CVE-2026-11292

Insufficient policy enforcement in Blink in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Low...

CVE-2026-11171

Integer overflow in Blink in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-7896

CVE-2026-7896 is a Chrome/Blink vulnerability due to an integer overflow that can lead to heap corruption on a crafted HTML page. The vulnerability affects Blink in Google Chrome versions before 148.0.7778.96. The Chrome 148 stable update lists “Critical CVE-2026-7896: Integer overflow in Blink” ...

SUSE CVE-2026-5872

Use after free in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

SUSE CVE-2026-5875

Policy bypass in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-5913

CVE-2026-5913 concerns Blink in Google Chrome/Chromium, where an out-of-bounds memory read could be triggered by a crafted HTML page. The issue is described across multiple sources as an out-of-bounds read in Blink with a Chromium/Chrome context. Public fixes exist: Debian reports the security up...

CVE-2026-5875

Policy bypass in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-4462

CVE-2026-4462 : Affected component is Blink in Google Chrome. The issue is an out-of-bounds read in Blink that could be triggered by a crafted HTML page, allowing a remote attacker to read memory. This affects versions prior to 146.0.7680.153. The vulnerability is rated High severity. No exploita...

CVE-2026-0901

Inappropriate implementation in Blink in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: High...

CVE-2025-5068

Use after free in Blink in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

DEBIAN-CVE-2024-1669

Out of bounds memory access in Blink in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Chromium security severity: High...

DEBIAN-CVE-2022-4920

Heap buffer overflow in Blink in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

SUSE CVE-2016-1675

Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy by leveraging the mishandling of Document reattachment during destruction, related to FrameLoader.cpp and LocalFrame.cpp...

SUSE CVE-2016-5147

Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles deferred page loads, which allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS UXSS."...

SUSE CVE-2016-5209

Bad casting in bitmap manipulation in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

SUSE CVE-2018-6052

Lack of support for a non standard no-referrer policy value in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain referrer details from a web page that had thought it had opted out of sending referrer data...

SUSE CVE-2018-6099

A lack of CORS checks in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page...

SUSE CVE-2018-6114

Incorrect enforcement of CSP for tags in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass content security policy via a crafted HTML page...

SUSE CVE-2018-6121

Insufficient validation of input in Blink in Google Chrome prior to 66.0.3359.170 allowed a remote attacker to perform privilege escalation via a crafted HTML page...

SUSE CVE-2020-6552

Use after free in Blink in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...