CVE-2026-11179

Inappropriate implementation in ORB in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass site isolation via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-11175

Incorrect security UI in Messages in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-9896

Out of bounds write in V8 in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

CVE-2026-8517

Object lifecycle issue in WebShare in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

CVE-2026-8016

Use after free in WebRTC in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Low...

PT-2026-31503

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 147.0.7727.55 Description Insufficient validation of untrusted input in WebML could allow a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. The security...

DEBIAN-CVE-2026-1504

Inappropriate implementation in Background Fetch API in Google Chrome prior to 144.0.7559.110 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

PT-2026-1713

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 18.6 before 18.6.3 GitLab CE/EE versions 18.7 before 18.7.1 Description An issue in GitLab CE/EE could allow an unauthenticated user to execute arbitrary code in the context of an authenticated user's browser. This is...

Linux Distros Unpatched Vulnerability : CVE-2020-13543

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. A specially crafted web page can trigger a use-after-free...

The vulnerability in the implementation of Autofill functions in Google Chrome and Microsoft Edge browsers allows a hacker to replace the user’s interface.

The vulnerability of the Autofill function in Google Chrome and Microsoft Edge lies in information representation errors at the user interface level. Exploiting this vulnerability allows a malicious actor to replace the user interface with a specially created HTML page...

The vulnerability of the Portal for ArcGIS web portal, related to the lack of measures taken to protect the structure of the web page, allows attackers to carry out cross-site scripting attacks.

The vulnerability of the Portal for ArcGIS is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks using a specially created web page...

The vulnerability of the Portal for ArcGIS web portal, related to the lack of protective measures for the website structure, allows attackers to carry out cross-site scripting attacks and gain full control over the application.

The vulnerability of the Portal for ArcGIS is related to the lack of measures taken to protect the web page structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks and gain full control over the application through a specially created web page...

PT-2024-4375

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 124.0.6367.155 Microsoft Edge affected versions not specified Description The issue is related to a use after free flaw in the ANGLE component, which can be exploited by a remote attacker to potentially corrupt...

The vulnerability in the auth_pic.cgi script of the D-Link DI-7500G-CI router’s microprogramming system allows a hacker to execute arbitrary code.

The vulnerability of the authpic.cgi microprogramming system of D-Link DI-7500G-CI routers is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by loading a specially created HTML page...

chromium-browser: URL spoof in Omnibox

Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...

chromium-browser: incorrect handling of url fragment identifiers in blink

Insufficient encoding of URL fragment identifiers in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform a DOM based XSS attack via a crafted HTML page...

Google Chrome Omnibox URL Forgery Vulnerability (CNVD-2017-07272)

Google Chrome is a web browser developed by Google Inc. in the United States. A URL forgery vulnerability exists in Google Chrome Omnibox, which allows remote attackers to exploit this vulnerability by submitting a special WEB page and tricking the user into parsing it, which can be used to spoof...