743 matches found
EUVD-2026-40797
Inappropriate implementation in DarkMode in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...
EUVD-2026-40824
Insufficient validation of untrusted input in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...
EUVD-2026-40786
Use after free in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Low...
EUVD-2026-40738
Uninitialized Use in GamepadAPI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Low...
EUVD-2026-40744
Inappropriate implementation in FedCM in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...
EUVD-2026-40682
Inappropriate implementation in Credential Management in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
EUVD-2026-40690
Inappropriate implementation in Geolocation in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
EUVD-2026-40686
Incorrect security UI in File Input in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
EUVD-2026-40671
Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to spoof the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: Medium...
EUVD-2026-40557
Insufficient policy enforcement in GuestView in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: Medium...
EUVD-2026-40552
Inappropriate implementation in Input in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: Medium...
EUVD-2026-40545
Inappropriate implementation in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...
EUVD-2026-40532
Use after free in USB in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
EUVD-2026-40496
Inappropriate implementation in Input in Google Chrome on Linux prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...
EUVD-2026-40506
Out of bounds read in Skia in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...
CVE-2026-14148
Type Confusion in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Low...
CVE-2026-14088
CVE-2026-14088 concerns an uninitialized-use vulnerability in Canvas within Google Chrome on Android . The issue allows a remote attacker to potentially read sensitive information from the process memory through a crafted HTML page, with the impact described as confidential data exposure and the ...
CVE-2026-14052
CVE-2026-14052 concerns Google Chrome’s FileSystem policy enforcement. The reported issue allows a remote attacker to bypass discretionary access control by presenting a crafted HTML page, affecting Chrome versions prior to 150.0.7871.47. The Chromium-derived description lists the impact as Low s...
CVE-2026-14051
CVE-2026-14051 concerns Google Chrome where the GamepadAPI has an uninitialized memory access bug. A remote attacker who has already compromised the renderer process could read potentially sensitive data from process memory via a crafted HTML page. Affected versions are Chrome prior to 150.0.7871...
CVE-2026-14024
CVE-2026-14024 is a use-after-free in Chrome’s Ozone on Linux, prior to 150.0.7871.47. A remote attacker could trick a user into specific UI gestures to trigger heap corruption via a crafted HTML page. Affected software is Google Chrome (Linux) with Ozone integration; root cause: use-after-free i...