17952 matches found
CVE-2026-13875
Insufficient validation of untrusted input in GPU in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13873
CVE-2026-13873 describes an out-of-bounds read in the Layout component of Google Chrome, exploitable via a crafted HTML page to potentially disclose memory contents. Affected software is Google Chrome (Chromium-based). The root cause is an out-of-bounds read in Layout, leading to potential inform...
CVE-2026-13873
Out of bounds read in Layout in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13874
CVE-2026-13874 describes a race in DataTransfer in Google Chrome (Chromium) prior to version 150.0.7871.47 that could allow a remote attacker to read potentially sensitive information from a process’s memory via a crafted HTML page. The issue is a data race in the DataTransfer pathway, with a net...
CVE-2026-13869
CVE-2026-13869 describes a use-after-free in Device in Google Chrome on Windows, before version 150.0.7871.47. A remote attacker who had already compromised the renderer process could potentially escape the sandbox via a crafted HTML page. The issue is tied to Chromium components and is classifie...
CVE-2026-13871
CVE-2026-13871 affects Google Chrome (GuestView) with insufficient policy enforcement prior to 150.0.7871.47. A remote attacker who has compromised the renderer process could bypass site isolation via a crafted HTML page. The technical impact is a bypass of isolation mechanisms within Chrome’s Gu...
CVE-2026-13869
Use after free in Device in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13869
Use after free in Device in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13870
Use after free in WebView in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13871
Insufficient policy enforcement in GuestView in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13868
Inappropriate implementation in Network in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13867
CVE-2026-13867 affects Google Chrome’s Geolocation implementation. The vulnerability arises from an inappropriate Geolocation implementation, enabling a remote attacker to spoof UI via a crafted HTML page. Impact is UI spoofing with no confirmed exploitation details beyond the description; affect...
CVE-2026-13867
Inappropriate implementation in Geolocation in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13865
Insufficient validation of untrusted input in Enterprise in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13865
CVE-2026-13865 : The connected records confirm an issue in Google Chrome/Chromium where insufficient validation of untrusted input in the browser UI allows a remote attacker to spoof the UI via a crafted HTML page. Affected component is the browser UI handling, with the root cause described as in...
CVE-2026-13861
Use after free in Core in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13862
Insufficient policy enforcement in Web Authentication Passkeys & Security Keys in Google Chrome on iOS prior to 150.0.7871.47 allowed an attacker in a privileged network position to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13859
The CVE-2026-13859 entry describes an issue in ANGLE used by Google Chrome, where an inappropriate ANGLE implementation prior to Chrome 150.0.7871.47 could allow a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Affected product/component: ANGLE in Chromium-based ...
CVE-2026-13859
Inappropriate implementation in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13859
Inappropriate implementation in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...