Exploited CVEs / By vendor / Google
Google vulnerabilities actively exploited
72 Google CVEs on the CISA Known Exploited Vulnerabilities catalog, newest first. Refreshed daily.
Every CVE below is confirmed exploited in the wild, not just theoretically severe. The newest addition is CVE-2026-11645 (Chromium V8, added 2026-06-09). New CISA KEV entries appear here the day they are cataloged; the freshest across all vendors are on exploited this week.
Ask your own AI about Google exploited CVEs
Copy this prompt into Claude, ChatGPT, or Copilot. The facts are included, sourced from this page.
Chromium V8: 39 exploited CVEs
| CVE | Product | Added to KEV | Signals |
|---|---|---|---|
| CVE-2026-11645 | Chromium V8 | 2026-06-09 | CVSS 8.8, EPSS 2% |
| CVE-2026-3910 | Chromium V8 | 2026-03-13 | CVSS 8.8, EPSS 2% |
| CVE-2025-13223 | Chromium V8 | 2025-11-19 | CVSS 8.8, EPSS 5% |
| CVE-2025-10585 | Chromium V8 | 2025-09-23 | CVSS 9.8, EPSS 5% |
| CVE-2025-6554 | Chromium V8 | 2025-07-02 | CVSS 8.1, EPSS 7% |
| CVE-2025-5419 | Chromium V8 | 2025-06-05 | CVSS 8.8, EPSS 6% |
| CVE-2024-7965 | Chromium V8 | 2024-08-28 | CVSS 8.8, EPSS 17% |
| CVE-2024-7971 | Chromium V8 | 2024-08-26 | CVSS 9.6, EPSS 19% |
| CVE-2024-5274 | Chromium V8 | 2024-05-28 | CVSS 9.6, EPSS 10% |
| CVE-2024-4947 | Chromium V8 | 2024-05-20 | CVSS 9.6, EPSS 15% |
| CVE-2024-4761 | Chromium V8 | 2024-05-16 | CVSS 8.8, EPSS 11% |
| CVE-2023-4762 | Chromium V8 | 2024-02-06 | CVSS 8.8, EPSS 38% |
| CVE-2024-0519 | Chromium V8 | 2024-01-17 | CVSS 8.8, EPSS 4% |
| CVE-2023-3079 | Chromium V8 | 2023-06-07 | CVSS 8.8, EPSS 33% |
| CVE-2023-2033 | Chromium V8 | 2023-04-17 | CVSS 8.8, EPSS 41% |
| CVE-2022-4262 | Chromium V8 | 2022-12-05 | CVSS 8.8, EPSS 16% |
| CVE-2022-3723 | Chromium V8 | 2022-10-28 | CVSS 8.8, EPSS 7% |
| CVE-2016-1646 | Chromium V8 | 2022-06-08 | CVSS 8.8, EPSS 48% |
| CVE-2016-5198 | Chromium V8 | 2022-06-08 | CVSS 8.8, EPSS 35% |
| CVE-2017-5030 | Chromium V8 | 2022-06-08 | CVSS 8.8, EPSS 42% |
| CVE-2017-5070 | Chromium V8 | 2022-06-08 | CVSS 8.8, EPSS 31% |
| CVE-2018-17463 | Chromium V8 | 2022-06-08 | CVSS 8.8, EPSS 84% |
| CVE-2018-17480 | Chromium V8 | 2022-06-08 | CVSS 8.8, EPSS 34% |
| CVE-2018-6065 | Chromium V8 | 2022-06-08 | CVSS 8.8, EPSS 59% |
| CVE-2019-5825 | Chromium V8 | 2022-06-08 | CVSS 6.5, EPSS 56% |
| CVE-2022-1364 | Chromium V8 | 2022-04-15 | CVSS 8.8, EPSS 14% |
| CVE-2022-1096 | Chromium V8 | 2022-03-28 | CVSS 8.8, EPSS 24% |
| CVE-2021-4102 | Chromium V8 | 2021-12-15 | CVSS 8.8, EPSS 8% |
| CVE-2020-16009 | Chromium V8 | 2021-11-03 | CVSS 8.8, EPSS 49% |
| CVE-2020-16013 | Chromium V8 | 2021-11-03 | CVSS 8.8, EPSS 3% |
| CVE-2020-6418 | Chromium V8 | 2021-11-03 | CVSS 8.8, EPSS 79% |
| CVE-2021-21148 | Chromium V8 | 2021-11-03 | CVSS 8.8, EPSS 20% |
| CVE-2021-21220 | Chromium V8 | 2021-11-03 | CVSS 8.8, EPSS 70% |
| CVE-2021-21224 | Chromium V8 | 2021-11-03 | CVSS 8.8, EPSS 58% |
| CVE-2021-30551 | Chromium V8 | 2021-11-03 | CVSS 8.8, EPSS 65% |
| CVE-2021-30563 | Chromium V8 | 2021-11-03 | CVSS 8.8, EPSS 9% |
| CVE-2021-30632 | Chromium V8 | 2021-11-03 | CVSS 8.8, EPSS 65% |
| CVE-2021-37975 | Chromium V8 | 2021-11-03 | CVSS 8.8, EPSS 35% |
| CVE-2021-38003 | Chromium V8 | 2021-11-03 | CVSS 8.8, EPSS 36% |
Chromium: 6 exploited CVEs
| CVE | Product | Added to KEV | Signals |
|---|---|---|---|
| CVE-2026-2441 | Chromium | 2026-02-17 | CVSS 8.8, EPSS 22% |
| CVE-2025-14174 | Chromium | 2025-12-12 | CVSS 8.8, EPSS 22% |
| CVE-2025-6558 | Chromium | 2025-07-22 | CVSS 8.8, EPSS 9% |
| CVE-2024-4671 | Chromium | 2024-05-13 | CVSS 9.6, EPSS 8% |
| CVE-2021-21166 | Chromium | 2021-11-03 | CVSS 8.8, EPSS 27% |
| CVE-2021-37976 | Chromium | 2021-11-03 | CVSS 6.5, EPSS 20% |
Other Google products
| CVE | Product | Added to KEV | Signals |
|---|---|---|---|
| CVE-2026-5281 | Dawn | 2026-04-01 | CVSS 8.8, EPSS 5% |
| CVE-2026-3909 | Skia | 2026-03-13 | CVSS 8.8, EPSS 2% |
| CVE-2025-2783 | Chromium Mojo | 2025-03-27 | CVSS 8.3, EPSS 8% |
| CVE-2023-7024 | Chromium WebRTC | 2024-01-02 | CVSS 8.8, EPSS 7% |
| CVE-2023-6345 | Chromium Skia | 2023-11-30 | CVSS 9.6, EPSS 20% |
| CVE-2023-5217 | Chromium libvpx | 2023-10-02 | CVSS 8.8, EPSS 49% |
| CVE-2023-4863 | Chromium WebP | 2023-09-13 | CVSS 8.8, EPSS 100% |
| CVE-2023-2136 | Chromium Skia | 2023-04-21 | CVSS 9.6, EPSS 6% |
| CVE-2022-3038 | Chromium Network Service | 2023-03-30 | CVSS 8.8, EPSS 25% |
| CVE-2022-4135 | Chromium GPU | 2022-11-28 | CVSS 9.6, EPSS 32% |
| CVE-2022-3075 | Chromium Mojo | 2022-09-08 | CVSS 9.6, EPSS 6% |
| CVE-2022-2856 | Chromium Intents | 2022-08-18 | CVSS 6.5, EPSS 4% |
| CVE-2021-30533 | Chromium PopupBlocker | 2022-06-27 | CVSS 6.5, EPSS 17% |
| CVE-2019-13720 | Chrome WebAudio | 2022-05-23 | CVSS 8.8, EPSS 73% |
| CVE-2019-5786 | Chrome Blink | 2022-05-23 | CVSS 6.5, EPSS 62% |
| CVE-2021-39793 | Pixel | 2022-04-11 | CVSS 7.8, EPSS 1% |
| CVE-2022-0609 | Chromium Animation | 2022-02-15 | CVSS 8.8, EPSS 24% |
| CVE-2020-6572 | Chrome Media | 2022-01-10 | CVSS 8.8, EPSS 11% |
| CVE-2020-15999 | Chrome FreeType | 2021-11-03 | CVSS 9.6, EPSS 51% |
| CVE-2020-16010 | Chrome for Android UI | 2021-11-03 | CVSS 9.6, EPSS 6% |
| CVE-2020-16017 | Chrome | 2021-11-03 | CVSS 9.6, EPSS 3% |
| CVE-2021-21193 | Chromium Blink | 2021-11-03 | CVSS 8.8, EPSS 10% |
| CVE-2021-21206 | Chromium Blink | 2021-11-03 | CVSS 8.8, EPSS 9% |
| CVE-2021-30554 | Chromium WebGL | 2021-11-03 | CVSS 8.8, EPSS 7% |
| CVE-2021-30633 | Chromium Indexed DB API | 2021-11-03 | CVSS 9.6, EPSS 33% |
| CVE-2021-37973 | Chromium Portals | 2021-11-03 | CVSS 9.6, EPSS 12% |
| CVE-2021-38000 | Chromium Intents | 2021-11-03 | CVSS 6.1, EPSS 4% |
Common questions about exploited Google CVEs
Which Google vulnerabilities are actively exploited?
As of July 2026, 72 Google CVEs are on the CISA Known Exploited Vulnerabilities catalog, meaning exploitation in the wild is confirmed. The most-listed products are Chromium V8 (39), Chromium (6).
What is the newest exploited Google CVE?
CVE-2026-11645, affecting Chromium V8, added to the CISA KEV catalog on 2026-06-09. This page refreshes daily, so the newest entry is always first in the table.
How urgent are these Google CVEs?
KEV listing is the strongest fix-first signal there is: it means confirmed exploitation, not a prediction. Patch these ahead of higher-CVSS issues that nobody is exploiting. Check the vendor advisory (linked below) for fixed versions and workarounds.
Can I ask my own AI about exploited Google CVEs?
Yes. This page includes a free copy-paste AI prompt carrying the newest Google KEV entries, with CVSS, EPSS, and ransomware context, into Claude, ChatGPT, or Copilot. The data is refreshed daily.
Authoritative references
All vendors, searchable with due dates and CSV export: the exploited-CVE tracker. Every vendor with a page: exploited by vendor.