CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

SUSE CVE•added 5 days ago•4 views

SUSE CVE-2026-11026

Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. Chromium security severity: Medium...

6.5CVSS5.4AI score0.00017EPSS

SUSE CVE•added 5 days ago•4 views

SUSE CVE-2026-11168

Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.5AI score0.0003EPSS

EUVD•added 2026/06/05 12:31 a.m.•7 views

EUVD-2026-34361

Insufficient validation of untrusted input in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00051EPSS

OSV•added 2026/06/04 11:17 p.m.•2 views

DEBIAN-CVE-2026-11149

Insufficient validation of untrusted input in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. Chromium security severity: Medium...

7.5CVSS5.5AI score0.00106EPSS

Exploits0References1

CVE•added 2026/06/04 11:6 p.m.•19 views

CVE-2026-11308

Summary : CVE-2026-11308 describes an insecure implementation in Google Chrome’s Extensions handling prior to version 149.0.7827.53. Affected software/area : Google Chrome — Extensions module. Root cause : Inappropriate implementation in Extensions, enabling privilege escalation. Impact : An atta...

6.3CVSS5.8AI score0.00017EPSS

Exploits0References2Affected Software1

CVE•added 2026/06/04 11:5 p.m.•12 views

CVE-2026-11239

CVE-2026-11239 affects Google Chrome extensions. Insecure or inappropriate implementation in Extensions prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to escalate privileges through a crafted HTML page. The CVSS score is 7.5 (HIGH) with impact to ...

7.5CVSS5.8AI score0.00106EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/06/04 11:5 p.m.•26 views

CVE-2026-11230

Use after free in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Low...

0.00139EPSS

Debian CVE•added 2026/06/04 11:5 p.m.•6 views

CVE-2026-11168

6.5CVSS5.5AI score0.0003EPSS

Debian CVE•added 2026/06/04 11:5 p.m.•5 views

CVE-2026-11129

Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.5AI score0.00015EPSS

Debian CVE•added 2026/06/04 11:4 p.m.•8 views

CVE-2026-11048

Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension. Chromium security severity: Medium...

6.5CVSS5.4AI score0.00007EPSS

Vulnrichment•added 2026/06/04 11:4 p.m.•3 views

CVE-2026-11020

Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted XML file. Chromium security severity: Medium...

5.5AI score0.00018EPSS

Vulnrichment•added 2026/06/04 11:4 p.m.•3 views

CVE-2026-11014

Insufficient policy enforcement in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass site isolation via a crafted Chrome Extension. Chromium security severity: Medium...

5.4AI score0.00022EPSS

Positive Technologies•added 2026/06/04 12:0 a.m.•6 views

PT-2026-46766

Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00106EPSS

Positive Technologies•added 2026/06/02 12:0 a.m.•7 views

PT-2026-46756

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description A use after free issue in Extensions allows a remote attacker to execute arbitrary code inside a sandbox by using a crafted HTML page. Use after free is a memory corruption flaw that...

8.8CVSS6AI score0.00139EPSS

Exploits0References5

Positive Technologies•added 2026/06/02 12:0 a.m.•5 views

PT-2026-46656

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in Extensions allows a remote attacker to leak cross-origin data, which is information from a different origin than the one that initiated the request, b...

9.6CVSS5.8AI score0.00212EPSS

Exploits0References437

SUSE CVE•added 2026/03/12 2:4 p.m.•0 views

SUSE CVE-2026-3919

Use after free in Extensions in Google Chrome prior to 146.0.7680.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.8AI score0.00039EPSS

EUVD•added 2025/11/10 9:30 p.m.•2 views

EUVD-2025-50791

Policy bypass in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. Chromium security severity: Low...

5.4AI score0.00019EPSS