Product security contributor

Google Chrome

cited as evidence in 34 · CNA assigner on 74 of 74 known-exploited records. Every aggregate on this page is recomputed from the records listed below — each one already cited to its public source.

chromereleases.googleblog.com ↗ · home of the cited advisories

records cited in

deterministic count

finder / reporter credits

CVE.org credits

CVE records catalogued (CNA)

assigner

27%

avg modeled exploit prob.

FIRST EPSS, 74/74

ransomware-associated

1 of 74 · CISA flag

Known for

— recomputed from this contributor’s own records

SurfacesBrowser (69), Application / other (3), Operating system / kernel (2)

WeaknessMemory safety (62), Authorization / access control (3)

PortfolioGoogle (71), Linux (2), WebRTC (1)

Narrative reach

— how far this contributor’s records carry an attacker, front door → lights out

1Front door

73reach this stage

→

2Keys to the kingdom

73reach this stage

→

3Lateral reach

67reach this stage

→

4Data at risk

2reach this stage

→

5Lights out

0reach this stage

Furthest any of these records carries an attacker: 4 · Data at risk. 2 of 73 narrative-framed records reach data-at-risk or lights-out. (furthest-position idiom, reused from the landing map; the stage mapping is a model output over cited evidence.)

Recent highlights

— this contributor’s newest known-exploited records

CVE-2026-11645Google1%KEV CVE-2026-5281Google5%KEV CVE-2026-3909Google2%KEV CVE-2026-3910Google2%KEV CVE-2026-2441Google22%KEV CVE-2025-14174Google22%KEV

Every record they’re cited in

— all 74, each linked to its cited source

This is the evidence behind every number above. Sorted ransomware-first, then by modeled exploit probability.

CVE-2022-2294WebRTC70%RWKEV CVE-2023-4863Google100%KEV CVE-2016-5195Linux84%KEV CVE-2018-17463Google84%KEV CVE-2020-6418Google79%KEV CVE-2019-13720Google73%KEV CVE-2021-21220Google70%KEV CVE-2021-30551Google65%KEV CVE-2021-30632Google65%KEV CVE-2019-5786Google62%KEV CVE-2018-6065Google59%KEV CVE-2021-21224Google58%KEV CVE-2019-5825Google56%KEV CVE-2020-15999Google51%KEV CVE-2020-16009Google49%KEV CVE-2016-1646Google45%KEV CVE-2017-5030Google42%KEV CVE-2023-2033Google41%KEV CVE-2023-4762Google38%KEV CVE-2014-3153Linux37%KEV CVE-2021-38003Google36%KEV CVE-2021-37975Google35%KEV CVE-2016-5198Google35%KEV CVE-2023-5217Google34%KEV CVE-2018-17480Google34%KEV CVE-2021-30633Google33%KEV CVE-2022-4135Google32%KEV CVE-2023-3079Google32%KEV CVE-2017-5070Google31%KEV CVE-2021-21166Google27%KEV CVE-2022-3038Google25%KEV CVE-2022-1096Google24%KEV CVE-2022-0609Google24%KEV CVE-2025-14174Google22%KEV CVE-2026-2441Google22%KEV CVE-2021-37976Google20%KEV CVE-2021-21148Google20%KEV CVE-2023-6345Google20%KEV CVE-2024-7971Google19%KEV CVE-2024-7965Google17%KEV CVE-2021-30533Google17%KEV CVE-2022-4262Google16%KEV CVE-2024-4947Google15%KEV CVE-2022-1364Google14%KEV CVE-2021-37973Google12%KEV CVE-2024-4761Google11%KEV CVE-2020-6572Google11%KEV CVE-2024-5274Google10%KEV CVE-2021-21193Google10%KEV CVE-2025-6558Google10%KEV CVE-2021-21206Google9%KEV CVE-2021-30563Google9%KEV CVE-2025-2783Google9%KEV CVE-2024-4671Google8%KEV CVE-2021-4102Google8%KEV CVE-2021-30554Google7%KEV CVE-2023-7024Google7%KEV CVE-2022-3723Google7%KEV CVE-2025-6554Google7%KEV CVE-2025-5419Google6%KEV CVE-2020-16010Google6%KEV CVE-2023-2136Google6%KEV CVE-2022-3075Google6%KEV CVE-2026-5281Google5%KEV CVE-2025-10585Google5%KEV CVE-2025-13223Google5%KEV CVE-2022-2856Google4%KEV CVE-2021-38000Google4%KEV CVE-2024-0519Google4%KEV CVE-2020-16013Google3%KEV CVE-2020-16017Google3%KEV CVE-2026-3910Google2%KEV CVE-2026-3909Google2%KEV CVE-2026-11645Google1%KEV

Coverage & confidence

— what this profile claims, and what it does not

Established (cited)

Cited in 74 known-exploited records — the list below; every one links to its public source.

Catalogued 74 CVE record(s) as the CNA assigner (from CVE.org).

Coverage gaps — stated, not hidden

This profile is an aggregation: it asserts only what the listed records already cite — no new external claim about the contributor is made.

The TYPE badge and the narrative-stage mapping are editorial (our call), labeled as such, not a sourced fact.