COOEY // HUBcompliance · community · intelligence

FedRAMP catalog › Google Workspace

Google Workspace

Google · package F1206081364

Current status
Authorized · High impact · since 2026-07-07
Service model
SaaS
Marketplace
Rev5 · source: marketplace
Security posture
12 critical 4 high 4 on KEV · 16 correlated CVEs

CMMC domains addressed which 800-171 families this product helps satisfy

SC · System and Communications Protection IA · Identification and Authentication MP · Media Protection AT · Awareness and Training

Status timeline SCD2 history — the thing a spreadsheet can't answer

StatusImpactFromTo
Authorized High 2026-07-07 current

Authorizations

AgencyTypeDate
JAB AuthorizationJAB2021-10-27

Exposed CVEs correlated to this product

SeverityCVETitlePublished
critical CVE-2026-13775 CVE-2026-13775: Use after free in GPU in Google Chrome prior to 150.0.7871.47 allowed a remote a 2026-06-30
critical CVE-2026-13776 CVE-2026-13776: Type Confusion in Dawn in Google Chrome prior to 150.0.7871.47 allowed a remote 2026-06-30
critical CVE-2026-13780 CVE-2026-13780: Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 15 2026-06-30
critical CVE-2026-13781 CVE-2026-13781: Insufficient validation of untrusted input in Skia in Google Chrome prior to 150 2026-06-30
critical CVE-2026-13782 CVE-2026-13782: Use after free in Browser in Google Chrome prior to 150.0.7871.47 allowed a remo 2026-06-30
critical CVE-2026-13785 CVE-2026-13785: Use after free in Bluetooth in Google Chrome on Mac prior to 150.0.7871.47 allow 2026-06-30
critical CVE-2026-14101 CVE-2026-14101: Insufficient policy enforcement in Sandbox in Google Chrome on Mac prior to 150. 2026-06-30
critical CVE-2026-14104 CVE-2026-14104: Insufficient validation of untrusted input in WebAppInstalls in Google Chrome pr 2026-06-30
critical CVE-2026-14106 CVE-2026-14106: Insufficient validation of untrusted input in Text in Google Chrome on Android p 2026-06-30
critical CVE-2026-14109 CVE-2026-14109: Insufficient policy enforcement in Mojo in Google Chrome prior to 150.0.7871.47 2026-06-30
critical CVE-2026-14120 CVE-2026-14120: Inappropriate implementation in DevTools in Google Chrome prior to 150.0.7871.47 2026-06-30
critical CVE-2026-11720 CVE-2026-11720: A path traversal vulnerability exists in the HTTP tool URL builder of googleapis 2026-06-29
high CVE-2026-11645 Google Chromium V8 Out-of-Bounds Read and Write Vulnerability 2026-06-09
high CVE-2026-5281 Google Dawn Use-After-Free Vulnerability 2026-04-01
high CVE-2026-3909 Google Skia Out-of-Bounds Write Vulnerability 2026-03-13
high CVE-2026-3910 Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerability 2026-03-13