass vulnerability in Downloads can be exploited to bypass security restrictions.
3. Inappropriate implementation vulnerability in V8 can be exploited to cause denial of service.
4. Heap buffer overflow vulnerability in WebAudio can be exploited to cause denial of service.
5. Heap buffer overflow vulnerability in WebML can be exploited to cause denial of service.
6. Policy bypass vulnerability in Audio can be exploited to bypass security restrictions.
7. Integer overflow vulnerability in Media can be exploited to cause denial of service.
8. Policy bypass vulnerability in DevTools can be exploited to bypass security restrictions.
9. Integer overflow vulnerability in WebRTC can be exploited to cause denial of service.
10. Cryptographic Flaw vulnerability in PDFium can be exploited to obtain sensitive information.
11. Use after free vulnerability in Media can be exploited to cause denial of service or execute arbitrary code.
12. Incorrect security UI vulnerability in Omnibox can be exploited to spoof user interface.
13. Policy bypass vulnerability in IFrameSandbox can be exploited to bypass security restrictions.
14. Incorrect security UI vulnerability in Permissions can be exploited to spoof user interface.
15. Type confusion vulnerability in V8 can be exploited to cause denial of service.
16. Incorrect security UI vulnerability in History Navigation can be exploited to spoof user interface.
17. Use after free vulnerability in V8 can be exploited to cause denial of service or execute arbitrary code.
18. Out of bounds read vulnerability in Blink can be exploited to cause denial of service.
19. Race vulnerability in WebCodecs can be exploited to obtain sensitive information.
20. Type confusion vulnerability in CSS can be exploited to cause denial of service.
21. Use after free vulnerability in Blink can be exploited to cause denial of service or execute arbitrary code.
22. Inappropriate implementation vulnerability in PDF can be exploited to cause denial of service.
23. Policy bypass vulnerability in Blink can be exploited to bypass security restrictions.
24. Incorrect security UI vulnerability in browser UI can be exploited to spoof user interface.
25. Uninitialized Use vulnerability in WebCodecs can be exploited to obtain sensitive information.
26. Incorrect security UI vulnerability in Downloads can be exploited to spoof user interface.
27. Inappropriate implementation vulnerability in Navigation can be exploited to cause denial of service.
28. Race vulnerability in V8 can be exploited to obtain sensitive information.
29. Insufficient validation of untrusted input vulnerability in Media can be exploited remotely to execute arbitrary code.
30. Out of bounds read and write vulnerability in V8 can be exploited to cause denial of service.
31. Insufficient validation of untrusted input vulnerability in WebSockets can be exploited remotely to execute arbitrary code.
32. Out of bounds read vulnerability in WebAudio can be exploited to cause denial of service.
33. Race vulnerability in Media can be exploited to obtain sensitive information.
34. Use after free vulnerability in Navigation can be exploited to cause denial of service or execute arbitrary code.
35. Heap buffer overflow vulnerability in ANGLE can be exploited to cause denial of service.
36. Policy bypass vulnerability in ServiceWorkers can be exploited to bypass security restrictions.
37. Incorrect security UI vulnerability in Fullscreen can be exploited to spoof user interface.
38. Insufficient validation of untrusted input vulnerability in WebML can be exploited remotely to execute arbitrary code.
39. Integer overflow vulnerability in Skia can be exploited to cause denial of service.
40. Insufficient data validation vulnerability in Media can be exploited to cause denial of service.
41. Insufficient validation of untrusted input vulnerability in ANGLE can be exploited remotely to execute arbitrary code.
42. Incorrect security UI vulnerability in Blink can be exploited to spoof user interface.
43. Insufficient policy enforcement vulnerability in browser UI can be exploited to spoof user interface.
44. Side-channel information leakage vulnerability in Navigation can be exploited to obtain sensitive information.
45. Use after free vulnerability in WebRTC can be exploited to cause denial of service or execute arbitrary code.
46. Insufficient policy enforcement vulnerability in PWAs can be exploited to spoof user interface.
47. Integer overflow vulnerability in WebML can be exploited to cause denial of service.
48. Insufficient validation of untrusted input vulnerability in Downloads can be exploited remotely to execute arbitrary code.
49. Use after free vulnerability in PrivateAI can be exploited to cause denial of service or execute arbitrary code.

Original advisories

• Stable Channel Update for Desktop

Exploitation

Related products

• Google-Chrome

CVE list

• CVE-2026-5858
  unknown
• CVE-2026-5859
  unknown
• CVE-2026-5860
  unknown
• CVE-2026-5861
  unknown
• CVE-2026-5862
  unknown
• CVE-2026-5863
  unknown
• CVE-2026-5864
  unknown
• CVE-2026-5865
  unknown
• CVE-2026-5866
  unknown
• CVE-2026-5867
  unknown
• CVE-2026-5868
  unknown
• CVE-2026-5869
  unknown
• CVE-2026-5870
  unknown
• CVE-2026-5871
  unknown
• CVE-2026-5872
  unknown
• CVE-2026-5873
  unknown
• CVE-2026-5874
  unknown
• CVE-2026-5875
  unknown
• CVE-2026-5876
  unknown
• CVE-2026-5877
  unknown
• CVE-2026-5878
  unknown
• CVE-2026-5879
  unknown
• CVE-2026-5880
  unknown
• CVE-2026-5881
  unknown
• CVE-2026-5882
  unknown
• CVE-2026-5883
  unknown
• CVE-2026-5884
  unknown
• CVE-2026-5885
  unknown
• CVE-2026-5886
  unknown
• CVE-2026-5887
  unknown
• CVE-2026-5888
  unknown
• CVE-2026-5889
  unknown
• CVE-2026-5890
  unknown
• CVE-2026-5891
  unknown
• CVE-2026-5892
  unknown
• CVE-2026-5893
  unknown
• CVE-2026-5894
  unknown
• CVE-2026-5895
  unknown
• CVE-2026-5896
  unknown
• CVE-2026-5897
  unknown
• CVE-2026-5898
  unknown
• CVE-2026-5899
  unknown
• CVE-2026-5900
  unknown
• CVE-2026-5901
  unknown
• CVE-2026-5902
  unknown
• CVE-2026-5903
  unknown
• CVE-2026-5904
  unknown
• CVE-2026-5905
  unknown
• CVE-2026-5906
  unknown
• CVE-2026-5907
  unknown
• CVE-2026-5908
  unknown
• CVE-2026-5909
  unknown
• CVE-2026-5910
  unknown
• CVE-2026-5911
  unknown
• CVE-2026-5912
  unknown
• CVE-2026-5913
  unknown
• CVE-2026-5914
  unknown
• CVE-2026-5915
  unknown
• CVE-2026-5918
  unknown
• CVE-2026-5919
  unknown

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com