FAIL › dossier
FedRAMP provider · · dossier confidence 20%
Google Chrome is currently under active exploitation due to a cluster of critical sandbox escape and RCE vulnerabilities in core components like V8 and Skia, with multiple patches released in July 2026 to address these high-risk flaws.
Google demonstrates a reactive security posture with a high volume of critical and high-severity vulnerabilities in Chrome, particularly involving sandbox escape and use-after-free flaws in core components like V8, Skia, and ANGLE.
| Date | Event | Sev | Flags | Shame | Summary |
|---|---|---|---|---|---|
| 2026-03-13 | CVE-2026-3910 | high | ⚡RCE ⌖KEV | 85 | Google Chromium V8 allows remote code execution via crafted HTML pages, enabling attackers to bypass sandbox protections. |
| 2026-06-09 | CVE-2026-11645 | high | ⚡RCE ⌖KEV | 65 | Google Chromium V8 allows remote code execution via crafted HTML pages, enabling sandbox escape and arbitrary code execution. |
| 2026-06-30 | CVE-2026-14104 | critical | ⚡RCE | 50 | Insufficient validation of untrusted input in WebAppInstalls in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low) |
| 2026-04-01 | CVE-2026-5281 | high | ⚡RCE ⌖KEV | 45 | Google Dawn (Chrome/Edge/Opera) use-after-free vulnerability enables remote code execution via crafted HTML. |
| 2026-03-13 | CVE-2026-3909 | high | ⌖KEV | 45 | Google Skia contains an actively exploited out-of-bounds write vulnerability enabling remote memory access via crafted HTML. |
| 2026-06-30 | CVE-2026-13782 | critical | 35 | Use after free in Browser in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | |
| 2026-06-30 | CVE-2026-13781 | critical | 35 | Insufficient validation of untrusted input in Skia in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | |
| 2026-06-30 | CVE-2026-14120 | critical | 35 | Inappropriate implementation in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low) | |
| 2026-06-30 | CVE-2026-13776 | critical | 35 | Type Confusion in Dawn in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | |
| 2026-06-30 | CVE-2026-13775 | critical | 35 | Use after free in GPU in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | |
| 2026-06-30 | CVE-2026-13780 | critical | 35 | Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | |
| 2026-06-30 | CVE-2026-14109 | critical | 35 | Insufficient policy enforcement in Mojo in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low) | |
| 2026-06-30 | CVE-2026-14106 | critical | 35 | Insufficient validation of untrusted input in Text in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low) | |
| 2026-06-30 | CVE-2026-14101 | critical | 35 | Insufficient policy enforcement in Sandbox in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low) | |
| 2026-06-30 | CVE-2026-13785 | critical | 35 | Use after free in Bluetooth in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | |
| 2026-06-29 | CVE-2026-11720 | critical | 35 | A path traversal vulnerability exists in the HTTP tool URL builder of googleapis/mcp-toolbox. When constructing downstream API requests, the URL builder substitutes user-controlled pathParams into the configured tool path and parses the resulting string as a relative URL. While |
| Product | Status | Impact |
|---|---|---|
| Google Services (Google Cloud Platform Products and underlying Infrastructure) | Authorized | High |
| Google Workspace | Authorized | High |
Open questions: Google's remediation timeline for critical vulnerabilities · Impact of these vulnerabilities on CMMC compliance