| CVE‑2026‑4442 | High | CSS rendering | A remote attacker can trigger heap corruption via a crafted HTML/CSS page, potentially leading to arbitrary code execution. | A remote attacker can reuse already‑freed memory via malicious WebRTC‑driven pages. |
| CVE‑2026‑4443 | High | WebAudio | Heap buffer overflow in WebAudio. | Crafted audio‑related web content can corrupt heap memory. |
| CVE‑2026‑4444 | High | WebRTC | Stack buffer overflow in WebRTC. | Specially crafted WebRTC‑enabled content may trigger stack‑based memory corruption. |
| CVE‑2026‑4445 | High | WebRTC | Use‑after‑free in WebRTC. | Malicious JavaScript can abuse an implementation flaw to escape expected constraints. |
| CVE‑2026‑4446 | High | WebRTC | Use‑after‑free in WebRTC. | Similar to CVE‑2026‑4445, enabling memory‑layout manipulation. |
| CVE‑2026‑4447 | High | V8 JavaScript engine | Inappropriate implementation in V8. | Navigation/policies |
| CVE‑2026‑4448 | High | ANGLE graphics layer | Heap buffer overflow in ANGLE. | Crafted WebGL / 3D‑heavy content may corrupt GPU‑related memory structures. |
| CVE‑2026‑4449 | High | Blink rendering engine | Use‑after‑free in Blink. | Arbitrary HTML pages can trigger use‑after‑free, aiding exploitation chains. |
| CVE‑2026‑4450 | High | V8 JavaScript engine | Out‑of‑bounds write in V8. | Malicious JS can write past buffer boundaries, enabling memory‑layout manipulation. |
| CVE‑2026‑4451 | High | A remote attacker may abuse navigation logic if user‑controlled input is not properly validated. | Insufficient validation of untrusted input in Navigation. | Similar to ANGLE, overflow can cause GPU‑driver‑level memory issues. |
| CVE‑2026‑4452 | High | ANGLE graphics layer | Integer overflow in ANGLE. | Integer overflow can lead to buffer‑size miscalculations and memory‑corruption primitives. |
| CVE‑2026‑4453 | High | Dawn (WebGPU) | Integer overflow in Dawn. | Malicious or compromised extensions can trigger the reuse of freed extension objects. |
| CVE‑2026‑4454 | High | Networking stack | Use‑after‑free in Network. | Carefully crafted network traffic or Web‑API interactions can free and reuse network objects. |
| CVE‑2026‑4455 | High | PDFium (PDF renderer) | Heap buffer overflow in PDFium. | Malicious or malformed PDFs can corrupt heap memory when opened in Chrome. |
| CVE‑2026‑4456 | High | Digital Credentials API | Use‑after‑free in Digital Credentials API. | Abusing credential‑handling flows may allow reuse of freed credential‑related objects. |
| CVE‑2026‑4457 | High | V8 JavaScript engine | Type confusion in V8. | JavaScript can confuse object types, potentially bypassing JIT guards. |
| CVE‑2026‑4458 | High | Extensions platform | Use‑after‑free in Extensions. | WebRTC‑enabled content can cause heap‑allocated WebRTC objects. |
| CVE‑2026‑4459 | High | WebAudio | Out‑of‑bounds read and write in WebAudio. | Audio‑scripted pages can read/write outside allocated audio buffers. |
| CVE‑2026‑4460 | High | Skia graphics library | Out‑of‑bounds read in Skia. | Crafted rendering operations can access memory beyond allocated drawing surfaces. |
| CVE‑2026‑4461 | High | V8 JavaScript engine | Inappropriate implementation in V8. | WebRTC‑enabled content can cause heap‑allocated WebRTC objects to overflow. |
| CVE‑2026‑4462 | High | Blink rendering engine | Out‑of‑bounds read in Blink. | Carefully structured HTML/CSS can read beyond allocated DOM/element structures. |
| CVE‑2026‑4463 | High | WebRTC | Heap buffer overflow in WebRTC. | Malicious JavaScript can exploit a vulnerability to execute code or bypass security checks. |
