—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in Google Chrome for Desktop

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

Google Chrome versions prior to 148.0.7778.167/168 for Windows and Mac

Google Chrome versions prior to 148.0.7778.167 for Linux

Overview

Multiple vulnerabilities have been reported in Google Chrome which could allow a remote attacker to execute arbitrary code, obtain sensitive information, bypass security restrictions, perform spoofing attack or cause denial of service (DoS) conditions on the targeted system.

Target Audience:

All end-user organizations and individuals using Google Chrome for Desktop.

Risk Assessment:

High risk of remote code execution, privilege escalation or unauthorized access to sensitive data.

Impact Assessment:

Potential for system compromise, data theft or service disruption.

Description

Google Chrome is a popular internet browser used for accessing information on the World Wide Web. It is designed for use on desktop systems including Windows, macOS and Linux.

Multiple vulnerabilities exist in Google Chrome due to Heap buffer overflow in WebML, ANGLE, Codecs, GPU, SwiftShader; Integer overflow in Skia, ANGLE, XML, GPU, Internationalization, Codecs, Fonts; Use after free in UI, FileSystem, Input, Aura, HID, Blink, Tab Groups, Downloads, Mojo, Network, Accessibility, Core, Media, Google Lens, GPU, GTK, Extensions; Insufficient validation of untrusted input in DataTransfer, Downloads, SiteIsolation, ReadingMode, Skia, GPU; Insufficient policy enforcement in ViewTransitions, Passwords, IFrame Sandbox, Payments, AI, GPU, Network, WebXR; Object lifecycle issue in WebShare, Dawn; Object corruption in Compositing; Race in Payments; Out of bounds write in Fonts, WebAudio, WebRTC, Media, Codecs; Out of bounds read in Media, UI, FileSystem, GPU; Script injection in SanitizerAPI; Type Confusion in V8, ANGLE; Inappropriate implementation in ANGLE, CORS, Views, Media, Chromoting, Downloads; Incorrect security UI in Fullscreen, Downloads; Side-channel information leakage in Navigation. A remote attacker could exploit these vulnerabilities by convincing a victim to open a specially crafted web request.

Successful exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code, obtain sensitive information, bypass security restrictions or cause denial of service (DoS) conditions on the targeted system.

Solution

Apply appropriate as mentioned by the vendor:

https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html

Vendor Information

 

https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html

References

 

https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html

CVE Name

CVE-2026-8509

CVE-2026-8510

CVE-2026-8511

CVE-2026-8512

CVE-2026-8513

CVE-2026-8514

CVE-2026-8515

CVE-2026-8516

CVE-2026-8517

CVE-2026-8518

CVE-2026-8519

CVE-2026-8520

CVE-2026-8521

CVE-2026-8522

CVE-2026-8523

CVE-2026-8524

CVE-2026-8525

CVE-2026-8526

CVE-2026-8527

CVE-2026-8528

CVE-2026-8529

CVE-2026-8530

CVE-2026-8531

CVE-2026-8532

CVE-2026-8533

CVE-2026-8534

CVE-2026-8535

CVE-2026-8536

CVE-2026-8537

CVE-2026-8538

CVE-2026-8539

CVE-2026-8540

CVE-2026-8541

CVE-2026-8542

CVE-2026-8543

CVE-2026-8544

CVE-2026-8545

CVE-2026-8546

CVE-2026-8547

CVE-2026-8548

CVE-2026-8549

CVE-2026-8550

CVE-2026-8551

CVE-2026-8552

CVE-2026-8553

CVE-2026-8554

CVE-2026-8555

CVE-2026-8556

CVE-2026-8557

CVE-2026-8558

CVE-2026-8559

CVE-2026-8560

CVE-2026-8561

CVE-2026-8562

CVE-2026-8563

CVE-2026-8564

CVE-2026-8565

CVE-2026-8566

CVE-2026-8567

CVE-2026-8568

CVE-2026-8569

CVE-2026-8570

CVE-2026-8571

CVE-2026-8572

CVE-2026-8573

CVE-2026-8574

CVE-2026-8575

CVE-2026-8576

CVE-2026-8577

CVE-2026-8578

CVE-2026-8579

CVE-2026-8580

CVE-2026-8581

CVE-2026-8582

CVE-2026-8583

CVE-2026-8584

CVE-2026-8585

CVE-2026-8586

CVE-2026-8587

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmoNy0sACgkQ3jCgcSdc

ys96pQ//XgcL2XfgOPwu2mv7FOd52P8qGlaarL6U1qqc3NbX39/0ORoooZpPselV

MON7q51fyBwASLepANLMTUewXv+INrbASK9c+AdxYv4Nqj0IewAZBznAkmVttBNP

YXmffvYUDnhMJqixm2tyeLVqIAc9pf7IvHZVQZYcsNGaonKwBa3z6kNBU5txazIl

pXCd5+udmCxreBgMy6WXaBArQU8NwRu5Q25DwxGC/eE17msfcx/XAuk0Nx9KapPA

gdt7BRQKVvDyM5g0svgDuNzGHWHUbh30rqtGMHLW6mCfCR4zShmQLWycJ7q6XIT9

mBuyh3sxbj44Sv9BWFGOX8WDaVLn0809hRFVSxVW7vw4GJoBjknhRc/GxdSm6LZm

0P11+JvVXs7pp4Jrulw627UBY1hNN0FqRKiN9udq0hP35kk8GFp5Hqqc0VzeMzFr

uVqcjehX9PmiDFS2inBxBfw0lQHdLwqUvxZxfaAqdvgWRlXiGqdLu2wUc+K+5Pk/

UCTllBXoh/vOzVR2lcDdr91BG/SdR7hOJQYA2lPesfcXIIlQzbvonzBSPw21vSb+

QVMDL9qo3m51m/10xfvXk73Om/xrCIK4ItyzYCftRqVcI4vJJBo1iSDSooHUYO3X

b0Arob5oM3g6xN9q1WHV7Y2n5yAA6nD6/fP+cNnGUvO980Lz3ZM=

=LLW9

—–END PGP SIGNATURE—–