sales-inquiry@itecsonline.com|(214) 444-7884
Talk to ITECS

Google threat watch

Recent watch items and advisories tracked for Google inside the ITECS Threat Radar.

Back to Threat Radar

Tracked items

20

Active or featured

20

Vendor

Google

Vendor incident stream

Recent Google watch items

Use this vendor page to review the latest official watch items, compare activity against your environment, and decide whether the next step is an assessment, service-owner conversation, or direct remediation planning.

activeApr 1, 2026, 12:00 AMCVE-2026-5281

Google Dawn Use-After-Free Vulnerability

Google Dawn contains an use-after-free vulnerability that could allow a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. This vulnerability could affect multiple Chromium-based products including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Due date: 2026-04-15.

Official source
activeMar 13, 2026, 12:00 AMCVE-2026-3910

Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerability

Google Chromium V8 contains an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Due date: 2026-03-27.

Official source
activeMar 13, 2026, 12:00 AMCVE-2026-3909

Google Skia Out-of-Bounds Write Vulnerability

Google Skia contains an out-of-bounds write vulnerability that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. This vulnerability affects Google Chrome and ChromeOS, Android, Flutter, and possibly other products.

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Due date: 2026-03-27.

Official source
activeFeb 17, 2026, 12:00 AMCVE-2026-2441

Google Chromium CSS Use-After-Free Vulnerability

Google Chromium CSS contains a use-after-free vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Due date: 2026-03-10.

Official source
activeDec 12, 2025, 12:00 AMCVE-2025-14174

Google Chromium Out of Bounds Memory Access Vulnerability

Google Chromium contains an out of bounds memory access vulnerability in ANGLE that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Due date: 2026-01-02.

Official source
activeNov 19, 2025, 12:00 AMCVE-2025-13223

Google Chromium V8 Type Confusion Vulnerability

Google Chromium V8 contains a type confusion vulnerability that allows for heap corruption.

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Due date: 2025-12-10.

Official source
activeSep 23, 2025, 12:00 AMCVE-2025-10585

Google Chromium V8 Type Confusion Vulnerability

Google Chromium contains a type confusion vulnerability in the V8 JavaScript and WebAssembly engine.

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Due date: 2025-10-14.

Official source
activeJul 22, 2025, 12:00 AMCVE-2025-6558

Google Chromium ANGLE and GPU Improper Input Validation Vulnerability

Google Chromium contains an improper input validation vulnerability in ANGLE and GPU. This vulnerability could allow a remote attacker to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Due date: 2025-08-12.

Official source
activeJul 2, 2025, 12:00 AMCVE-2025-6554

Google Chromium V8 Type Confusion Vulnerability

Google Chromium V8 contains a type confusion vulnerability that could allow a remote attacker to perform arbitrary read/write via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Due date: 2025-07-23.

Official source
activeJun 5, 2025, 12:00 AMCVE-2025-5419

Google Chromium V8 Out-of-Bounds Read and Write Vulnerability

Google Chromium V8 contains an out-of-bounds read and write vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Due date: 2025-06-26.

Official source
activeMar 27, 2025, 12:00 AMCVE-2025-2783

Google Chromium Mojo Sandbox Escape Vulnerability

Google Chromium Mojo on Windows contains a sandbox escape vulnerability caused by a logic error, which results from an incorrect handle being provided in unspecified circumstances. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Due date: 2025-04-17.

Official source
activeAug 28, 2024, 12:00 AMCVE-2024-7965

Google Chromium V8 Inappropriate Implementation Vulnerability

Google Chromium V8 contains an inappropriate implementation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Due date: 2024-09-18.

Official source
activeAug 26, 2024, 12:00 AMCVE-2024-7971

Google Chromium V8 Type Confusion Vulnerability

Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Due date: 2024-09-16.

Official source
activeMay 28, 2024, 12:00 AMCVE-2024-5274

Google Chromium V8 Type Confusion Vulnerability

Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Due date: 2024-06-18.

Official source
activeMay 20, 2024, 12:00 AMCVE-2024-4947

Google Chromium V8 Type Confusion Vulnerability

Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page.

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Due date: 2024-06-10.

Official source
activeMay 16, 2024, 12:00 AMCVE-2024-4761

Google Chromium V8 Out-of-Bounds Memory Write Vulnerability

Google Chromium V8 Engine contains an unspecified out-of-bounds memory write vulnerability via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Due date: 2024-06-06.

Official source
activeMay 13, 2024, 12:00 AMCVE-2024-4671

Google Chromium Visuals Use-After-Free Vulnerability

Google Chromium Visuals contains a use-after-free vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Due date: 2024-06-03.

Official source
activeFeb 6, 2024, 12:00 AMCVE-2023-4762

Google Chromium V8 Type Confusion Vulnerability

Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Due date: 2024-02-27.

Official source
activeJan 17, 2024, 12:00 AMCVE-2024-0519

Google Chromium V8 Out-of-Bounds Memory Access Vulnerability

Google Chromium V8 Engine contains an out-of-bounds memory access vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Due date: 2024-02-07.

Official source
activeJan 2, 2024, 12:00 AMCVE-2023-7024

Google Chromium WebRTC Heap Buffer Overflow Vulnerability

Google Chromium WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could impact web browsers using WebRTC, including but not limited to Google Chrome.

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Due date: 2024-01-23.

Official source

ITECS response pathways

Turn the Google watch feed into an action plan

The vendor watch page is designed to support your broader cybersecurity architecture, not replace it, so these links point back into the service-owner and resource pages that already carry core commercial authority.

Cybersecurity services

Connect the vendor watch page to broader managed detection, response, and governance planning.

Cybersecurity assessment

Translate current watch items into a faster risk snapshot and prioritized remediation plan.

White papers & case studies

Review proof-driven material that supports continuity, resilience, and security decision-making.

ITECS blog

Use the resource library for longer-form guidance, vendor analysis, and implementation context.

Threat Radar hub

Return to the hub for cross-vendor prioritization, live filtering, and broader MSP threat context.

Vendor watch FAQ

What is the Google threat watch page?

It is the Google-specific view inside ITECS Threat Radar, built to track recent advisories, incidents, and watch items that may affect Dallas-area business operations.

How should teams use the Google watch page?

Use it to confirm whether current Google issues overlap with your environment, prioritize remediation, and decide whether you need an assessment, managed security follow-through, or vendor-specific hardening work.

Can ITECS help respond to Google security issues?

Yes. ITECS can help map Google advisories against your systems, validate affected services, prioritize remediation, and connect the issue to broader managed cybersecurity or managed IT workflows.