PT-2026-44564

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 148.0.7778.216 Description An uninitialized use in the GPU allows a remote attacker to obtain potentially sensitive information from process memory by using a crafted HTML page. Recommendations Update...

PT-2026-44628

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 148.0.7778.216 Description An uninitialized use in the GPU allows a remote attacker who has compromised the renderer process to leak cross-origin data through a crafted HTML page. Recommendations Upda...

PT-2026-44629

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 148.0.7778.216 Description An uninitialized use in WebGL allows a remote attacker to leak cross-origin information, which is data from a different origin than the one that initiated the request, by...

PT-2026-44626

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 148.0.7778.216 Description An uninitialized use in WebGL allows a remote attacker to obtain potentially sensitive information from process memory by using a crafted HTML page. Recommendations Update t...

PT-2026-44576

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 148.0.7778.216 Description Insufficient validation of untrusted input in Skia allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HT...

PT-2026-44637

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 148.0.7778.216 Description An inappropriate implementation in WebGL allows a remote attacker to leak cross-origin data, which is information from a different origin than the one that initiated the...

PT-2026-44601

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 148.0.7778.216 Description An inappropriate implementation in Skia allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape by using a crafted HTML pag...

PT-2026-44598

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 148.0.7778.216 Description An out of bounds read and write issue in Dawn allows a remote attacker to potentially perform a sandbox escape by using a crafted HTML page. A sandbox escape is a technique...

PT-2026-44685

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 148.0.7778.216 Description Insufficient validation of untrusted input in WebShare allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafte...

PT-2026-44585

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 148.0.7778.216 Description A use after free issue in WebGL allows a remote attacker to potentially perform a sandbox escape by using a crafted HTML page. Use after free is a memory corruption flaw tha...

PT-2026-44584

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 148.0.7778.216 Description An out of bounds read in WebGL allows a remote attacker to potentially perform a sandbox escape by using a crafted HTML page. An out of bounds read occurs when a program rea...

PT-2026-44597

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 148.0.7778.216 Description A use after free issue exists in WebView. This allows a remote attacker who has already compromised the renderer process to potentially perform a sandbox escape by using a...

CVE-2025-68709

SailingLab AppLock aka com.alpha.applock 4.3.8 for Android allows a local attacker to trigger arbitrary JavaScript execution via BrowserMainActivity, which accepts VIEW intents with javascript: URIs. This unsafe navigation path results in script execution and may allow UI spoofing or privilege...

CVE-2025-68712

SpSoft AppLock com.sp.protector.free 7.9.40 for Android allows a local attacker with physical access to bypass fingerprint or PIN authentication. Although the app integrates Android's biometric mechanisms, the lock is implemented with a custom overlay that fails to consistently enforce...

Grandoreiro Malware and BTMOB RAT Campaigns Target Windows and Android Users

Latin America and Europe become the target of two banking trojan campaigns that are designed to infect Windows and Android devices with Grandoreiro and BTMOB malware, respectively. That's according to new findings from WatchGuard and ESET, which have observed the two malware families being used t...

CVE-2026-42184

Tauri is a framework for building binaries for all major desktop platforms. From 2.0 to 2.11.0, a flaw in Tauri's islocalurl function causes it to incorrectly classify remote URLs as trusted local origins on Windows and Android. On these systems, Tauri maps custom URI scheme protocols to...

CVE-2026-42184 Tauri: Origin Confusion Allows Remote Pages to Invoke Local-Only IPC Commands

Tauri is a framework for building binaries for all major desktop platforms. From 2.0 to 2.11.0, a flaw in Tauri's islocalurl function causes it to incorrectly classify remote URLs as trusted local origins on Windows and Android. On these systems, Tauri maps custom URI scheme protocols to...

CVE-2026-42184

Tauri is a framework for building binaries for all major desktop platforms. From 2.0 to 2.11.0, a flaw in Tauri's islocalurl function causes it to incorrectly classify remote URLs as trusted local origins on Windows and Android. On these systems, Tauri maps custom URI scheme protocols to...

CVE-2026-42184 Tauri: Origin Confusion Allows Remote Pages to Invoke Local-Only IPC Commands

Tauri is a framework for building binaries for all major desktop platforms. From 2.0 to 2.11.0, a flaw in Tauri's islocalurl function causes it to incorrectly classify remote URLs as trusted local origins on Windows and Android. On these systems, Tauri maps custom URI scheme protocols to...

EUVD-2026-32527

Tauri is a framework for building binaries for all major desktop platforms. From 2.0 to 2.11.0, a flaw in Tauri's islocalurl function causes it to incorrectly classify remote URLs as trusted local origins on Windows and Android. On these systems, Tauri maps custom URI scheme protocols to...