Multiple vulnerabilities in Google Chrome (June 25, 2026)
Multiple vulnerabilities have been discovered in Google Chrome. They allow an attacker to cause an unspecified security issue by the vendor.
CSIRTS triage
- What
- Multiple vulnerabilities allow an attacker to cause an unspecified security issue.
- Who is affected
- Users of Google Chrome.
- Urgency
- Remediation is necessary as the vulnerabilities could potentially be exploited, though the severity is currently unknown.
- Action
- Monitor for updates from Google regarding patches.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch Chrome
Get an email when a new Chrome advisory drops — max one per day, one-click unsubscribe.
Details
Original advisory: https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0801/
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Low exploitation riskCVE-2026-130340.14% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 4% of all scored CVEs.
- Low exploitation riskCVE-2026-130270.19% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 9% of all scored CVEs.
- Low exploitation riskCVE-2026-130240.15% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 4% of all scored CVEs.
- Low exploitation riskCVE-2026-130250.18% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 8% of all scored CVEs.
- Low exploitation riskCVE-2026-130370.10% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 1% of all scored CVEs.
- Low exploitation riskCVE-2026-130230.19% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 8% of all scored CVEs.
- Low exploitation riskCVE-2026-130220.14% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 4% of all scored CVEs.
- Low exploitation riskCVE-2026-130300.19% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 8% of all scored CVEs.
- Low exploitation riskCVE-2026-130320.22% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 12% of all scored CVEs.
- Low exploitation riskCVE-2026-130210.14% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 4% of all scored CVEs.
Referenced CVEs
Same CVEs, other sources
How other CERTs, PSIRTs and databases cover the vulnerabilities in this advisory.
- unknownMultiple vulnerabilities in Microsoft Edge (June 29, 2026)cert-fr-avis
- unknownGoogle Chrome Multiple Vulnerabilitieshkcert
- unknownDSA-6364-1 chromium - security updatedebian
- unknownCVE-2026-13035: Chromium: CVE-2026-13035 Use after free in Bluetoothmsrc
- unknownCVE-2026-13034: Chromium: CVE-2026-13034 Inappropriate implementation in Passwordsmsrc
- unknownCVE-2026-13033: Chromium: CVE-2026-13033 Out of bounds read in Blink>InterestGroupsmsrc
- unknownCVE-2026-13031: Chromium: CVE-2026-13031 Use after free in Blinkmsrc
- unknownCVE-2026-13029: Chromium: CVE-2026-13029 Use after free in Web Authenticationmsrc
- unknownCVE-2026-13027: Chromium: CVE-2026-13027 Use after free in FileSystemmsrc
- unknownCVE-2026-13026: Chromium: CVE-2026-13026 Use after free in Digital Credentialsmsrc
- unknownCVE-2026-13025: Chromium: CVE-2026-13025 Insufficient validation of untrusted input in DevToolsmsrc
- unknownCVE-2026-13024: Chromium: CVE-2026-13024 Insufficient validation of untrusted input in Navigationmsrc
Recent advisories for Google Chrome
A cluster of recent advisories against the same product widens the attack surface — attackers routinely chain freshly published CVEs on one product, so review these together.
- unknownGoogle Chrome security advisory (AV26-679)cccs · 2026-07-09
- high[NEW] [high] Google Chrome: Multiple vulnerabilitiescert-bund · 2026-07-09
- high[UPDATE] [high] Google Chrome: Multiple vulnerabilities allow unspecified attackcert-bund · 2026-07-09
- unknownGoogle Chrome Multiple Vulnerabilitieshkcert · 2026-07-09
- unknownMultiple vulnerabilities in Google Chrome (July 09, 2026)cert-fr-avis · 2026-07-09
- highCVE-2026-15133: Use after free in InterestGroups in Google Chrome prior to 150.0.7871.115 allowed a remote att…nvd · 2026-07-08
More from CERT-FR Avis de sécurité
- unknownMultiple vulnerabilities in Red Hat Linux kernel (July 10, 2026)2026-07-10
- unknownMultiple vulnerabilities in Ubuntu Linux kernel (July 10, 2026)2026-07-10
- unknownMultiple vulnerabilities in Progress MOVEit Transfer (July 10, 2026)2026-07-10
- unknownVulnerability in NetApp ONTAP 9 (July 10, 2026)2026-07-10
- unknownVulnerability in CPython (July 10, 2026)2026-07-10