Known Exploited Vulnerabilities (KEV)

CISA Catalog

Known Exploited Vulnerabilities

· Live CISA DataCISA KEV catalog — vulnerabilities with active exploitation requiring federal remediation

Data sourced from the official CISA Known Exploited Vulnerabilities Catalog. Federal agencies are required to remediate these vulnerabilities by the due date per BOD 22-01.

KEV Entries

1,619

Ransomware Use

327

Overdue

1,615

Vendors

266

Products

655

72 results · Page 1/3

CVE-2026-11645

Due: 2026-06-23
Added: 2026-06-09

Google Chromium V8 Out-of-Bounds Read and Write Vulnerability

Google · Chromium V8

Google Chromium V8 out-of-bounds read and write vulnerability that could allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Required Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CVE-2026-5281Overdue

Due: 2026-04-15
Added: 2026-04-01

Google Dawn Use-After-Free Vulnerability

Google · Dawn

Google Dawn contains an use-after-free vulnerability that could allow a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. This vulnerability could affect multiple Chromium-based products including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Required Action

1 / 3

CVE-2026-3910Overdue

Due: 2026-03-27
Added: 2026-03-13

Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerability

Google · Chromium V8

Google Chromium V8 contains an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Required Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CVE-2026-3909Overdue

Due: 2026-03-27
Added: 2026-03-13

Google Skia Out-of-Bounds Write Vulnerability

Google · Skia

Google Skia contains an out-of-bounds write vulnerability that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. This vulnerability affects Google Chrome and ChromeOS, Android, Flutter, and possibly other products.

Required Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CVE-2026-2441Overdue

Due: 2026-03-10
Added: 2026-02-17

Google Chromium CSS Use-After-Free Vulnerability

Google · Chromium

Google Chromium CSS contains a use-after-free vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Required Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CVE-2025-14174Overdue

Due: 2026-01-02
Added: 2025-12-12

Google Chromium Out of Bounds Memory Access Vulnerability

Google · Chromium

Google Chromium contains an out of bounds memory access vulnerability in ANGLE that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Required Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CVE-2025-13223Overdue

Due: 2025-12-10
Added: 2025-11-19

Google Chromium V8 Type Confusion Vulnerability

Google · Chromium V8

Google Chromium V8 contains a type confusion vulnerability that allows for heap corruption.

Required Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CVE-2025-10585Overdue

Due: 2025-10-14
Added: 2025-09-23

Google Chromium V8 Type Confusion Vulnerability

Google · Chromium V8

Google Chromium contains a type confusion vulnerability in the V8 JavaScript and WebAssembly engine.

Required Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CVE-2025-6558Overdue

Due: 2025-08-12
Added: 2025-07-22

Google Chromium ANGLE and GPU Improper Input Validation Vulnerability

Google · Chromium

Google Chromium contains an improper input validation vulnerability in ANGLE and GPU. This vulnerability could allow a remote attacker to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Required Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CVE-2025-6554Overdue

Due: 2025-07-23
Added: 2025-07-02

Google Chromium V8 Type Confusion Vulnerability

Google · Chromium V8

Google Chromium V8 contains a type confusion vulnerability that could allow a remote attacker to perform arbitrary read/write via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Required Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CVE-2025-5419Overdue

Due: 2025-06-26
Added: 2025-06-05

Google Chromium V8 Out-of-Bounds Read and Write Vulnerability

Google · Chromium V8

Google Chromium V8 contains an out-of-bounds read and write vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Required Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CVE-2025-2783Overdue

Due: 2025-04-17
Added: 2025-03-27

Google Chromium Mojo Sandbox Escape Vulnerability

Google · Chromium Mojo

Google Chromium Mojo on Windows contains a sandbox escape vulnerability caused by a logic error, which results from an incorrect handle being provided in unspecified circumstances. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Required Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CVE-2024-7965Overdue

Due: 2024-09-18
Added: 2024-08-28

Google Chromium V8 Inappropriate Implementation Vulnerability

Google · Chromium V8

Google Chromium V8 contains an inappropriate implementation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Required Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

CVE-2024-7971Overdue

Due: 2024-09-16
Added: 2024-08-26

Google Chromium V8 Type Confusion Vulnerability

Google · Chromium V8

Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Required Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

CVE-2024-5274Overdue

Due: 2024-06-18
Added: 2024-05-28

Google Chromium V8 Type Confusion Vulnerability

Google · Chromium V8

Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Required Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

CVE-2024-4761Overdue

Due: 2024-06-06
Added: 2024-05-16

Google Chromium V8 Out-of-Bounds Memory Write Vulnerability

Google · Chromium V8

Google Chromium V8 Engine contains an unspecified out-of-bounds memory write vulnerability via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Required Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

CVE-2024-4671Overdue

Due: 2024-06-03
Added: 2024-05-13

Google Chromium Visuals Use-After-Free Vulnerability

Google · Chromium

Google Chromium Visuals contains a use-after-free vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Required Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

CVE-2023-4762Overdue

Due: 2024-02-27
Added: 2024-02-06

Google Chromium V8 Type Confusion Vulnerability

Google · Chromium V8

Required Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

CVE-2024-0519Overdue

Due: 2024-02-07
Added: 2024-01-17

Google Chromium V8 Out-of-Bounds Memory Access Vulnerability

Google · Chromium V8

Google Chromium V8 Engine contains an out-of-bounds memory access vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Required Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

CVE-2023-7024Overdue

Due: 2024-01-23
Added: 2024-01-02

Google Chromium WebRTC Heap Buffer Overflow Vulnerability

Google · Chromium WebRTC

Google Chromium WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could impact web browsers using WebRTC, including but not limited to Google Chrome.

Required Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

CVE-2023-6345Overdue

Due: 2023-12-21
Added: 2023-11-30

Google Skia Integer Overflow Vulnerability

Google · Chromium Skia

Google Chromium Skia contains an integer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a malicious file. This vulnerability affects Google Chrome and ChromeOS, Android, Flutter, and possibly other products.

Required Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

CVE-2023-5217Overdue

Due: 2023-10-23
Added: 2023-10-02

Google Chromium libvpx Heap Buffer Overflow Vulnerability

Google · Chromium libvpx

Google Chromium libvpx contains a heap buffer overflow vulnerability in vp8 encoding that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could impact web browsers using libvpx, including but not limited to Google Chrome.

Required Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

CVE-2023-4863Overdue

Due: 2023-10-04
Added: 2023-09-13

Google Chromium WebP Heap-Based Buffer Overflow Vulnerability

Google · Chromium WebP

Google Chromium WebP contains a heap-based buffer overflow vulnerability that allows a remote attacker to perform an out-of-bounds memory write via a crafted HTML page. This vulnerability can affect applications that use the WebP Codec.

Required Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

CVE-2023-3079Overdue

Due: 2023-06-28
Added: 2023-06-07

Google Chromium V8 Type Confusion Vulnerability

Google · Chromium V8

Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Required Action

Apply updates per vendor instructions.