EUVD-2026-33127

Insufficient validation of untrusted input in Media in Google Chrome on ChromeOS prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

CVE-2026-9123

Heap buffer overflow in Chromecast in Google Chrome on Android, Linux, ChromeOS prior to 148.0.7778.179 allowed a local attacker to execute arbitrary code inside a sandbox via malicious network traffic. Chromium security severity: Medium...

CVE-2026-0248 Prisma Access Agent: Improper Certificate Validation Vulnerability

An improper certificate validation vulnerability in the Prisma Access Agent® for Android and Chrome OS enables an attacker to perform a man-in-the-middle MitM attack to intercept VPN traffic. By presenting a certificate for any domain issued by a trusted Certificate Authority, the attacker can...

PT-2026-40772

An improper certificate validation vulnerability in the Prisma Access Agent® for Android and Chrome OS enables an attacker to perform a man-in-the-middle MitM attack to intercept VPN traffic. By presenting a certificate for any domain issued by a trusted Certificate Authority, the attacker can...

Astra Linux - уязвимость в chromium

Before version 104.0.5112.79, using "use after free" in the Input component in Google Chrome on the Chrome OS allowed a remote attacker who convinced a user to perform certain user interactions to potentially exploit heap corruption through those interactions...

Astra Linux - уязвимость в chromium

In Google Chrome on the Chrome OS, the use of “after free” in Tablet Mode before version 102.0.5005.61 allowed a remote attacker who convinced a user to engage in certain user interactions to potentially exploit heap corruption through those interactions...

CVE-2026-7363

CVE-2026-7363 describes a use-after-free in Canvas in Google Chrome on Linux and ChromeOS prior to 147.0.7727.138, allowing a remote attacker to execute arbitrary code inside the sandbox. The issue affects Google Chrome: Linux/ChromeOS prior to the fixed build, with a high-severity (Critical) imp...

CVE-2025-10201

Inappropriate implementation in Mojo in Google Chrome on Android, Linux, ChromeOS prior to 140.0.7339.127 allowed a remote attacker to bypass site isolation via a crafted HTML page. Chromium security severity: High...

Google Chrome OS 安全漏洞

Google Chrome OS is a lightweight, open source, web-based operating system from Google. Google Chrome OS suffers from an out-of-bounds read vulnerability that stems from a lack of proper validation of user-supplied data in ipsetbitmapip.c, which can be exploited by an attacker to cause memory...

Google Chrome OS 安全漏洞

Google Chrome OS is a lightweight, open source, web-based operating system from Google. Google Chrome OS suffers from an Access Control Error vulnerability that stems from insufficient configuration access control in the Gerrit project, which can be exploited by an attacker to cause remote code...

Google Chrome OS 安全漏洞

Google Chrome OS is a lightweight, open source, web-based operating system from Google. Google Chrome OS suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to bypass operating system authentication...

Advisory ROSA-SA-2025-2582

software: libtiff 4.1.0 OS: ROSA-CHROME packageevrstring: libtiff-4.1.0-8 CVE-ID: CVE-2024-7006 BDU-ID: 2024-06610 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the LibTIFF library involves null pointer dereferencing via tifdirinfo.c. Exploitation of the vulnerability could allow an attacker...

PT-2024-1863 · Google · Google Chrome

Name of the Vulnerable Software and Affected Versions: The Master Slider – Responsive Touch Slider plugin for WordPress versions up to, and including, 3.9.5 Google ChromeOS affected versions not specified Description: The issue is related to insufficient access control in Google ChromeOS and a...

CVE-2023-3497

Out of bounds read in Google Security Processor firmware in Google Chrome on Chrome OS prior to 114.0.5735.90 allowed a local attacker to perform denial of service via physical access to the device. Chromium security severity: Medium...

SUSE CVE-2023-2461

Use after free in OS Inputs in Google Chrome on ChromeOS prior to 113.0.5672.63 allowed a remote attacker who convinced a user to enage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. Chromium security severity: Medium...

SUSE CVE-2017-5084

Inappropriate implementation in image-burner in Google Chrome OS prior to 59.0.3071.92 allowed a local attacker to read local files via dbus-send commands to a BurnImage D-Bus endpoint...

SUSE CVE-2022-1633

Use after free in Sharesheet in Google Chrome on Chrome OS prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific user interactions...

SUSE CVE-2022-1641

Use after free in Web UI Diagnostics in Google Chrome on Chrome OS prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific user interaction...

SUSE CVE-2022-3042

Use after free in PhoneHub in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

DEBIAN-CVE-2022-3658

Use after free in Feedback service on Chrome OS in Google Chrome on Chrome OS prior to 107.0.5304.62 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interaction. Chromium security severity: Medium...