487 matches found
GHSA-J944-W549-3453 Cinny vulnerable to access token disclosure via invalidated emoji pack avatar URL in service worker
Impact A remote authenticated attacker who shares a room with a victim and has permissions to create room emotes for example in a DM can cause the victim's client to send their Matrix access token to an attacker-controlled server. This occurs when the victim opens the emoji or sticker picker for...
Cinny vulnerable to access token disclosure via invalidated emoji pack avatar URL in service worker
Impact A remote authenticated attacker who shares a room with a victim and has permissions to create room emotes for example in a DM can cause the victim's client to send their Matrix access token to an attacker-controlled server. This occurs when the victim opens the emoji or sticker picker for...
Chromium: CVE-2026-7909 Inappropriate implementation in ServiceWorker
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Linux Distros Unpatched Vulnerability : CVE-2026-7958
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in ServiceWorker in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension ...
PT-2026-38614
Name of the Vulnerable Software and Affected Versions Cinny versions prior to 4.10.3 Description A remote authenticated attacker who shares a room with a victim and has permissions to create room emotes can cause the victim's client to send their Matrix access token to an attacker-controlled...
EUVD-2026-28029
Inappropriate implementation in ServiceWorker in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...
EUVD-2026-27947
Use after free in ServiceWorker in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
CVE-2026-7963
Inappropriate implementation in ServiceWorker in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-7922
Use after free in ServiceWorker in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
CVE-2026-7909
Inappropriate implementation in ServiceWorker in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...
CVE-2026-7922
Use after free in ServiceWorker in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
CVE-2026-7909
Inappropriate implementation in ServiceWorker in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...
CVE-2026-7958
Inappropriate implementation in ServiceWorker in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts or HTML UXSS via a crafted Chrome Extension. Chromium security severity: Medium...
CVE-2026-7963
CVE-2026-7963 affects Google Chrome prior to 148.0.7778.96 due to an inappropriate ServiceWorker implementation that could allow a sandbox escape when a renderer process is compromised via a crafted HTML page. The issue is documented across multiple sources (NVD, Debian OSV, EUVD, CVE list, and C...
CVE-2026-7958
Summary: CVE-2026-7958 describes an UXSS vulnerability in Google Chrome caused by an inappropriate implementation in the ServiceWorker, reported for Chrome versions before 148.0.7778.96. An attacker could persuade a user to install a malicious extension, enabling injection of arbitrary scripts or...
CVE-2026-7922
Use after free in ServiceWorker in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
CVE-2026-7922
Use after free in ServiceWorker in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
CVE-2026-7922
This CVE-2026-7922 affects Google Chrome (ServiceWorker) and is caused by a use-after-free in ServiceWorker code, enabling a potential sandbox escape via a crafted HTML page. The issue is categorized as High severity with CVSS: Network attack vector, high impact on confidentiality, integrity, and...
CVE-2026-7909
Inappropriate implementation in ServiceWorker in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a security vulnerability, which was caused by improper implementation of ServiceWorker. This vulnerability could allow remote attackers to execute a sandbox escape through a speciall...