Google product CVE coverage — Chrome, Android, cloud services, and platform component vulnerabilities.
Vendor watch hub
The Googlewatch hub is a vendor-specific view inside ITECS MSP Threat Radar. We pull the latest security advisories, incidents, and known-exploited CVEs directly from the official feeds below, score each one for MSP relevance, and surface what's most likely to need attention this week.
At a glance
Tracked
Active
Featured
Unique CVEs
Most recent entry
Apr 1, 2026, 12:16 AM
Feed refreshes daily · 5:15 a.m. Central
Sources·CISA KEV and NVD (product vendor coverage)
"Most recent entry" is the newest item the upstream feed has published — not our sync time.
Watch items
Showing the 20 most recent items, newest first. Each row links to the official advisory.
20 rows · sorted newest first
Operations viewUse after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Path Traversal in Clasp impacting versions < 3.2.0 allows a remote attacker to perform remote code execution via a malicious Google Apps Script project containing specially crafted filenames with directory traversal sequences.
Google Chromium V8 contains an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Google Skia contains an out-of-bounds write vulnerability that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. This vulnerability affects Google Chrome and ChromeOS, Android, Flutter, and possibly other products.
Arbitrary file write & potential privilege escalation exploiting zip slip vulnerability in Google Web Designer.
Google Chromium CSS contains a use-after-free vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
A denial-of-service (DoS) vulnerability exists in google.protobuf.json_format.ParseDict() in Python, where the max_recursion_depth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can supply deeply nested Any structures that bypass the intended recursion limit, eventually exhausting Python’s recursion stack and causing a RecursionError.
Google Chromium contains an out of bounds memory access vulnerability in ANGLE that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Android Framework contains an unspecified vulnerability that allows for privilege escalation.
Android Framework contains an unspecified vulnerability that allows for information disclosure.
Google Chromium V8 contains a type confusion vulnerability that allows for heap corruption.
Google Chromium contains a type confusion vulnerability in the V8 JavaScript and WebAssembly engine.
Android Runtime contains a use-after-free vulnerability potentially allowing a chrome sandbox escape leading to local privilege escalation.
Google Chromium contains an improper input validation vulnerability in ANGLE and GPU. This vulnerability could allow a remote attacker to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Google Chromium V8 contains a type confusion vulnerability that could allow a remote attacker to perform arbitrary read/write via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Google Chromium V8 contains an out-of-bounds read and write vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Google Chromium Mojo on Windows contains a sandbox escape vulnerability caused by a logic error, which results from an incorrect handle being provided in unspecified circumstances. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Android Framework contains an unspecified vulnerability that allows for privilege escalation.
Google Chromium V8 contains an inappropriate implementation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
| Alert | Exposure | Status | Published | Source |
|---|---|---|---|---|
chrome vulnerability (CVE-2026-5883)Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) chrome | HIGHCVE-2026-5883 Watch | watch | Apr 8, 2026, 5:16 PM | NVDOpen source |
chrome vulnerability (CVE-2026-5281)Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) chrome | HIGHCVE-2026-5281 Critical | active | Apr 1, 2026, 12:16 AM | CISA KEVOpen source |
clasp vulnerability (CVE-2026-4092)Path Traversal in Clasp impacting versions < 3.2.0 allows a remote attacker to perform remote code execution via a malicious Google Apps Script project containing specially crafted filenames with directory traversal sequences. clasp | HIGHCVE-2026-4092 Watch | watch | Mar 13, 2026, 2:55 PM | NVDOpen source |
Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer VulnerabilityGoogle Chromium V8 contains an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. Chromium V8 | criticalCVE-2026-3910 Critical | active | Mar 12, 2026, 7:00 PM | CISA KEVOpen source |
Google Skia Out-of-Bounds Write VulnerabilityGoogle Skia contains an out-of-bounds write vulnerability that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. This vulnerability affects Google Chrome and ChromeOS, Android, Flutter, and possibly other products. Skia | criticalCVE-2026-3909 Critical | active | Mar 12, 2026, 7:00 PM | CISA KEVOpen source |
web designer vulnerability (CVE-2026-3223)Arbitrary file write & potential privilege escalation exploiting zip slip vulnerability in Google Web Designer. web designer | HIGHCVE-2026-3223 Watch | watch | Feb 27, 2026, 8:16 AM | NVDOpen source |
Google Chromium CSS Use-After-Free VulnerabilityGoogle Chromium CSS contains a use-after-free vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. Chromium | criticalCVE-2026-2441 Critical | active | Feb 16, 2026, 6:00 PM | CISA KEVOpen source |
protobuf vulnerability (CVE-2026-0994)A denial-of-service (DoS) vulnerability exists in google.protobuf.json_format.ParseDict() in Python, where the max_recursion_depth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can supply deeply nested Any structures that bypass the intended recursion limit, eventually exhausting Python’s recursion stack and causing a RecursionError. protobuf | HIGHCVE-2026-0994 Watch | watch | Jan 23, 2026, 9:16 AM | NVDOpen source |
Google Chromium Out of Bounds Memory Access VulnerabilityGoogle Chromium contains an out of bounds memory access vulnerability in ANGLE that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. Chromium | criticalCVE-2025-14174 Critical | active | Dec 11, 2025, 6:00 PM | CISA KEVOpen source |
Android Framework Privilege Escalation VulnerabilityAndroid Framework contains an unspecified vulnerability that allows for privilege escalation. Framework | criticalCVE-2025-48572 Critical | active | Dec 1, 2025, 6:00 PM | CISA KEVOpen source |
Android Framework Information Disclosure VulnerabilityAndroid Framework contains an unspecified vulnerability that allows for information disclosure. Framework | criticalCVE-2025-48633 Critical | active | Dec 1, 2025, 6:00 PM | CISA KEVOpen source |
Google Chromium V8 Type Confusion VulnerabilityGoogle Chromium V8 contains a type confusion vulnerability that allows for heap corruption. Chromium V8 | criticalCVE-2025-13223 Critical | active | Nov 18, 2025, 6:00 PM | CISA KEVOpen source |
Google Chromium V8 Type Confusion VulnerabilityGoogle Chromium contains a type confusion vulnerability in the V8 JavaScript and WebAssembly engine. Chromium V8 | criticalCVE-2025-10585 Critical | active | Sep 22, 2025, 7:00 PM | CISA KEVOpen source |
Android Runtime Use-After-Free VulnerabilityAndroid Runtime contains a use-after-free vulnerability potentially allowing a chrome sandbox escape leading to local privilege escalation. Runtime | criticalCVE-2025-48543 Critical | active | Sep 3, 2025, 7:00 PM | CISA KEVOpen source |
Google Chromium ANGLE and GPU Improper Input Validation VulnerabilityGoogle Chromium contains an improper input validation vulnerability in ANGLE and GPU. This vulnerability could allow a remote attacker to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. Chromium | criticalCVE-2025-6558 Critical | active | Jul 21, 2025, 7:00 PM | CISA KEVOpen source |
Google Chromium V8 Type Confusion VulnerabilityGoogle Chromium V8 contains a type confusion vulnerability that could allow a remote attacker to perform arbitrary read/write via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. Chromium V8 | criticalCVE-2025-6554 Critical | active | Jul 1, 2025, 7:00 PM | CISA KEVOpen source |
Google Chromium V8 Out-of-Bounds Read and Write VulnerabilityGoogle Chromium V8 contains an out-of-bounds read and write vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. Chromium V8 | criticalCVE-2025-5419 Critical | active | Jun 4, 2025, 7:00 PM | CISA KEVOpen source |
Google Chromium Mojo Sandbox Escape VulnerabilityGoogle Chromium Mojo on Windows contains a sandbox escape vulnerability caused by a logic error, which results from an incorrect handle being provided in unspecified circumstances. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. Chromium Mojo | criticalCVE-2025-2783 Critical | active | Mar 26, 2025, 7:00 PM | CISA KEVOpen source |
Android Framework Privilege Escalation VulnerabilityAndroid Framework contains an unspecified vulnerability that allows for privilege escalation. Framework | criticalCVE-2024-43093 Critical | active | Nov 6, 2024, 6:00 PM | CISA KEVOpen source |
Google Chromium V8 Inappropriate Implementation VulnerabilityGoogle Chromium V8 contains an inappropriate implementation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. Chromium V8 | criticalCVE-2024-7965 Critical | active | Aug 27, 2024, 7:00 PM | CISA KEVOpen source |
ITECS response pathways
These pathways connect the vendor watch feed into service-owner resources that already carry commercial authority.
Use the endpoint detection & response pathway when this vendor alert needs an ITECS-managed response plan.
Connect the vendor watch page to broader managed detection, response, and governance planning.
Translate current watch items into a faster risk snapshot and prioritized remediation plan.
Return to the hub for cross-vendor prioritization, live filtering, and broader MSP threat context.
Vendor watch FAQ
It is the Google-specific view inside ITECS Threat Radar, built to track recent advisories, incidents, and watch items that may affect Dallas-area business operations.
Use it to confirm whether current Google issues overlap with your environment, prioritize remediation, and decide whether you need an assessment, managed security follow-through, or vendor-specific hardening work.
Yes. ITECS can help map Google advisories against your systems, validate affected services, prioritize remediation, and connect the issue to broader managed cybersecurity or managed IT workflows.