CVE-2026-11281

Integer overflow in Chromoting in Google Chrome on Windows prior to 149.0.7827.53 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted ETW event. Chromium security severity: Low...

CVE-2026-11277

The issue affects Google Chrome on iOS (Chrome for iOS) prior to version 149.0.7827.53, caused by insufficient policy enforcement in the Chromium-based component. A remote attacker could bypass discretionary access control via a crafted HTML page. The available documents specify the vulnerable pr...

CVE-2026-11277

Insufficient policy enforcement in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. Chromium security severity: Low...

CVE-2026-11276

Inappropriate implementation in Cast in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to bypass discretionary access control via malicious network traffic. Chromium security severity: Low...

CVE-2026-11276

Inappropriate implementation in Cast in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to bypass discretionary access control via malicious network traffic. Chromium security severity: Low...

CVE-2026-11258

Inappropriate implementation in File System Access in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. Chromium security severity: Low...

CVE-2026-11258

CVE-2026-11258 describes an insecure implementation in Chrome’s File System Access, where an attacker could bypass discretionary access control by getting a user to perform specific UI gestures on a crafted HTML page. Affected product: Google Chrome; vulnerable component: File System Access imple...

CVE-2026-11255

Insufficient validation of untrusted input in Storage Access API in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

CVE-2026-11255

CVE-2026-11255: In Google Chrome, insufficient validation of untrusted input in the Storage Access API allows a remote attacker who has compromised the renderer process to leak cross-origin data via a crafted HTML page. Affected version range is Chrome prior to 149.0.7827.53; the fix is expected ...

CVE-2026-11252

CVE-2026-11252 reports insufficient policy enforcement in Chrome’s Content Settings, enabling a remote attacker to bypass discretionary access control via a crafted HTML page. Affected product/version: Google Chrome prior to 149.0.7827.53. Root cause: policy enforcement gap in Content Settings. I...

CVE-2026-11251

CVE-2026-11251 : Affects Google Chrome’s Password Manager. Insufficient policy enforcement in the renderer allows a remote attacker who has compromised the renderer process to bypass discretionary access control via a crafted HTML page. Impact is described as Chromium severity: Low. Affected unti...

CVE-2026-11250

Inappropriate implementation in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Low...

CVE-2026-11238

CVE-2026-11238 concerns Google Chrome's DevTools. The described issue is an inappropriate implementation in DevTools prior to version 149.0.7827.53, where a user enticed to install a malicious Chrome extension could have potentially sensitive information read from process memory via the crafted e...

CVE-2026-11229

CVE-2026-11229 : Google Chrome (Enterprise) prior to 149.0.7827.53 is affected by an “inappropriate implementation” issue that enables a local attacker with physical access to escalate privileges. The exact vulnerable component/root cause beyond the description is not detailed in the provided doc...

CVE-2026-11229

Inappropriate implementation in Enterprise in Google Chrome prior to 149.0.7827.53 allowed a local attacker to perform privilege escalation via physical access to the device. Chromium security severity: Low...

CVE-2026-11210

Inappropriate implementation in Safe Browsing in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via a crafted RAR file. Chromium security severity: Medium...

CVE-2026-11210

CVE-2026-11210 : In Google Chrome, the Safe Browsing implementation before version 149.0.7827.53 is affected by an inappropriate implementation that allows a remote attacker to bypass discretionary access control via a crafted RAR file (Chromium security severity: Medium). Affected software: Goog...

CVE-2026-11210

Inappropriate implementation in Safe Browsing in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via a crafted RAR file. Chromium security severity: Medium...

CVE-2026-11209

Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-11193

Insufficient policy enforcement in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. Chromium security severity: Medium...