CVE-2026-11013

CVE-2026-11013 involves an insufficient validation of untrusted input in the Chromium network component, affecting Google Chrome/Chromium prior to 149.0.7827.53. The Debian/OpenSUSE advisories confirm the issue affects Chromium and list fixed versions: 149.0.7827.53-1~deb12u1, 149.0.7827.53-1~deb...

CVE-2026-11011

Insufficient policy enforcement in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-11012

CVE-2026-11012 : In Google Chrome on Android, a use-after-free in Serial (prior to version 149.0.7827.53) could allow a renderer-compromised remote attacker to potentially escape the sandbox via a crafted HTML page. Impact described as sandbox escape with high/severe implications; remediation is ...

CVE-2026-11012

Use after free in Serial in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-11012

Use after free in Serial in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-11008

CVE-2026-11008 affects Google Chrome/Chromium WebAppInstalls, with root cause Insufficient validation of untrusted input in WebAppInstalls. The vulnerability enables a remote attacker, who already compromised the renderer, to leak cross-origin data via a crafted HTML page. Affected product is Chr...

CVE-2026-11010

CVE-2026-11010 affects Google Chrome on Android (WebShare) with a use-after-free in WebShare that can be triggered by a crafted HTML page when the renderer is compromised, potentially enabling a sandbox escape. The issue is described as MEDIUM severity and is tied to Chrome versions prior to 149....

CVE-2026-11010

Use after free in WebShare in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-11008

Insufficient validation of untrusted input in WebAppInstalls in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-11010

Use after free in WebShare in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-11010

Use after free in WebShare in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-11009

Use after free in USB in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-11007

Insufficient validation of untrusted input in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-11006

This CVE (CVE-2026-11006) affects Google Chrome prior to 149.0.7827.53, specifically the Dawn component. The root cause is an out-of-bounds read in Dawn, exploitable via a crafted HTML page by a remote attacker. The vulnerability impacts Chrome on desktop environments and is addressed by the Chro...

CVE-2026-11006

Out of bounds read in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-11007

CVE-2026-11007 describes a vulnerability in WebView for Google Chrome on Android, where insufficient validation of untrusted input in WebView prior to 149.0.7827.53 enabled a renderer-compromised attacker to leak cross-origin data via a crafted HTML page. The connected Debian/OpenSUSE advisories ...

CVE-2026-11006

Out of bounds read in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-11007

Insufficient validation of untrusted input in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-11005

Out of bounds read in ANGLE in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-11004

Out of bounds read in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...