192398 matches found
EUVD-2026-40426
Capgo console.capgo.app/login before 12.128.2 accepts accesstoken and refreshtoken in URL query parameters, automatically authenticating users without confirmation. Attackers can craft malicious links to force victims into attacker-controlled sessions, exposing tokens in browser history and logs...
EUVD-2026-40798
Use after free in WebProtect in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. Chromium security severity: Low...
EUVD-2026-40819
Inappropriate implementation in WebXR in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...
EUVD-2026-40817
Incorrect security UI in Omnibox in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...
EUVD-2026-40735
Use after free in Chromecast in Google Chrome prior to 150.0.7871.47 allowed an attacker on the local network segment to obtain potentially sensitive information from process memory via a malicious peripheral. Chromium security severity: Low...
EUVD-2026-40699
Out of bounds read in SurfaceCapture in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: Medium...
EUVD-2026-40703
Race in WebRTC in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...
EUVD-2026-40701
Inappropriate implementation in SVG in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
EUVD-2026-40670
Incorrect security UI in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
EUVD-2026-40675
Incorrect security UI in Mobile in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
EUVD-2026-40504
Inappropriate implementation in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: High...
EUVD-2026-40415
Invidious through 2.20260626.0, fixed in commit 77ad416, contains a broken object level authorization vulnerability that allows authenticated attackers to delete videos from other users' playlists by supplying an arbitrary global video index in the removevideo action of the playlist endpoint...
EUVD-2026-40420
An unauthenticated remote attacker can repeatedly send crafted connection requests to leak memory. In single-process deployments the memory grows until the service is killed and the port stops responding until restart...
CVE-2026-14147
CVE-2026-14147 : This vulnerability affects Google Chrome’s CSS handling prior to version 150.0.7871.47, where an inappropriate implementation could allow a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. The root cause is an implementation issue in CSS process...
CVE-2026-14144
Incorrect security UI in Views in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...
CVE-2026-14088
CVE-2026-14088 concerns an uninitialized use in Canvas on Google Chrome for Android. The issue allows a remote attacker to elicit potentially sensitive information from process memory via a crafted HTML page. The vulnerability affects Chrome on Android versions before 150.0.7871.47; the fix is ex...
CVE-2026-14084
CVE-2026-14084 concerns Chromoting in Google Chrome with versions prior to 150.0.7871.47. The vulnerability stems from insufficient validation of untrusted input, enabling a remote attacker to potentially cause heap corruption through malicious network traffic. Affected component is Chromoting wi...
CVE-2026-14072
Google Chrome contains an inappropriately implemented SplitView component that is vulnerable before version 150.0.7871.47, enabling a remote attacker to perform UI spoofing through a crafted HTML page. The vulnerability is classified with Chromium security severity: Low. Affected product/area: Ch...
CVE-2026-14031
Summary: CVE-2026-14031 affects Google Chrome before 150.0.7871.47. The issue is an inappropriate implementation in the File Input component, enabling a remote attacker to execute a UI spoofing attack via a crafted HTML page. Impact (as described): UI spoofing from a crafted HTML page. Severity l...
CVE-2026-14016
CVE-2026-14016 : In Google Chrome, an inappropriate implementation in SVG allowed a remote attacker to leak cross-origin data via a crafted HTML page. Affected product: Chrome (Chromium base). Vulnerability arises in SVG handling prior to version 150.0.7871.47 . Impact, as stated: potential cross...