SUSE CVE-2026-6315

Use after free in Permissions in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

CVE-2026-6315

An use after free flaw was found in the Permissions component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=499247910...

CVE-2026-6358

Use after free in XR in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: Critical...

CVE-2026-6319

Use after free in Payments in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-6358

Use after free in XR in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: Critical...

CVE-2026-6358

Use after free in XR in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: Critical...

Linux Distros Unpatched Vulnerability : CVE-2026-6319

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Payments in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures ...

Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability

User interface ui misrepresentation of critical information in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...

PT-2026-31958

OpenClaw before 2026.3.22 contains an unvalidated WebView JavascriptInterface vulnerability allowing attackers to inject arbitrary instructions. Untrusted pages can invoke the canvas bridge to execute malicious code within the Android application context...

EUVD-2026-20726

Race in Media in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to corrupt media stream metadata via a crafted HTML page. Chromium security severity: Low...

DEBIAN-CVE-2026-5906

Incorrect security UI in Omnibox in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: Low...

DEBIAN-CVE-2026-5902

Race in Media in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to corrupt media stream metadata via a crafted HTML page. Chromium security severity: Low...

CVE-2026-5906

Incorrect security UI in Omnibox in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: Low...

CVE-2026-5906

Incorrect security UI in Omnibox in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: Low...

CVE-2026-5906

CVE-2026-5906 concerns Google Chrome on Android where an incorrect security UI in the Omnibox could allow a remote attacker to spoof the URL bar via a crafted HTML page. The issue affects Chrome on Android prior to version 147.0.7727.55; the mitigation is to update to that or later builds. The do...

CVE-2026-5902

Race in Media in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to corrupt media stream metadata via a crafted HTML page. Chromium security severity: Low...

CVE-2026-5682

A vulnerability has been found in Meesho Online Shopping App up to 27.3 on Android. Affected is an unknown function of the file /api/endpoint of the component com.meesho.supply. Such manipulation leads to risky cryptographic algorithm. The attack may be performed from remote. The attack requires ...

Android Security Bulletin—April 2026Stay organized with collectionsSave and categorize content based on your preferences.

This Android Security Bulletin contains details of security vulnerabilities that affect Android devices. Security patch levels of 2026-04-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version. Within 48 hours afte...

CVE-2026-5452

A flaw has been found in UCC CampusConnect App up to 14.3.5 on Android. This vulnerability affects unknown code of the file campusconnect/BuildConfig.java of the component campusconnect.ucc. This manipulation causes use of hard-coded cryptographic key . The attack can only be executed locally. Th...

EUVD-2026-18799

A vulnerability was detected in Investory Toy Planet Trouble App up to 1.5.5 on Android. Impacted is an unknown function of the file assets/google-services-desktop.json of the component app.investory.toyfactory. The manipulation of the argument currentkey results in use of hard-coded cryptographi...