Lucene search
K

487 matches found

CVE
CVE
added 2026/06/08 11:27 p.m.31 views

CVE-2026-11656

CVE-2026-11656 affects Google Chrome via a Use-after-Free in the ServiceWorker component, enabling a sandbox escape when a user installs a crafted malicious extension. Public descriptions consistently state the vulnerability occurs in Chrome versions prior to 149.0.7827.103. The available sources...

8.3CVSS5.4AI score0.00169EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/06/08 11:27 p.m.11 views

CVE-2026-11656

Use after free in ServiceWorker in Google Chrome prior to 149.0.7827.103 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. Chromium security severity: High...

8.3CVSS5.4AI score0.00169EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.13 views

PT-2026-47482

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description A use after free issue exists in the ServiceWorker component. This occurs when a user is convinced to install a malicious extension, allowing an attacker to potentially perform a sandb...

9.6CVSS6AI score0.01654EPSS
Exploits4References85
FreeBSD
FreeBSD
added 2026/06/08 12:0 a.m.8 views

chromium -- security fixes

Chrome Releases reports: This update includes 74 security fixes: 516501794 Critical CVE-2026-11628: Use after free in Ozone. 516674532 Critical CVE-2026-11629: Use after free in Ozone. 516677924 Critical CVE-2026-11630: Use after free in File Input. 516691130 Critical CVE-2026-11631: Use after fr...

9.6CVSS5.8AI score0.01654EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2026/06/07 5:12 a.m.10 views

CVE-2026-11201

An use after free flaw was found in the ServiceWorker component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=505068950...

8.8CVSS5.4AI score0.00206EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/06/07 4:42 a.m.11 views

SUSE CVE-2026-11201

Use after free in ServiceWorker in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. Chromium security severity: Medium...

8.8CVSS6AI score0.00206EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:43 p.m.10 views

CVE-2026-8879

Version 3.0.7 of the Securly Chrome Extension dynamically registers content13.min.js as a content script via chrome.scripting.registerContentScripts at runtime. This script is NOT declared in manifest.json and bypasses Chrome Web Store static security review. It runs on all URLs and immediately...

7.5CVSS5.5AI score0.00374EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2026/06/05 2:0 p.m.9 views

Chromium: CVE-2026-11201 Use after free in ServiceWorker

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

8.8CVSS5.4AI score0.00206EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/05 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-11206

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient policy enforcement in ServiceWorker in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML...

6.5CVSS5.4AI score0.00229EPSS
Exploits0References2
NVD
NVD
added 2026/06/04 11:17 p.m.9 views

CVE-2026-11201

Use after free in ServiceWorker in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. Chromium security severity: Medium...

8.8CVSS0.00206EPSS
Exploits0References2
OSV
OSV
added 2026/06/04 11:17 p.m.9 views

DEBIAN-CVE-2026-11201

Use after free in ServiceWorker in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. Chromium security severity: Medium...

8.8CVSS6AI score0.00206EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/04 11:5 p.m.9 views

CVE-2026-11206

Insufficient policy enforcement in ServiceWorker in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00229EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/04 11:5 p.m.7 views

CVE-2026-11206

Insufficient policy enforcement in ServiceWorker in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

5.5AI score0.00229EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/06/04 11:5 p.m.7 views

CVE-2026-11206

Insufficient policy enforcement in ServiceWorker in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.3AI score0.00229EPSS
Exploits0
CVE
CVE
added 2026/06/04 11:5 p.m.18 views

CVE-2026-11201

The CVE-2026-11201 entry reports a use-after-free in Chrome’s ServiceWorker that could allow arbitrary code execution when a user is convinced to install a crafted Chrome Extension, affecting Google Chrome versions prior to 149.0.7827.53. The vulnerability is linked to the Chromium-based extensio...

8.8CVSS6.2AI score0.00206EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/03 6:11 p.m.7 views

CVE-2026-8879

Version 3.0.7 of the Securly Chrome Extension dynamically registers content13.min.js as a content script via chrome.scripting.registerContentScripts at runtime. This script is NOT declared in manifest.json and bypasses Chrome Web Store static security review. It runs on all URLs and immediately...

5.8AI score0.00374EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/03 6:11 p.m.14 views

EUVD-2026-34165

Version 3.0.7 of the Securly Chrome Extension dynamically registers content13.min.js as a content script via chrome.scripting.registerContentScripts at runtime. This script is NOT declared in manifest.json and bypasses Chrome Web Store static security review. It runs on all URLs and immediately...

5.8AI score0.00374EPSS
Exploits0References1
CVE
CVE
added 2026/06/03 6:11 p.m.12 views

CVE-2026-8879

CVE-2026-8879 affects Securly Chrome Extension v3.0.7. The vulnerability stems from dynamically registering content13.min.js as a content script at runtime via chrome.scripting.registerContentScripts(), a script not declared in manifest.json that bypasses the Chrome Web Store static security revi...

7.5CVSS5.8AI score0.00374EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/03 6:11 p.m.38 views

CVE-2026-8879 CVE-2026-8879

Version 3.0.7 of the Securly Chrome Extension dynamically registers content13.min.js as a content script via chrome.scripting.registerContentScripts at runtime. This script is NOT declared in manifest.json and bypasses Chrome Web Store static security review. It runs on all URLs and immediately...

0.00374EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.15 views

PT-2026-46051

Name of the Vulnerable Software and Affected Versions Securly Chrome Extension version 3.0.7 Description The software dynamically registers content13.min.js as a content script at runtime using the chrome.scripting.registerContentScripts function. Because this script is not declared in the...

5.8AI score0.00374EPSS
Exploits0References3
Rows per page
Query Builder