14 matches found
CVE-2026-11634
CVE-2026-11634 describes a use-after-free in Chrome’s Gamepad handling on Windows, exploitable via a crafted HTML page to potentially escape the Chromium sandbox. Affected: Google Chrome on Windows, prior to version 149.0.7827.103. Impact: remote attacker could achieve sandbox escape with a high ...
CVE-2026-10971
Insufficient validation of untrusted input in Printing in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
CVE-2026-10940
Race in Codecs in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
CVE-2026-9890
Use after free in XR in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...
CVE-2025-4609
Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 136.0.7103.113 allowed a remote attacker to potentially perform a sandbox escape via a malicious file. Chromium security severity: High...
CVE-2025-4609
Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 136.0.7103.113 allowed a remote attacker to potentially perform a sandbox escape via a malicious file. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
The incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 136.0.7103.113 allowed a remote attacker to potentially perform a sandbox escape via a malicious file. Chromium security severity: High...
Mozilla Firefox < 136.0.4
The version of Firefox installed on the remote Windows host is prior to 136.0.4. It is, therefore, affected by a vulnerability as referenced in the mfsa2025-19 advisory. - Following the recent Chrome sandbox escape CVE-2025-2783, various Firefox developers identified a similar pattern in our IPC...
CVE-2025-1930
On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led to a sandbox escape. This vulnerability affects Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8...
CVE-2025-1930 AudioIPC StreamData could trigger a use-after-free in the Browser process
On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led to a sandbox escape. This vulnerability was fixed in Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136, and Thunderbird...
CVE-2025-1930
On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led to a sandbox escape. This vulnerability was fixed in Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136, and Thunderbird...
Mozilla Firefox < 136.0
The version of Firefox installed on the remote Windows host is prior to 136.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-14 advisory. - Malicious pages could use Firefox for Android to pass FIDO: links to the OS and trigger the hybrid passkey transport. ...
Exploit for Type Confusion in Mozilla Firefox
CVE-2019-17026 - A Firefox JIT bug - Original bug caught in t...
Microsoft Windows Multiple Vulnerabilities (KB4457142)
This host is missing a critical security update according to Microsoft KB4457142 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...