827 matches found
CVE-2026-13929
CVE-2026-13929 : In Google Chrome for Android, DevTools policy enforcement is insufficient, allowing a local attacker to bypass navigation restrictions via a malicious file. Affected component: DevTools navigation/policy enforcement; root cause: insufficient policy enforcement in DevTools prior t...
Malicious code in polymarket-trading-developer-tools (npm)
Malicious npm package published as part of a coordinated DeFi-themed infostealer campaign targeting Polymarket developers. polymarket-trading-developer-tools uses a dropper technique: a postinstall hook downloads configuration from pm-trading-dev-tools-be.vercel.app and exfiltrates data to the...
PT-2026-54392
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient validation of untrusted input in DevTools on Windows allows a remote attacker to obtain potentially sensitive information from process memory. This occurs when a user is...
PT-2026-54237
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient validation of untrusted input in DevTools on Windows allows a remote attacker to obtain potentially sensitive information from process memory. This occurs when a user is...
CVE-2026-13025
Race in DevTools in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
CVE-2026-10922
An insufficient validation of untrusted input flaw was found in the DevTools component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=499164652...
Chromium: CVE-2026-10916 Insufficient validation of untrusted input in DevTools
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
EUVD-2026-34699
Inappropriate implementation in DevTools in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. Chromium security severity: Low...
EUVD-2026-34471
Insufficient validation of untrusted input in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...
PT-2026-46806
Out of bounds read in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Low...
PT-2026-46653
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in DevTools allows an attacker to leak cross-origin data. This occurs when a user is convinced to install a crafted malicious Chrome Extension...
Google Chrome 输入验证错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 had a vulnerability related to input validation. This vulnerability stemmed from insufficient input validation in the DevTools component, which could allow remote attackers to inject arbitrary...
Moderate: Red Hat Security Advisory: Red Hat OpenShift Developer Tools - Source-to-Image 1.6.2
Red Hat OpenShift Developer Tools - Source-to-Image 1.6.2 Red Hat OpenShift Developer Tools - Source-to-Image 1.6.2 release...
Astra Linux – Vulnerability in Chromium
Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 108.0.5359.71 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in Firefox
Due to URL previews in the network panel of developer tools improperly storing URLs, query parameters could potentially be used to overwrite global objects in privileged code. This vulnerability affects Firefox versions earlier than 110...
Astra Linux – Vulnerability in Firefox
An attacker was able to bypass the connect-src directive of a Content Security Policy by manipulating subdocuments. This would have also hidden the connections from the Network tab in Devtools. This vulnerability was fixed in Firefox 140 and Thunderbird 140...
Astra Linux – Vulnerability in Chromium
Insufficient data validation in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...
ROS-20260515-73-0054
A vulnerability in the DevTools component of the Google Chrome browser is related to access control flaws. Exploitation of the vulnerability could allow an attacker acting remotely to bypass security restrictions using a specially crafted HTML page...
CVE-2026-8018
An insufficient policy enforcement flaw was found in the DevTools component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=498292657...
CVE-2026-43581
OpenClaw before 2026.4.10 contains an improper network binding vulnerability in the sandbox browser CDP relay that exposes Chrome DevTools Protocol on 0.0.0.0. Attackers can access the DevTools protocol outside intended local sandbox boundaries by exploiting the overly broad binding configuration...