[CIVN-2026-0350] Multiple Vulnerabilities in Google Chrome for Desktop

By Published On: July 2, 2026

—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256


Multiple Vulnerabilities in Google Chrome for Desktop


Indian – Computer Emergency Response Team (https://www.cert-in.org.in)


Severity Rating: HIGH


Software Affected


Google Chrome versions prior to 149.0.7827.196/197 for Windows

Google Chrome versions prior to 149.0.7827.196/197 for Mac

Google Chrome versions prior to 149.0.7827.196 for Linux

Overview


Multiple Vulnerabilities have been reported in Google Chrome for Desktop, which could be exploited by a remote attacker to execute arbitrary code, cause denial of service conditions, bypass security restrictions and sensitive information disclosure on the targeted system.


Target Audience:

All end user organizations and individuals using Google Chrome for Desktop (Windows, macOS and Linux platforms).


Risk Assessment:

High risk of Remote Code Execution (RCE), Denial of Service (DoS), and bypass security restriction.


Impact Assessment:

Potential for Information disclosure, data manipulation and security restriction bypass.


Description


Google Chrome is a popular internet browser that is used for accessing the information available on the World Wide Web. It is designed for use on Desktop computers such as those running on Windows, macOS or Linux operating systems.


Multiple Vulnerabilities exist in Google Chrome due to Use after free in WebGL, Autofill, Digital Credentials, FileSystem, Web Authentication, Blink, Bluetooth, and WebView; Out of bounds read in Blink; Uninitialized memory usage in GPU; Insufficient validation of untrusted input in Navigation and DevTools; Inappropriate implementation in Device Bound Session Credentials, Autofill, and Passwords. A remote attacker could exploit these vulnerabilities by persuading a victim to visit specially crafted web page.


Successful exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code, cause denial of service conditions, bypass security restrictions and sensitive information disclosure on the targeted system.


Solution


Apply appropriate updates as mentioned by the vendor:

https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0482630350.html



Vendor Information


Google Chrome

https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0482630350.html


References


Google Chrome

https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0482630350.html


CVE Name

CVE-2026-13021

CVE-2026-13022

CVE-2026-13023

CVE-2026-13024

CVE-2026-13025

CVE-2026-13026

CVE-2026-13027

CVE-2026-13028

CVE-2026-13029

CVE-2026-13030

CVE-2026-13031

CVE-2026-13032

CVE-2026-13033

CVE-2026-13034

CVE-2026-13035

CVE-2026-13036

CVE-2026-13037

CVE-2026-13038




– —


Thanks and Regards,

CERT-In


Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS


Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–


iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmpGblgACgkQ3jCgcSdc

ys8sEhAAoEevCOrTU0k2q5APjNjnd4l+oYcHK1TGxvJs1ZKUd5Dakc4kgSLEZNP9

v0Ql6ivF6aHewl04kwdFa40I6F9sGPGfrH2U/E/HAtI2n2EpVuz49Etho/vvwl3q

NAa0LJH3TiY4YgDN1R8nPWDAIdrnx0Fk82LvOa5esxEm2/mFXWTpa1REA68paJ9h

xRcQQmFSczk5DVfmliUmykLSBizwB6w2ZRPGpjWxss5hrYFc5GT7SmFp8grHWmlm

6OMM1k+sUF8Kh03/VpDMpQkzEKh05WylcWU/BOMQjMG3Ew1zITPI37mXBVwKSar9

SVoOrrwVyooEAhl7brSpTXGxVYQiDI75KUxN25GuEiDe+QLSDNQfFgTWjILuryHo

YPW0+Pb8lT5XoOUhHUx7MW0GMyFB3zwNW0uhfB1j1sgfzMWUWGuOxWE0LV/y5+dB

rYVgTwIKV+h5ab9CVOghUFrNh8076B5MPcTr2ZNqaMEG35y+w7NpaDjeXFDAi5pW

/3YlH/jFbPPg0qNnQThXnZd02O76ZQ9CCvW/YVx02ggTj4JcdQZdCLJ7/oJqKGiR

vDONoEeG+S6SWCsUJ1WsbZ7NEY2B8GpjcK9Bo/oYZZysMHom2fmyfAoimJgP+fCH

bbfUEFMwj5OKe9/qpXo+lNDeaEzLRitlC032BhWRtvz/J6ZQNyg=

=iad+

—–END PGP SIGNATURE—–

Share this article