CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AstraLinux•added 2026/05/20 5:53 a.m.•8 views

Astra Linux - уязвимость в chromium

Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS6.4AI score0.00906EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•5 views

Astra Linux - уязвимость в chromium

Inappropriate implementation in Picture In Picture in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially spoof the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS8AI score0.00604EPSS

Exploits1References2

AstraLinux•added 2026/05/20 5:53 a.m.•5 views

Astra Linux - уязвимость в chromium

Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to perform an origin spoof in the security UI via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS6.4AI score0.00645EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в chromium

The incorrect security UI in Picture In Picture in Google Chrome prior to version 119.0.6045.105 allowed a remote attacker to perform domain spoofing through a crafted local HTML page. Chromium security severity: Low...

4.3CVSS6.2AI score0.00619EPSS

Redos•added 2026/05/20 12:0 a.m.•8 views

ROS-20260520-73-0003

A vulnerability in the Picture In Picture technology of Google Chrome browser is related to information presentation errors in the user interface. Exploitation of the vulnerability could allow an attacker acting remotely to affect the integrity of protected information using a specially crafted...

Redos•added 2026/05/15 12:0 a.m.•12 views

ROS-20260515-73-0042

A vulnerability in the Picture In Picture technology of Google Chrome browser is associated with incorrect restriction of visualized user interface layers. Exploitation of the vulnerability could allow an attacker acting remotely to affect the integrity of protected information using a specially...

AstraLinux•added 2026/05/03 11:59 p.m.•10 views

Astra Linux – Vulnerability in Chromium

Inappropriate implementation in Picture in Picture in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS6.7AI score0.00391EPSS

Exploits1References2

AstraLinux•added 2026/05/03 11:59 p.m.•14 views

Astra Linux – Vulnerability in Chromium

The use of “after free” in Picture In Picture in Google Chrome before version 124.0.6367.118 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...

8.8CVSS7.4AI score0.01228EPSS

Exploits1References2

AstraLinux•added 2026/04/01 3:55 a.m.•3 views

Astra Linux – Vulnerability in Chromium

The incorrect security UI in PictureInPicture in Google Chrome prior to version 146.0.7680.71 allowed a remote attacker to perform UI spoofing through a crafted HTML page. Chromium security severity: Medium...

4.3CVSS5.5AI score0.00161EPSS

AstraLinux•added 2026/04/01 3:55 a.m.•4 views

Astra Linux – Vulnerability in Chromium

Inappropriate implementation in PictureInPicture in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.5AI score0.00225EPSS

CNVD•added 2026/03/25 12:0 a.m.•4 views

Google Chrome Security Bypass Vulnerability (CNVD-2026-15411)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability caused by an incorrect security UI in PictureInPicture, which can be exploited by an attacker to perform UI spoofing via specially crafted HTML pages...

4.3CVSS5.9AI score0.00161EPSS

Microsoft CVE•added 2026/03/14 1:20 a.m.•8 views

Chromium: CVE-2026-3942 Incorrect security UI in PictureInPicture

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

RedhatCVE•added 2026/03/13 8:37 a.m.•2 views

CVE-2026-3927

An incorrect security ui flaw was found in the PictureInPicture component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=474948986...

6.5CVSS5.7AI score0.00161EPSS

Exploits0References5

SUSE CVE•added 2026/03/12 2:4 p.m.•3 views

SUSE CVE-2026-3927

Incorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

SUSE CVE•added 2026/03/12 2:4 p.m.•2 views

SUSE CVE-2026-3942

Incorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

EUVD•added 2026/03/12 12:31 a.m.•3 views

EUVD-2026-11474

Incorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

EUVD•added 2026/03/12 12:31 a.m.•3 views

EUVD-2026-11446

Incorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00161EPSS

Tenable Nessus•added 2026/03/12 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2026-3927

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page...