655 matches found
EUVD-2026-40829
Inappropriate implementation in Extensions in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...
EUVD-2026-40740
Insufficient policy enforcement in Extensions in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...
EUVD-2026-40687
Insufficient validation of untrusted input in Extensions in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. Chromium security severity: Medium...
EUVD-2026-40691
Insufficient policy enforcement in Extensions in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. Chromium security severity: Medium...
EUVD-2026-40633
Insufficient policy enforcement in Extensions in Google Chrome on Linux prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. Chromium security severity: Medium...
EUVD-2026-40636
Insufficient policy enforcement in Extensions in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. Chromium security severity: Medium...
EUVD-2026-40574
Use after free in Extensions in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...
EUVD-2026-40577
Insufficient validation of untrusted input in Extensions in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. Chromium security severity: Medium...
EUVD-2026-40510
Insufficient policy enforcement in Extensions in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. Chromium security severity: High...
CVE-2026-13997
Incorrect security UI in Extensions in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-14053
CVE-2026-14053 concerns Google Chrome extensions and their policy enforcement. The vulnerability arises from insufficient policy enforcement in Chrome’s Extensions component, allowing, under a compromised renderer, leakage of cross-origin data via a crafted HTML page. Affected software is Google ...
CVE-2026-14047
CVE-2026-14047 affects Google Chrome’s Extension system. The vulnerability arises from insufficient policy enforcement in Chrome Extensions prior to version 150.0.7871.47, enabling an attacker who tricks a user into installing a malicious extension to bypass Content Security Policy via a crafted ...
CVE-2026-14003
Google Chrome before 150.0.7871.47 is affected by CVE-2026-14003 due to insufficient policy enforcement in Extensions. An attacker could lure a user into installing a malicious Chrome extension, enabling leakage of cross-origin data via the crafted extension. The vulnerability is described as a M...
CVE-2026-13999
CVE-2026-13999 affects Google Chrome prior to 150.0.7871.47, where extensions handling suffers from insufficient validation of untrusted input in the Extensions component. This could allow a user-welcomed but malicious extension to perform UI spoofing via a crafted extension, potentially misleadi...
CVE-2026-13997
Incorrect security UI in Extensions in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13957
CVE-2026-13957 : Google Chrome up to version 150.0.7871.46 (prior to 150.0.7871.47) is affected by an UXSS issue in Extensions, where a user-welcomed extension installation via a crafted HTML page could inject arbitrary scripts/HTML. Root cause: incorrect security UI in Extensions. Impact: potent...
CVE-2026-13948
CVE-2026-13948 : Google Chrome suffers insufficient policy enforcement in Extensions prior to 150.0.7871.47, enabling an attacker who tricks a user into installing a malicious extension to perform UI spoofing via a crafted extension. Affected component: Chrome extensions policy enforcement. Root ...
CVE-2026-13919
CVE-2026-13919 concerns insufficient policy enforcement in Google Chrome Extensions prior to 150.0.7871.47. A remote attacker who has already compromised the renderer process could bypass site isolation via a crafted HTML page. The vulnerability affects Chrome’s extension-related policy enforceme...
CVE-2026-13891
CVE-2026-13891 affects Google Chrome . The issue is described as insufficient validation of untrusted input in Extensions before version 150.0.7871.47 . A remote attacker who had compromised the renderer process could escalate privileges via a crafted HTML page. The vulnerability is rated medium ...
CVE-2026-13888
CVE-2026-13888 describes a use-after-free in Chrome’s Extensions handling that could allow a remote attacker to execute arbitrary code within the Chrome sandbox. Affected product: Google Chrome . Vulnerable component: Extensions (in the browser core). Root cause: use-after-free condition. Impact:...