1014 matches found
CVE-2026-13281
Integer overflow in Mojo in Google Chrome prior to 149.0.7827.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. Chromium security severity: High...
EUVD-2026-39040
Race in DevTools in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
CVE-2026-13025
CVE-2026-13025 describes a race in DevTools of Google Chrome prior to 149.0.7827.197 that could allow a remote attacker, who already compromised the renderer process, to potentially escape the sandbox via a crafted HTML page. The issue is rated High (CVSS v3.1: AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H...
Astra Linux – Vulnerability in Chromium
Before version 94.0.4606.61, using "use after free" in Portals within Google Chrome allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
A heap buffer overflow in History in Google Chrome prior to version 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Before version 94.0.4606.54, using the "after free" mechanism in Performance Manager in Google Chrome allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption through a crafted HTML page...
EUVD-2026-37547
Use after free in Media in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...
DEBIAN-CVE-2026-12460
Insufficient policy enforcement in File System Access in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted PDF file. Chromium security severity: High...
CVE-2026-12465
Object lifecycle issue in Metrics in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
CVE-2026-12464
Use after free in Browser in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
CVE-2026-12463
Inappropriate implementation in Views in Google Chrome on Linux prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: High...
CVE-2026-12454
Google Chrome on macOS is affected by CVE-2026-12454 due to a race in the Safe Browsing path of the Chromium rendering process. The issue could allow a remote attacker who has already compromised the renderer to escape the sandbox via a crafted HTML page. The vulnerability is tied to Chrome versi...
CVE-2026-12451
CVE-2026-12451 is a use-after-free in Google Chrome’s DigitalCredentials component that could allow a remote attacker who has compromised the renderer process to escape sandbox via a crafted HTML page. Affected product: Google Chrome (Chromium-based) prior to version 149.0.7827.155. The underlyin...
CVE-2026-12437
CVE-2026-12437 describes a use-after-free in WebShare for Google Chrome on Windows before 149.0.7827.155. A remote attacker who already has renderer compromise could exploit a crafted HTML page to attempt a sandbox escape. The vulnerability is rated Critical. Affected software is Google Chrome (W...
SUSE CVE-2026-12017
Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...
SUSE CVE-2026-12025
Insufficient validation of untrusted input in Network in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...
EUVD-2026-36352
Inappropriate implementation in Passwords in Google Chrome on Android prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...
EUVD-2026-36351
Inappropriate implementation in Views in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
EUVD-2026-36332
Use after free in WebMIDI in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...
CVE-2026-12032
Inappropriate implementation in Passwords in Google Chrome on Android prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...