DEBIAN-CVE-2026-11062

Insufficient policy enforcement in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. Chromium security severity: Medium...

PT-2026-46590

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description Insufficient policy enforcement in Extensions allows an attacker to inject scripts or HTML into a privileged page. This occurs when a user is convinced to install a crafted malicious...

PT-2026-41101

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 148.0.7778.168 Description Insufficient policy enforcement in the Network component allows a remote attacker who has compromised the renderer process to leak cross-origin data using a crafted HTML pag...

EUVD-2026-20709

Insufficient policy enforcement in browser UI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

DEBIAN-CVE-2026-3934

Insufficient policy enforcement in ChromeDriver in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-3939

CVE-2026-3939 affects Google Chrome versions prior to 146.0.7680.71, where insufficient policy enforcement in PDF handling allows a remote attacker to bypass navigation restrictions via a crafted PDF file. The vulnerability is categorized with Chromium’s security severity as Low. No exploits or e...

HCL AION Information Disclosure Vulnerability (CNVD-2026-16397)

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from an information disclosure vulnerability which is caused due to lack of content security policy. An attacker can exploit the vulnerability to cause unauthorized access...

Mitigating Cyber Risk in the Age of Open-Weight LLMs: Policy Gaps and Technical Realities

Open-weight general-purpose AI GPAI models offer significant benefits but also introduce substantial cybersecurity risks, as demonstrated by the offensive capabilities of models like DeepSeek-R1 in evaluations such as MITRE's OCCULT. These publicly available models empower a wider range of actors...

owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution

The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements...

UBUNTU-CVE-2021-21126

Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension...

UBUNTU-CVE-2020-15963

Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension...

DEBIAN-CVE-2020-6482

Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension...

UBUNTU-CVE-2019-5793

Insufficient policy enforcement in extensions in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to initiate the extensions installation user interface via a crafted HTML page...

chromium-browser: CORS bypass in Blink

Insufficient policy enforcement in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

chromium-browser: Site Isolation bypass using Blob URLS

Insufficient policy enforcement in site isolation in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass site isolation via a crafted HTML page...

chromium-browser: same origin bypass in shared worker

Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted HTML page...

chromium-browser: url spoofing in omnibox

Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name...