CVE-2026-6305 – Google Chrome Update
“A single browser session can become the entry point for a full-scale attack.”
Two latest Google Chrome patches (one with 118 CVEs and another with 30+ CVEs) address a wide range of vulnerabilities across browser components, including rendering engines, memory handling, and sandbox enforcement. These issues could allow attackers to execute arbitrary code, escape security boundaries, or destabilize the browser using malicious web content. The update includes multiple critical and high-severity flaws that significantly expand the browser’s attack surface.
Critical Severity
• CVE-2026-7908 — 9.6
• CVE-2026-6296 — 9.6
High Severity
• CVE-2026-5281 — 8.8 (Active exploitation)
• CVE-2026-7896 — 8.8
• CVE-2026-7898 — 8.8
• CVE-2026-7899 — 8.8
• CVE-2026-7901 — 8.8
• CVE-2026-7902 — 8.8
• CVE-2026-7903 — 8.8
• CVE-2026-7906 — 8.8
• CVE-2026-7907 — 8.8
• CVE-2026-6299 — 8.8
• CVE-2026-6300 — 8.8
• CVE-2026-6301 — 8.8
• CVE-2026-6302 — 8.8
• CVE-2026-6303 — 8.8
• CVE-2026-6305 — 8.8
• CVE-2026-6306 — 8.8
• CVE-2026-6307 — 8.8
• CVE-2026-6315 — 8.8
• CVE-2026-6316 — 8.8
• CVE-2026-6317 — 8.8
• CVE-2026-6318 — 8.8
• CVE-2026-6359 — 8.8
• CVE-2026-6360 — 8.8
• CVE-2026-6363 — 8.8
• CVE-2026-7900 — 8.3
• CVE-2026-7911 — 8.3
• CVE-2026-6297 — 8.3
• CVE-2026-6304 — 8.3
• CVE-2026-6309 — 8.3
• CVE-2026-6310 — 8.3
• CVE-2026-6311 — 8.3
• CVE-2026-6314 — 8.3
• CVE-2026-6361 — 8.3
• CVE-2026-6308 — 7.5
Medium Severity
• CVE-2026-6364 — 6.5
• CVE-2026-6362 — 6.3
• CVE-2026-6298 — 4.3
Low Severity
• CVE-2026-6312 — 3.1
• CVE-2026-6313 — 3.1
There is no verified proof-of-concept code for most vulnerabilities, but the presence of active exploitation for one issue and multiple critical flaws increases overall risk.
Key Details
- Affected Product
- Google Chrome
- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- Required
- CWE Classification
- CWE-122