Chromium: CVE-2026-5877 Use after free in Navigation

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-5876 Side-channel information leakage in Navigation

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

CVE-2026-5918

An inappropriate implementation flaw was found in the Navigation component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=490139441...

CVE-2026-5899

An incorrect security ui flaw was found in the History Navigation component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=474817168...

CVE-2026-5877

An use after free flaw was found in the Navigation component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=333024273...

SUSE CVE-2026-5876

Side-channel information leakage in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

SUSE CVE-2026-5877

Use after free in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

SUSE CVE-2026-5881

Policy bypass in LocalNetworkAccess in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...

SUSE CVE-2026-5894

Inappropriate implementation in PDF in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...

SUSE CVE-2026-5899

Insufficient policy enforcement in History Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Low...

SUSE CVE-2026-5903

Policy bypass in IFrameSandbox in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...

SUSE CVE-2026-5918

Inappropriate implementation in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

CVE-2026-5876

A side-channel information leakage flaw was found in the Navigation component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=41485206...

Server-side Request Forgery (SSRF)

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the Interaction-Triggered Navigation. An attacker can access internal resources by triggering browser interactions that bypass normal navigation check...

OpenClaw has Browser SSRF Policy Bypass via Interaction-Triggered Navigation

Impact Browser SSRF Policy Bypass via Interaction-Triggered Navigation. Browser interactions could trigger navigations that bypassed the normal SSRF navigation checks. OpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and does not assume a...

GHSA-VR5G-MMX7-H897 OpenClaw has Browser SSRF Policy Bypass via Interaction-Triggered Navigation

Impact Browser SSRF Policy Bypass via Interaction-Triggered Navigation. Browser interactions could trigger navigations that bypassed the normal SSRF navigation checks. OpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and does not assume a...

EUVD-2026-20727

Policy bypass in IFrameSandbox in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...

EUVD-2026-20752

Inappropriate implementation in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

EUVD-2026-20723

Insufficient policy enforcement in History Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Low...

EUVD-2026-20715

Inappropriate implementation in PDF in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...