SUSE CVE-2026-7971

Inappropriate implementation in ORB in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to bypass site isolation via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-4676

Use after free in Dawn in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2024-0809

The CVE concerns Google Chrome/Chromium: an inappropriate Autofill implementation allows a remote attacker to bypass Autofill restrictions via a crafted HTML page in Chrome/Chromium versions prior to 121.0.6167.85. Impact described in connected sources is limited to bypassing Autofill controls (n...

Design/Logic Flaw

Use after free in WebRTC in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

DEBIAN-CVE-2023-2938

Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: Medium...

PT-2023-4142 · Google +2 · Google Chrome +2

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 112.0.5615.49 Description: The issue is related to insufficient policy enforcement in the File System API of Google Chrome, allowing a remote attacker to bypass existing filesystem restrictions. This can be...

Design/Logic Flaw

Inappropriate implementation in WebApp Installs in Google Chrome on Android prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious WebApp to spoof the contents of the PWA installer via a crafted HTML page. Chromium security severity: Medium...

SUSE CVE-2017-5046

V8 in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android had insufficient policy enforcement, which allowed a remote attacker to spoof the location object via a crafted HTML page, related to Blink information disclosure...

SUSE CVE-2020-16013

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2022-1484

CVE-2022-1484 refers to a heap buffer overflow in the Web UI Settings component of Google Chrome before 101.0.4951.41. The vulnerability could allow a remote attacker to potentially trigger heap corruption by presenting a crafted HTML page, with impact described as high for confidentiality, integ...

Mozilla: Variable time processing of cross-origin images during drawImage calls

Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

CVE-2016-9629

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service segmentation fault and crash via a crafted HTML page...