Chromium: CVE-2026-11236 Insufficient policy enforcement in Web Bluetooth

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

EUVD-2026-34697

Insufficient policy enforcement in Web Bluetooth in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...

Linux Distros Unpatched Vulnerability : CVE-2026-11236

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient policy enforcement in Web Bluetooth in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to...

DEBIAN-CVE-2026-11236

Insufficient policy enforcement in Web Bluetooth in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...

CVE-2026-11236

Insufficient policy enforcement in Web Bluetooth in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...

CVE-2026-11236

Technical details for CVE-2026-11236 are not publicly available in the provided documents. Monitor for updates.

CVE-2026-11236

Insufficient policy enforcement in Web Bluetooth in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...

CVE-2026-11236

Insufficient policy enforcement in Web Bluetooth in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...

CVE-2026-11236

Insufficient policy enforcement in Web Bluetooth in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...

CVE-2026-11236

Insufficient policy enforcement in Web Bluetooth in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...

PT-2026-46761

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description Insufficient policy enforcement in Web Bluetooth allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. A...

EUVD-2022-1290

Malicious code in bioql PyPI...

MAL-2025-6882 Malicious code in web-bluetooth-spp-application (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis bdbd2a9a0d851f1dae6e50f3c00e0b0839441f59b05d4e49f753afe278cd0ca9 The OpenSSF Package Analysis project identified 'web-bluetooth-spp-application' @ 2.0.1 npm as malicious. It is considered malicious because: -...

CVE-2022-21718

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to 17.0.0-alpha.6, 16.0.6, 15.3.5, 14.2.4, and 13.6.6 allows renderers to obtain access to a bluetooth device via the web bluetooth API if the app has not...

SUSE CVE-2019-13723

Use after free in WebBluetooth in Google Chrome prior to 78.0.3904.108 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page...

Privilege Escalation

electron is vulnerable to privilege escalation. An attacker can obtain access to a bluetooth device via the web bluetooth API if the application has not configured a custom select-bluetooth-device event handler...

GHSA-3P22-GHQ8-V749 Renderers can obtain access to random bluetooth device without permission in Electron

Impact This vulnerability allows renderers to obtain access to a random bluetooth device via the web bluetooth API if the app has not configured a custom select-bluetooth-device event handler. The device that is accessed is random and the attacker would have no way of selecting a specific device...

CVE-2022-21718

CVE-2022-21718 affects Electron. Affected versions (< 17.0.0-alpha.6, < 16.0.6, < 15.3.5, < 14.2.4,

PT-2022-15061 · Electron · Electron

Name of the Vulnerable Software and Affected Versions: Electron versions prior to 17.0.0-alpha.6 Electron versions prior to 16.0.6 Electron versions prior to 15.3.5 Electron versions prior to 14.2.4 Electron versions prior to 13.6.6 Description: A vulnerability in Electron allows renderers to...

Electron 安全漏洞

Electron is a personal developer of a user to write cross-platform desktop application JavaScript framework. The framework is based on nodejs and Chromium and can be used to write cross-platform desktop applications using HTML and CSS. A security vulnerability exists in Electron, which allows the...