697 matches found
CVE-2026-13882
Race in USB in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13880
Use after free in USB in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13876
Inappropriate implementation in Network in Google Chrome prior to 150.0.7871.47 allowed an attacker in a privileged network position to bypass content security policy via malicious network traffic. Chromium security severity: Medium...
CVE-2026-13872
Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to potentially perform a sandbox escape via a malicious file. Chromium security severity: Medium...
CVE-2026-13867
CVE-2026-13867 affects Google Chrome’s Geolocation implementation. The vulnerability arises from an inappropriate Geolocation implementation, enabling a remote attacker to spoof UI via a crafted HTML page. Impact is UI spoofing with no confirmed exploitation details beyond the description; affect...
CVE-2026-13852
Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to bypass discretionary access control via a crafted HTML page. Chromium security severity: High...
CVE-2026-13842
Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: High...
CVE-2026-13839
Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...
CVE-2026-13829
Insufficient validation of untrusted input in Settings in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
CVE-2026-13826
Inappropriate implementation in Autofill in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...
CVE-2026-13823
Use after free in Glic in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
CVE-2026-13811
Use after free in IME in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...
CVE-2026-13799
CVE-2026-13799 is a heap-corruption risk caused by a Use-After-Free in QUIC within Google Chrome prior to 150.0.7871.47. Public sources consistently describe the vulnerability as a QUIC-related use-after-free issue that could be triggered by malicious network traffic, leading to potential heap co...
CVE-2026-13790
Side-channel information leakage in Scroll in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...
CVE-2026-13781
Insufficient validation of untrusted input in Skia in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...
PT-2026-54425
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient validation of untrusted input in the Speech component allows a remote attacker who has compromised the renderer process to perform UI spoofing through a crafted HTML page. ...
PT-2026-54190
Name of the Vulnerable Software and Affected Versions Google Chrome on iOS versions prior to 150.0.7871.47 Description Insufficient policy enforcement in the Autofill feature allows a remote attacker to leak cross-origin data. This occurs when a user is convinced to perform specific UI gestures o...
PT-2026-54314
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient policy enforcement in the GetUserMedia function allows a remote attacker to bypass the same origin policy, which is a security mechanism that restricts how a document or...
PT-2026-54150
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An out of bounds read occurs in the Layout component, which allows a remote attacker to obtain potentially sensitive information from process memory by using a crafted HTML page. An out...
PT-2026-54286
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An uninitialized use in codecs allows a remote attacker to obtain potentially sensitive information from process memory by inducing the user to visit a crafted HTML page. Recommendation...