310 matches found
SUSE CVE-2026-12457
Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...
CVE-2026-12017
Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...
PT-2026-47479
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description An inappropriate implementation in Extensions allows a remote attacker who has compromised the renderer process to bypass site isolation using a crafted HTML page. Site isolation is a...
Chromium: CVE-2026-11308 Inappropriate implementation in Extensions
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2026-11020 Inappropriate implementation in Extensions
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
EUVD-2026-34475
Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. Chromium security severity: Medium...
Linux Distros Unpatched Vulnerability : CVE-2026-11190
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to...
DEBIAN-CVE-2026-11048
Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension. Chromium security severity: Medium...
CVE-2026-11308
Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to perform privilege escalation via a crafted Chrome Extension. Chromium security severity: Low...
CVE-2026-11026
Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. Chromium security severity: Medium...
CVE-2026-11020
CVE-2026-11020 concerns Google Chrome (Chromium-based) extensions. The initial description and connected advisories confirm an inappropriate implementation in Extensions that could allow a remote attacker to leak cross-origin data via a crafted XML file. The vulnerability is tied to Chrome versio...
CVE-2026-8888
The CVE-2026-8888 entry applies to the Securly Chrome Extension (v3.0.7). It downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressions via new RegExp() without complexity validation, enabling an on-path attacker to inject patterns that cause catastrop...
CVE-2026-8881
The CVE-2026-8881 entry affects the Securly Chrome Extension (version 3.0.7). It relies on EVP_BytesToKey with MD5 and a single iteration for AES encryption. The description notes that MD5 has been broken since 2004 and a single iteration provides no key stretching, which weakens the cryptographi...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 149.0.7827.53 contained a security vulnerability caused by improper implementation in extensions. Attackers could exploit this vulnerability to bypass autonomous access control through...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 149.0.7827.53 contained a security vulnerability caused by improper implementations in extension components. Attackers could exploit this vulnerability by using specially crafted Chrome...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 contained a security vulnerability, which was caused by improper implementation of extensions. A remote attacker could exploit this vulnerability to leak cross-source data through specially...
PT-2026-44209
Name of the Vulnerable Software and Affected Versions GutenBee – Gutenberg Blocks versions prior to 2.20.2 Description The plugin is subject to arbitrary file upload due to a flawed substring check in the gutenbee file and ext json function. The strpos function only verifies if the filename...
Astra Linux - уязвимость в chromium
Before version 100.0.4896.60, using “After Free” in Google Chrome extensions allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption through specific user interactions and profile destruction...
Astra Linux - уязвимость в chromium
Before version 107.0.5304.62, using free after extensions in Google Chrome allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption through a crafted Chrome Extension. Chromium security severity: Medium...
PT-2026-40252
linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSO URL + "/", i.e. "https://login.microsoftonline.com/". Chrome's urlFilter without a ...