Chromium: CVE-2026-8536 Insufficient validation of untrusted input in ReadingMode

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

CVE-2026-8536

An insufficient validation of untrusted input flaw was found in the ReadingMode component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=495857582...

CVE-2026-8536

Insufficient validation of untrusted input in ReadingMode in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to bypass site Isolation via a crafted HTML page. Chromium security severity: High...

CVE-2026-8536

CVE-2026-8536 affects Google Chrome on Mac, through the ReadingMode component in Chromium. Root cause: insufficient validation of untrusted input, enabling a renderer-compromised remote attacker to bypass Site Isolation via a crafted HTML page. The Chrome update released to 148.0.7778.167/168 fix...

EUVD-2026-30448

Insufficient validation of untrusted input in ReadingMode in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to bypass site Isolation via a crafted HTML page. Chromium security severity: High...

PT-2026-41065

Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 148.0.7778.168 Description Insufficient validation of untrusted input in ReadingMode allows a remote attacker who has compromised the renderer process to bypass site Isolation via a crafted HTML page. Sit...

Google Chrome 输入验证错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a vulnerability related to input validation. This vulnerability stemmed from insufficient input validation in the ReadingMode component, which could allow a remote attacker with...

SUSE CVE-2026-7984

Use after free in ReadingMode in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-7984

Use after free in ReadingMode in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-7984

Use after free in ReadingMode in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-7984

Use after free in ReadingMode in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-7984

Use after free in ReadingMode in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

PT-2026-38177

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.96 Description A use after free issue exists in ReadingMode. This allows a remote attacker who has already compromised the renderer process to execute arbitrary code within a sandbox by using a...

Astra Linux - уязвимость в chromium

The use of “after free” in the Reading Mode in Google Chrome before version 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption through specific UI interactions. Chromium security severity: Medium...

Astra Linux - уязвимость в chromium

The use of “after free” in the Reading Mode in Google Chrome before version 119.0.6045.105 allowed a remote attacker who convinced a user to perform certain UI gestures to potentially exploit heap corruption through those gestures. Chromium security severity: Medium...

ROS-20240503-01

A vulnerability in the Web Audio component of Microsoft Edge and Google Chrome browsers is related to memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely, execute arbitrary code A vulnerability in the Skia graphics library of Google Chro...

ROS-20240329-07

A vulnerability in the Picture-in-Picture PiP technology of the Google Chrome browser is related to errors in the presentation of errors in the presentation of information by the user interface. Exploitation of the vulnerability could allow an attacker, acting remotely, to conduct spoofing attack...

Stable Channel Update for ChromeOS / ChromeOS Flex

The Stable channel is being updated to OS version: 15699.58.0 Browser version: 121.0.6167.159 for most ChromeOS devices. If you find new issues, please let us know one of the following ways 1. File a bug 2. Visit our ChromeOS communities 1. General: Chromebook Help Community 2. Beta Specific:...

Google Chrome Reading Mode Module Memory Misreference Vulnerability

Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in the Google Chrome Reading Mode module, which originates from a confusion in the instructions responsible for freeing memory in the Reading Mode module. An attacker can exploit this...

Chromium: CVE-2024-0813 Use after free in Reading Mode

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...