Multiple vulnerabilities in Google Chrome (July 2, 2026)
Multiple vulnerabilities have been discovered in Google Chrome. They allow an attacker to cause an unspecified security issue by the vendor.
CSIRTS triage
- What
- Multiple vulnerabilities allow an attacker to cause an unspecified security issue.
- Who is affected
- Users of Google Chrome.
- Urgency
- Remediation is necessary as the vulnerabilities could lead to security issues, though exploitation status is currently unknown.
- Action
- Update to the latest version of Google Chrome.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch Chrome
Get an email when a new Chrome advisory drops — max one per day, one-click unsubscribe.
Details
Original advisory: https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0829/
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Low exploitation riskCVE-2026-138480.35% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 27% of all scored CVEs.
- Low exploitation riskCVE-2026-140980.23% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 14% of all scored CVEs.
- Low exploitation riskCVE-2026-137910.32% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 24% of all scored CVEs.
- Low exploitation riskCVE-2026-141040.38% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 30% of all scored CVEs.
- Low exploitation riskCVE-2026-139340.32% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 24% of all scored CVEs.
- Low exploitation riskCVE-2026-140800.18% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 8% of all scored CVEs.
- Low exploitation riskCVE-2026-138060.30% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 22% of all scored CVEs.
- Low exploitation riskCVE-2026-141000.23% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 14% of all scored CVEs.
- Low exploitation riskCVE-2026-139330.26% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 17% of all scored CVEs.
- Low exploitation riskCVE-2026-143920.28% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 19% of all scored CVEs.
Referenced CVEs
+12 more CVEs referenced in this advisory.
Same CVEs, other sources
How other CERTs, PSIRTs and databases cover the vulnerabilities in this advisory.
- high[UPDATE] [high] Google Chrome: Multiple vulnerabilities allow unspecified attackcert-bund
- unknownMultiple vulnerabilities in Microsoft Edge (July 7, 2026)cert-fr-avis
- unknownMicrosoft Edge Multiple Vulnerabilitieshkcert
- unknownDSA-6378-1 chromium - security updatedebian
- unknownCVE-2026-14080: Chromium: CVE-2026-14080 Insufficient validation of untrusted input in TabSwitchermsrc
- unknownCVE-2026-14072: Chromium: CVE-2026-14072 Incorrect security UI in SplitViewmsrc
- unknownCVE-2026-14134: Chromium: CVE-2026-14134 Inappropriate implementation in Autofillmsrc
- unknownCVE-2026-14147: Chromium: CVE-2026-14147 Inappropriate implementation in CSSmsrc
- unknownCVE-2026-14131: Chromium: CVE-2026-14131 Insufficient validation of untrusted input in WebAppInstallsmsrc
- unknownCVE-2026-14104: Chromium: CVE-2026-14104 Insufficient validation of untrusted input in WebAppInstallsmsrc
- unknownCVE-2026-14010: Chromium: CVE-2026-14010 Uninitialized Use in Codecsmsrc
- unknownCVE-2026-14156: Chromium: CVE-2026-14156 Policy bypass in StorageAccessAPImsrc
Recent advisories for Google Chrome
A cluster of recent advisories against the same product widens the attack surface — attackers routinely chain freshly published CVEs on one product, so review these together.
- unknownGoogle Chrome security advisory (AV26-679)cccs · 2026-07-09
- high[NEW] [high] Google Chrome: Multiple vulnerabilitiescert-bund · 2026-07-09
- high[UPDATE] [high] Google Chrome: Multiple vulnerabilities allow unspecified attackcert-bund · 2026-07-09
- unknownGoogle Chrome Multiple Vulnerabilitieshkcert · 2026-07-09
- unknownMultiple vulnerabilities in Google Chrome (July 09, 2026)cert-fr-avis · 2026-07-09
- highCVE-2026-15133: Use after free in InterestGroups in Google Chrome prior to 150.0.7871.115 allowed a remote att…nvd · 2026-07-08
More from CERT-FR Avis de sécurité
- unknownMultiple vulnerabilities in Red Hat Linux kernel (July 10, 2026)2026-07-10
- unknownMultiple vulnerabilities in Ubuntu Linux kernel (July 10, 2026)2026-07-10
- unknownMultiple vulnerabilities in Progress MOVEit Transfer (July 10, 2026)2026-07-10
- unknownVulnerability in NetApp ONTAP 9 (July 10, 2026)2026-07-10
- unknownVulnerability in CPython (July 10, 2026)2026-07-10