CVE-2026-22166

CVE-2026-22166 pertains to GPU DDK components where a web page sending anomalous WebGPU content into the GPU GLES render process can trigger a write UAF crash in the GPU GLES user-space shared library (KEGLGetPoolBuffers). The exposed root cause is a write-after-free condition in KEGLGetPoolBuffe...

EUVD-2026-26662

A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger a write UAF crash in the GPU GLES user-space shared library. On certain platforms, when the process executing graphics workload has system privileges this could enable further exploits on the...

Use After Free

chromium:sid is vulnerable to Use After Free. passwords in google chrome allows an attacker to remotely compromise the render process to exploit heap corruption using a crafter HTML page...

Use-After-Free

chromium:sid is vulnerable to Use After Free. Passwords in google chrome allows an attacker to remotely compromise the render process to exploit heap corruption using a crafter HTML page causing an application crash...

DEBIAN-CVE-2022-3661

Insufficient data validation in Extensions in Google Chrome prior to 107.0.5304.62 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted Chrome extension. Chromium security severity: Low...

CVE-2022-0971

Use after free in Blink Layout in Google Chrome on Android prior to 99.0.4844.74 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page...

UBUNTU-CVE-2021-30507

Inappropriate implementation in Offline in Google Chrome on Android prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page...

UBUNTU-CVE-2016-7549

Google Chrome before 53.0.2785.113 does not ensure that the recipient of a certain IPC message is a valid RenderFrame or RenderWidget, which allows remote attackers to cause a denial of service invalid pointer dereference and application crash or possibly have unspecified other impact by leveragi...

USN-2920-1 oxide-qt vulnerabilities

It was discovered that the ContainerNode::parserRemoveChild function in Blink mishandled widget updates in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. CVE-2016-1630 It was...

Ubuntu 14.04 LTS : Oxide vulnerabilities (USN-2877-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2877-1 advisory. A bad cast was discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a...

USN-2877-1: Oxide vulnerabilities

A bad cast was discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. CVE-2016-1612 An issue was...

Ubuntu 14.04 LTS : Oxide vulnerabilities (USN-2770-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2770-1 advisory. It was discovered that ContainerNode::parserInsertBefore in Blink would incorrectly proceed with a DOM tree insertion in some circumstances. If a user we...

USN-2770-1: Oxide vulnerabilities

It was discovered that ContainerNode::parserInsertBefore in Blink would incorrectly proceed with a DOM tree insertion in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same origin restrictions. CVE-2015-67...

USN-2582-1: Oxide vulnerabilities

A use-after-free was discovered in the DOM implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render...

Google Chrome < 41.0.2272.76 Multiple Vulnerabilities

Binary data 8684.pasl...

Ubuntu 14.04 LTS : Oxide vulnerabilities (USN-2495-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2495-1 advisory. A use-after-free bug was discovered in the DOM implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker cou...

Ubuntu: Security Advisory (USN-2326-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...