40 matches found
CVE-2026-13948
Insufficient policy enforcement in Extensions in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. Chromium security severity: Medium...
CVE-2026-13919
Insufficient policy enforcement in Extensions in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-14047
Insufficient policy enforcement in Extensions in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension. Chromium security severity: Low...
CVE-2026-13824
CVE-2026-13824 concerns Google Chrome extensions policy enforcement. The issue is described as insufficient policy enforcement in Chrome’s Extensions, allowing a remote attacker who has compromised the renderer process to escalate privileges via a crafted HTML page. The public notes specify the v...
PT-2026-54221
Name of the Vulnerable Software and Affected Versions Google Chrome on Linux versions prior to 150.0.7871.47 Description Insufficient policy enforcement in Extensions allows an attacker to perform UI spoofing through a crafted Chrome Extension, provided they can convince a user to install the...
Chromium: CVE-2026-11190 Insufficient policy enforcement in Extensions
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2026-11014 Insufficient policy enforcement in Extensions
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2026-11168 Insufficient policy enforcement in Extensions
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
EUVD-2026-34728
Insufficient policy enforcement in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension. Chromium security severity: Low...
CVE-2026-11267
Insufficient policy enforcement in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension. Chromium security severity: Low...
CVE-2026-11062
CVE-2026-11062 affects Google Chrome extensions: insufficient policy enforcement in Extensions allows an attacker to inject scripts/HTML into a privileged page when a user installs a crafted malicious extension. Impact is partial integrity compromise of privileged pages; exploit not confirmed in ...
CVE-2026-11014
Insufficient policy enforcement in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass site isolation via a crafted Chrome Extension. Chromium security severity: Medium...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 149.0.7827.53 had a security vulnerability. This vulnerability stemmed from insufficient policy execution in the Extensions component, allowing attackers who persuade users to install...
CVE-2026-7952
Insufficient policy enforcement in Extensions in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass discretionary access control via a crafted HTML page. Chromium security severity: Medium...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a security vulnerability. This vulnerability stemmed from insufficient execution of the Extensions policy, which could allow remote attackers to bypass autonomous access control...
PT-2026-38145
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.96 Description Insufficient policy enforcement in Extensions allows a remote attacker who has compromised the renderer process to bypass discretionary access control a type of access control where the...
OPENSUSE-SU-2026:20372-1 Security update for chromium
This update for chromium fixes the following issues: Changes in chromium: - Chromium 146.0.7680.80: CVE-2026-3909: Out of bounds write in Skia boo1259659 - Chromium 146.0.7680.75 released 2026-03-12 boo1259648 CVE-2026-3910: Inappropriate implementation in V8. - Chromium 146.0.7680.71 released...
SUSE CVE-2026-3928
Insufficient policy enforcement in Extensions in Google Chrome prior to 146.0.7680.71 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. Chromium security severity: Medium...
CVE-2026-3928
Insufficient policy enforcement in Extensions in Google Chrome prior to 146.0.7680.71 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. Chromium security severity: Medium...
chromium -- security fixes
Chrome Releases reports: This update includes 29 security fixes: 483445078 Critical CVE-2026-3913: Heap buffer overflow in WebML. Reported by Tobias Wienand on 2026-02-10 481776048 High CVE-2026-3914: Integer overflow in WebML. Reported by cinzinga on 2026-02-04 483971526 High CVE-2026-3915: Heap...