PT-2026-46538

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description A use after free issue in the USB component on Windows allows a remote attacker to potentially perform a sandbox escape by using a crafted HTML page. Use after free is a memory corrupti...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 had a resource management vulnerability, which stemmed from the reuse of USB components after they were released. This vulnerability could allow remote attackers to execute a sandbox escape...

SUSE CVE-2026-9976

Inappropriate implementation in USB in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

Chromium: CVE-2026-10021 Insufficient validation of untrusted input in USB

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-9976 Inappropriate implementation in USB

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

CVE-2025-40946

A vulnerability has been identified in blueplanet 100 NX3 M8 All versions, blueplanet 100 TL3 GEN2 All versions V6.1.4.9, blueplanet 105 TL3 All versions, blueplanet 105 TL3 GEN2 All versions V6.1.4.9, blueplanet 110 TL3 All versions, blueplanet 125 NX3 M10 All versions, blueplanet 125 TL3 All...

usb: usblp: fix heap leak in IEEE 1284 device ID via short response

...

usb: usblp: fix uninitialized heap leak via LPGETSTATUS ioctl

...

mtd: spi-nor: debugfs: fix out-of-bounds read in spi_nor_params_show()

...

spi: rspi: fix controller deregistration

...

spi: fsl: fix controller deregistration

...

usb: ulpi: fix memory leak on ulpi_register() error paths

...

spi: mpc52xx: fix use-after-free on unbind

...

SUSE CVE-2026-46148

In the Linux kernel, the following vulnerability has been resolved: spi: microchip-core-qspi: control built-in cs manually The coreQSPI IP supports only a single chip select, which is automagically operated by the hardware - set low when the transmit buffer first gets written to and set high when...

SUSE CVE-2026-46219

In the Linux kernel, the following vulnerability has been resolved: spi: mpc52xx: fix use-after-free on unbind The state machine work is scheduled by the interrupt handler and therefore needs to be cancelled after disabling interrupts to avoid a potential use-after-free...

EUVD-2026-33118

Inappropriate implementation in USB in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

CVE-2026-10021

An insufficient validation of untrusted input flaw was found in the USB component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=497327715...

DEBIAN-CVE-2026-9976

Inappropriate implementation in USB in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

DEBIAN-CVE-2026-10021

Insufficient validation of untrusted input in USB in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-10021

Insufficient validation of untrusted input in USB in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Medium...