Chrome

Google web browser with frequent stable-channel releases.

Current version

Last checked: 2026-06-03

148

Release date: May 05, 2026
Security status: 25 high-severity CVEs tracked in the last 90 days. Current version not affected.

Source

endoflife.date

Public release notes are linked for the latest stored release.

View release notes Subscribe to updates

Release history

See the latest published releases stored for this product.

Version	Published	Notes
148	2026-05-05	Release Notes
147	2026-04-07	Release Notes
146	2026-03-10	Release Notes

Vulnerability tracking

versionPing monitors CVEs for this product. Matching CVEs are listed below. We only display CVEs with a CVSS score of 7.0 or higher that were published within the last 90 days.

Affected status is inferred from published affected version ranges where available. Always verify against the vendor advisory before making production decisions.

CVE	Severity	Published	Status	Summary
CVE-2026-9999	HIGH (8.8)	2026-05-28	Current versionnot affected	Inappropriate implementation in ANGLE in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) Affected versions Up to (excluding) 148.0.7778.216
CVE-2026-9998	HIGH (8.3)	2026-05-28	Current versionnot affected	Integer overflow in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) Affected versions Up to (excluding) 148.0.7778.216 Up to (excluding) 148.0.7778.215
CVE-2026-9997	HIGH (8.3)	2026-05-28	Current versionnot affected	Use after free in Input in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) Affected versions Up to (excluding) 148.0.7778.216 Up to (excluding) 148.0.7778.215
CVE-2026-9995	HIGH (8.8)	2026-05-28	Current versionnot affected	Use after free in WebXR in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) Affected versions Up to (excluding) 148.0.7778.216 Up to (excluding) 148.0.7778.215
CVE-2026-9994	HIGH (8.3)	2026-05-28	Current versionnot affected	Use after free in Core in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) Affected versions Up to (excluding) 148.0.7778.216
CVE-2026-9993	HIGH (8.3)	2026-05-28	Current versionnot affected	Use after free in Views in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted PDF file. (Chromium security severity: High) Affected versions Up to (excluding) 148.0.7778.216 Up to (excluding) 148.0.7778.215
CVE-2026-9992	HIGH (8.8)	2026-05-28	Current versionnot affected	Use after free in Network in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) Affected versions Up to (excluding) 148.0.7778.216 Up to (excluding) 148.0.7778.215
CVE-2026-9990	HIGH (7.5)	2026-05-28	Current versionnot affected	Use after free in WebAppInstalls in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Affected versions Up to (excluding) 148.0.7778.216
CVE-2026-9988	HIGH (8.3)	2026-05-28	Current versionnot affected	Use after free in WebRTC in Google Chrome on Linux prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) Affected versions Up to (excluding) 148.0.7778.216
CVE-2026-9987	HIGH (7.8)	2026-05-28	Current versionnot affected	Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 148.0.7778.216 allowed a local attacker to execute arbitrary code via a malicious file. (Chromium security severity: High) Affected versions Up to (excluding) 148.0.7778.216
CVE-2026-9984	HIGH (8.8)	2026-05-28	Current versionnot affected	Use after free in UI in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) Affected versions Up to (excluding) 148.0.7778.216
CVE-2026-9983	HIGH (8.8)	2026-05-28	Current versionnot affected	Type Confusion in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) Affected versions Up to (excluding) 148.0.7778.216 Up to (excluding) 148.0.7778.215
CVE-2026-9982	HIGH (8.3)	2026-05-28	Current versionnot affected	Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) Affected versions Up to (excluding) 148.0.7778.216 Up to (excluding) 148.0.7778.215
CVE-2026-9978	HIGH (8.8)	2026-05-28	Current versionnot affected	Use after free in Glic in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) Affected versions Up to (excluding) 148.0.7778.216 Up to (excluding) 148.0.7778.215
CVE-2026-9977	HIGH (8.3)	2026-05-28	Current versionnot affected	Insufficient validation of untrusted input in WebShare in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) Affected versions Up to (excluding) 148.0.7778.216
CVE-2026-9976	HIGH (8.8)	2026-05-28	Current versionnot affected	Inappropriate implementation in USB in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) Affected versions Up to (excluding) 148.0.7778.216 Up to (excluding) 148.0.7778.215
CVE-2026-9975	HIGH (8.3)	2026-05-28	Current versionnot affected	Out of bounds read and write in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) Affected versions Up to (excluding) 148.0.7778.216 Up to (excluding) 148.0.7778.215
CVE-2026-9974	HIGH (8.3)	2026-05-28	Current versionnot affected	Out of bounds write in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) Affected versions Up to (excluding) 148.0.7778.216 Up to (excluding) 148.0.7778.215
CVE-2026-9973	HIGH (8.8)	2026-05-28	Current versionnot affected	Out of bounds write in V8 in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) Affected versions Up to (excluding) 148.0.7778.216 Up to (excluding) 148.0.7778.215
CVE-2026-9972	HIGH (8.3)	2026-05-28	Current versionnot affected	Uninitialized Use in Gamepad in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) Affected versions Up to (excluding) 148.0.7778.216
CVE-2026-9970	HIGH (8.3)	2026-05-28	Current versionnot affected	Use after free in WebGL in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) Affected versions Up to (excluding) 148.0.7778.216 Up to (excluding) 148.0.7778.215
CVE-2026-9969	HIGH (8.8)	2026-05-28	Current versionnot affected	Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) Affected versions Up to (excluding) 148.0.7778.216 Up to (excluding) 148.0.7778.215
CVE-2026-9968	HIGH (8.8)	2026-05-28	Current versionnot affected	Integer overflow in V8 in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) Affected versions Up to (excluding) 148.0.7778.216 Up to (excluding) 148.0.7778.215
CVE-2026-9967	CRITICAL (9.6)	2026-05-28	Current versionnot affected	Out of bounds write in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) Affected versions Up to (excluding) 148.0.7778.216 Up to (excluding) 148.0.7778.215
CVE-2026-9966	HIGH (8.3)	2026-05-28	Current versionnot affected	Integer overflow in XML in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) Affected versions Up to (excluding) 148.0.7778.216

Feedback