7896 matches found
CVE-2026-11062
Insufficient policy enforcement in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. Chromium security severity: Medium...
CVE-2026-11062
Insufficient policy enforcement in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. Chromium security severity: Medium...
CVE-2026-11048
Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension. Chromium security severity: Medium...
CVE-2026-11048
Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension. Chromium security severity: Medium...
CVE-2026-11020
Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted XML file. Chromium security severity: Medium...
CVE-2026-11020
Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted XML file. Chromium security severity: Medium...
CVE-2026-11020
Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted XML file. Chromium security severity: Medium...
CVE-2026-11014
Insufficient policy enforcement in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass site isolation via a crafted Chrome Extension. Chromium security severity: Medium...
CVE-2026-11014
Insufficient policy enforcement in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass site isolation via a crafted Chrome Extension. Chromium security severity: Medium...
CVE-2026-11014
Insufficient policy enforcement in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass site isolation via a crafted Chrome Extension. Chromium security severity: Medium...
CVE-2026-11014
CVE-2026-11014 is a Chromium/Google Chrome issue described across connected advisories as: Insufficient policy enforcement in Extensions that could let an attacker bypass site isolation when a user is convinced to install a malicious extension. Affected products/versions referenced in the documen...
CVE-2026-10997
CVE-2026-10997 affects Google Chrome extensions due to insufficient policy enforcement in Extensions, allowing a user to be persuaded to install a crafted malicious extension to bypass discretionary access control. Affected software is Chrome (Chromium-based) with the specific fix in version 149....
CVE-2026-10997
Insufficient policy enforcement in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. Chromium security severity: Medium...
CVE-2026-10997
Insufficient policy enforcement in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. Chromium security severity: Medium...
CVE-2026-10997
Insufficient policy enforcement in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. Chromium security severity: Medium...
CVE-2026-10969
Insufficient validation of untrusted input in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. Chromium security severity: High...
CVE-2026-10969
Insufficient validation of untrusted input in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. Chromium security severity: High...
CVE-2026-10969
CVE-2026-10969 describes insufficient input validation in Google Chrome extensions, allowing a remote attacker who has compromised the renderer process to escalate privileges via a crafted HTML page. Affected software: Google Chrome extensions (pre-149.0.7827.53). Root cause: untrusted input not ...
CVE-2026-10969
Insufficient validation of untrusted input in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. Chromium security severity: High...
CVE-2026-10912
CVE-2026-10912 affects Google Chrome extensions. The issue is caused by insufficient validation of untrusted input in Extensions, allowing a remote attacker who has compromised the renderer process to bypass the same-origin policy via a crafted HTML page. The vulnerability is tied to Chrome versi...