CVE-2026-7905

Insufficient validation of untrusted input in Media in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-7905

Insufficient validation of untrusted input in Media in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-7905

Insufficient validation of untrusted input in Media in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-7905

CVE-2026-7905 affects Google Chrome on Android prior to version 148.0.7778.96. The issue is insufficient validation of untrusted input in Media, which, if a renderer was compromised by a crafted HTML page, could enable a sandbox escape. The connected sources (NVD/NVDiOS, Debian OSV, ENISA EUVD, D...

Exploit for Incorrect Implementation of Authentication Algorithm in Google Android

CVE-2026-0073 PoC Wireless ADB TLS Auth Bypass This directo...

Exploit for Incorrect Implementation of Authentication Algorithm in Google Android

🔓 CVE-2026-0073: Android adbd Authentication Bypass Proof...

GHSA-7GMJ-67G7-PHM9 Tauri has an Origin Confusion Issue that Allows Remote Pages to Invoke Local-Only IPC Commands

Summary A flaw in Tauri's islocalurl function causes it to incorrectly classify remote URLs as trusted local origins on Windows and Android. On these systems, Tauri maps custom URI scheme protocols to http://.localhost/ because those platforms' WebView implementations cannot serve custom URI...

Tauri has an Origin Confusion Issue that Allows Remote Pages to Invoke Local-Only IPC Commands

Summary A flaw in Tauri's islocalurl function causes it to incorrectly classify remote URLs as trusted local origins on Windows and Android. On these systems, Tauri maps custom URI scheme protocols to http://.localhost/ because those platforms' WebView implementations cannot serve custom URI...

Google's Android Apps Get Public Verification to Stop Supply Chain Attacks

Google has announced expanded Binary Transparency for Android as a way to safeguard the ecosystem from supply chain attacks. "This new public ledger ensures the Google apps on your device are exactly what we intended to build and distribute," Google's product and security teams said. The initiati...

Samsung Print Service Plugin – Potential Information Disclosure

Samsung Print Service Plugin for Android is potentially vulnerable to information disclosure when using an outdated version of the application via mobile devices. HP is releasing updates to mitigate these potential vulnerabilities. Update your application...

PT-2026-38134

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 148.0.7778.96 Description Insufficient validation of untrusted input in the mobile version allows a local attacker to inject arbitrary scripts or HTML, leading to Universal Cross-Site Scripting UXSS,...

PT-2026-38256

Name of the Vulnerable Software and Affected Versions Samsung Print Service Plugin for Android affected versions not specified Description Samsung Print Service Plugin for Android contains a flaw that may lead to information disclosure when accessed via mobile devices using an outdated version of...

PT-2026-38262

Summary A flaw in Tauri's is local url function causes it to incorrectly classify remote URLs as trusted local origins on Windows and Android. On these systems, Tauri maps custom URI scheme protocols to http://.localhost/ because those platforms' WebView implementations cannot serve custom URI...

Google Android ADB Authentication Bypass Vulnerability

Android is an open source mobile operating system developed by Google, widely used in smartphones, tablets, smart TVs, cars and various IoT devices, providing core capabilities such as application operation, device management, network communication, debugging and security control, etc. Android...

PT-2026-38186

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 148.0.7778.96 Description Insufficient validation of untrusted input in Payments allows a remote attacker who has compromised the renderer process to spoof the contents of the Omnibox URL bar using a...

PT-2026-38213

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 148.0.7778.96 Description An uninitialized use in the GPU allows a remote attacker who has compromised the renderer process to obtain potentially sensitive information from process memory through a...

PT-2026-38098

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 148.0.7778.96 Description Insufficient validation of untrusted input in the Media component allows a remote attacker who has already compromised the renderer process to potentially perform a sandbox...

FEMITBOT Network Abuses Telegram Mini Apps for Crypto Scams and Android Malware

A massive fraud network called FEMITBOT uses Telegram Mini Apps and fake brand names like Apple, Disney, and…...

ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows

The North Korea-aligned state-sponsored hacking group known as ScarCruft has compromised a video game platform in a supply chain espionage attack, trojanizing its components with a backdoor called BirdCall to likely target ethnic Koreans residing in China. While prior versions of the backdoor hav...

PT-2026-38105

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 148.0.7778.96 Description An integer overflow in the GPU component allows a remote attacker who has compromised the renderer process to perform arbitrary read and write operations via a crafted HTML...