CVE-2026-12010

Heap buffer overflow in GPU in Google Chrome on Android prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

CVE-2026-12009

Insufficient validation of untrusted input in Accessibility in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

CVE-2026-12010

Heap buffer overflow in GPU in Google Chrome on Android prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

CVE-2026-12007

Use after free in Core in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

CVE-2026-12007

CVE-2026-12007 is a use-after-free in Chrome's Core on Windows, caused by a vulnerability in the handling of crafted HTML pages. The issue affects Chrome prior to version 149.0.7827.115 and could allow a remote attacker to execute arbitrary code. Google’s June 2026 stable-channel update (149.0.78...

CVE-2026-12007

Use after free in Core in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

CVE-2026-12008

Use after free in DigitalCredentials in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

CVE-2026-11859

An HTML injection vulnerability in the "fetch links" email sent by Thinkst Applied Research Canarytokens, enabling Interface Manipulation, Cross-Site Scripting XSS in emails clients that render HTML emails. This issue affects Canarytokens: from Docker tag sha-c0f3cf142 before sha-08c3f93d, from G...

CVE-2026-40986

Spring Web Flow's JavaScript RemotingHandler renders the body of an error response as HTML even when the response is not "text/html", which can result in a scripting attack in the user's browser if the error response from the server contains error details with input reflected from an attacker...

CVE-2026-40986 Spring Web Flow JS RemotingHandler renders non-HTML Response as HTML

Spring Web Flow's JavaScript RemotingHandler renders the body of an error response as HTML even when the response is not "text/html", which can result in a scripting attack in the user's browser if the error response from the server contains error details with input reflected from an attacker...

CVE-2026-40986 Spring Web Flow JS RemotingHandler renders non-HTML Response as HTML

Spring Web Flow's JavaScript RemotingHandler renders the body of an error response as HTML even when the response is not "text/html", which can result in a scripting attack in the user's browser if the error response from the server contains error details with input reflected from an attacker...

PT-2026-48769

Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 149.0.7827.115 Description A use after free issue in the GPU allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape by using a crafted HTML page. Use aft...

PT-2026-48778

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.115 Description An inappropriate implementation in the Passwords component allows a remote attacker who has compromised the renderer process to bypass site isolation using a crafted HTML...

PT-2026-48756

Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 149.0.7827.115 Description Insufficient validation of untrusted input in the Accessibility component allows a remote attacker who has compromised the renderer process to potentially perform a sandbox esca...

PT-2026-48757

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.115 Description A heap buffer overflow occurs in the GPU component. This issue allows a remote attacker who has already compromised the renderer process to potentially achieve a sandbox...

Google Chrome 缓冲区错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.115 contained a buffer overflow vulnerability, which was caused by an out-of-bounds read issue in the Video component. This vulnerability could allow remote attackers to obtain sensitive...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.115 contained a resource management vulnerability. This vulnerability stemmed from a problem with the reusing of resources after they were released by the Autofill component. It could allow remot...

Google Chrome 缓冲区错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.115 contained a buffer overflow vulnerability. This vulnerability stemmed from an out-of-bound read operation in the VideoCapture component, which could allow remote attackers to obtain sensitive...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.115 contained a security vulnerability caused by a heap buffer overflow in the GPU. This vulnerability could allow a remote attacker with access to the renderer process to execute a sandbox escap...

PT-2026-48770

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.115 Description Insufficient policy enforcement in DevTools allows a remote attacker to bypass the same origin policy, which is a security mechanism that restricts how a document or script loaded from...