1531 matches found
EUVD-2026-35248
Use after free in FullScreen in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
CVE-2026-11648
Use after free in FullScreen in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
CVE-2026-11648
Use after free in FullScreen in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
CVE-2026-11648
CVE-2026-11648 is a use-after-free in FullScreen on Windows Chrome prior to 149.0.7827.103, potentially enabling heap corruption via a crafted HTML page. Affected software: Google Chrome (Windows). Root cause: use-after-free in FullScreen path. Impact: remote code execution risk (as implied by he...
CVE-2026-11648
Use after free in FullScreen in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
Chromium: CVE-2026-10908 Use after free in FullScreen
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
DEBIAN-CVE-2026-10908
Use after free in FullScreen in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
CVE-2026-10908
Use after free in FullScreen in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
CVE-2026-10908
CVE-2026-10908 affects Google Chrome on Windows. It is a Use-after-Free in FullScreen handling that, if a renderer process is compromised, could allow a sandbox escape via a crafted HTML page. Google Chrome 149.0.7827.53 (and later) includes fixes. The EUVD/NVD entries corroborate the same vector...
CVE-2026-10908
Use after free in FullScreen in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
CVE-2026-10908
Use after free in FullScreen in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
Astra Linux - уязвимость в chromium
Inappropriate implementation in Fullscreen in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
Astra Linux - уязвимость в firefox
Form validation popups may capture escape key presses. Therefore, spamming form validation messages can be used to prevent users from exiting full-screen mode. This vulnerability affects Firefox 128 and Thunderbird 128...
Astra Linux - уязвимость в firefox, thunderbird
When reusing existing popups, Firefox would have allowed them to cover the fullscreen notification UI, which could have enabled browser spoofing attacks. This vulnerability affects Thunderbird 91.9, Firefox ESR 91.9, and Firefox 100...
Astra Linux - уязвимость в firefox, thunderbird
The black fade animation when exiting fullscreen is roughly the same duration as the delay in permission prompts during the anti-clickjacking process. It was possible to take advantage of this fact to surprise users by tempting them to click on the permission grant button before it appeared. This...
Astra Linux - уязвимость в firefox
A website could have obscured the fullscreen notification by using an option element, introducing a delay through a costly computational process. This could have caused confusion among users and potentially led to spoofing attacks. This vulnerability affects Firefox versions earlier than 115...
Astra Linux - уязвимость в chromium
The incorrect security UI in the full-screen UI of Google Chrome prior to version 142.0.7444.59 allowed a remote attacker who convinced a user to perform certain UI gestures to perform UI spoofing through a crafted HTML page. Chromium security severity: Low...
Astra Linux - уязвимость в firefox
The z-order of browser windows can be manipulated to hide the fullscreen notifications. This could potentially be used to carry out a spoofing attack. This vulnerability has been fixed in Firefox 135 and Thunderbird 135...
Astra Linux - уязвимость в firefox, thunderbird
A website could have obscured the fullscreen notification by using a dropdown select input element. This could have caused user confusion and potentially led to spoofing attacks. This vulnerability affects Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8...
Astra Linux - уязвимость в firefox
The fullscreen notification is prematurely hidden when the user quickly requests fullscreen again. This vulnerability could have been exploited to carry out a spoofing attack. This issue has been fixed in Firefox 135 and Thunderbird 135...