PT-2026-46615

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An uninitialized use in ANGLE Almost Native Graphics Layer Engine, an abstraction layer that allows OpenGL ES calls to be translated to other graphics APIs allows a remote attacker who...

PT-2026-46706

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in Opaque Response Blocking ORB, a mechanism used to prevent cross-origin leaks of sensitive data, allows a remote attacker to bypass site isolation by...

PT-2026-46677

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in XML allows a remote attacker to inject arbitrary scripts or HTML, leading to Universal Cross-Site Scripting UXSS, which is a vulnerability that allows...

PT-2026-46686

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An uninitialized use in Skia allows a remote attacker to leak cross-origin data by using a crafted HTML page. Recommendations Update to version 149.0.7827.53 or later...

PT-2026-46659

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description Insufficient policy enforcement in Paint allows a remote attacker to bypass the same origin policy, which is a security mechanism that restricts how a document or script loaded from one...

PT-2026-46651

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An integer overflow in Skia allows a remote attacker to potentially exploit heap corruption through a crafted HTML page. Heap corruption occurs when a program writes data outside the...

PT-2026-46656

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in Extensions allows a remote attacker to leak cross-origin data, which is information from a different origin than the one that initiated the request, b...

PT-2026-46815

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description Insufficient policy enforcement in CSS allows a remote attacker to leak cross-origin data by using a crafted HTML page. Recommendations Update to version 149.0.7827.53 or later...

PT-2026-46614

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in Dawn allows a remote attacker who has compromised the renderer process to execute arbitrary code inside a sandbox by using a crafted HTML page...

PT-2026-46574

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description Insufficient validation of untrusted input in the GPU component allows a remote attacker who has compromised the renderer process to obtain potentially sensitive information from proces...

PT-2026-46483

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description A use after free issue in the Actor component allows a remote attacker to execute arbitrary code within a sandbox by utilizing a specially crafted HTML page. Use after free is a memory...

PT-2026-46434

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description A use after free issue exists in the Network component. This allows a remote attacker who has already compromised the renderer process to potentially achieve a sandbox escape by using a...

PT-2026-46467

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in Input allows a remote attacker who has compromised the renderer process to bypass site isolation using a crafted HTML page. Site isolation is a securi...

PT-2026-46466

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in the Passwords component allows a remote attacker to bypass the same origin policy, which is a security mechanism that restricts how a document or scri...

PT-2026-46617

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An uninitialized use in Media allows a remote attacker who has compromised the renderer process to obtain potentially sensitive information from process memory by using a crafted HTML...

PT-2026-46530

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in the Payments component allows a remote attacker to perform UI spoofing via a crafted HTML page, provided they can convince a user to perform specific ...

PT-2026-46531

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description A use after free issue exists in the Autofill component. This allows a remote attacker who has already compromised the renderer process to potentially achieve a sandbox escape by using ...

PT-2026-46517

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description A use after free issue in Views allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape through a crafted HTML page. Use after free is ...

PT-2026-46522

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description A heap buffer overflow in Skia allows a remote attacker to obtain potentially sensitive information from process memory by using a crafted HTML page. A heap buffer overflow occurs when ...

PT-2026-46492

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An integer overflow in V8 allows a remote attacker to execute arbitrary code within a sandbox by using a specially crafted HTML page. V8 is the open-source high-performance JavaScript a...