158 matches found
EUVD-2026-40739
Insufficient policy enforcement in FileSystem in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. Chromium security severity: Low...
CVE-2026-13851
Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to bypass discretionary access control via a crafted HTML page. Chromium security severity: High...
CVE-2026-14052
Insufficient policy enforcement in FileSystem in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. Chromium security severity: Low...
CVE-2026-14052
Insufficient policy enforcement in FileSystem in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. Chromium security severity: Low...
CVE-2026-13851
The provided CVE-2026-13851 entry concerns Google Chrome on Android, where WebAppInstalls suffers from insufficient validation of untrusted input. A crafted HTML page can bypass discretionary access control due to this flaw, with the issue affecting Chrome versions prior to 150.0.7871.47. The con...
CVE-2026-13851
Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to bypass discretionary access control via a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: smb: client: The system now validates the entire DACL before rewriting it using cifsacl. The functions buildsecdesc and idmodetocifsacl derive a pointer to the DACL from a dacloffset provided by the server. They then use the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ksmbd: Use checkaddoverflow to prevent overflow of the u16 DACL size. The functions setposixaclentriesdacl and setntacldacl accumulate the ACE sizes in u16 variables. When a file has many POSIX ACL entries, the accumulated size c...
CVE-2025-15642
Netskope is notified about a potential gap in its Netskoped Client for Windows systems where a malicious insider with admin privileges can lead to bypassing the NSClient Tamper Protections due to weak Discretionary Access Control List DACLs on the service object and related registry keys,. Produc...
SUSE CVE-2026-11190
Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. Chromium security severity: Medium...
SUSE CVE-2026-11277
Insufficient policy enforcement in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. Chromium security severity: Low...
CVE-2026-11302
An insufficient policy enforcement flaw was found in the Chrome for iOS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=504196549...
CVE-2026-11277
An insufficient policy enforcement flaw was found in the Chrome for iOS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=501839664...
EUVD-2026-34712
Insufficient policy enforcement in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass discretionary access control via a crafted HTML page. Chromium security severity: Low...
EUVD-2026-34713
Insufficient policy enforcement in Content Settings in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. Chromium security severity: Low...
EUVD-2026-34671
Inappropriate implementation in Safe Browsing in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via a crafted RAR file. Chromium security severity: Medium...
EUVD-2026-34596
Insufficient policy enforcement in Autofill in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. Chromium security severity: Medium...
EUVD-2026-34446
Insufficient policy enforcement in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. Chromium security severity: Medium...
CVE-2026-11302
Insufficient policy enforcement in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. Chromium security severity: Low...
DEBIAN-CVE-2026-11302
Insufficient policy enforcement in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. Chromium security severity: Low...