17872 matches found
CVE-2026-14032
Use after free in Bluetooth in Google Chrome on Mac prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. Chromium security severity: Low...
CVE-2026-14032
This CVE affects Google Chrome on macOS, describing a Use-After-Free in Bluetooth that allows code execution when a user is tricked into installing a crafted Chrome Extension. The vulnerable condition is Chrome versions prior to 150.0.7871.47. Impact is arbitrary code execution with high severity...
CVE-2026-14032
Use after free in Bluetooth in Google Chrome on Mac prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. Chromium security severity: Low...
CVE-2026-13903
Insufficient policy enforcement in Bluetooth in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform privilege escalation via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13903
CVE-2026-13903 affects Google Chrome’s Bluetooth implementation. The connected records describe insufficient policy enforcement in Chrome prior to version 150.0.7871.47, enabling privilege escalation via a crafted HTML page. There is no explicit exploitation detail or confirmed in-the-wild use in...
CVE-2026-13903
Insufficient policy enforcement in Bluetooth in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform privilege escalation via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13878
Use after free in Bluetooth in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13878
CVE-2026-13878: A use-after-free in Bluetooth in Google Chrome on macOS (before 150.0.7871.47) could allow a remote attacker who has compromised the renderer process to potentially escape the sandbox via a crafted HTML page. Affected product: Google Chrome on macOS; root cause: use-after-free in ...
CVE-2026-13878
Use after free in Bluetooth in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13879
CVE-2026-13879 : Use-after-free in Bluetooth handling in Google Chrome (Chromium) prior to 150.0.7871.47. The issue allows an attacker on the local network segment to potentially read sensitive data from a process’s memory via a malicious Bluetooth peripheral. Affected component is Bluetooth code...
CVE-2026-13879
Use after free in Bluetooth in Google Chrome prior to 150.0.7871.47 allowed an attacker on the local network segment to obtain potentially sensitive information from process memory via a malicious peripheral. Chromium security severity: Medium...
CVE-2026-13785
Use after free in Bluetooth in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...
CVE-2026-13785
CVE-2026-13785 is a use-after-free in Bluetooth handling in Google Chrome on macOS, affected before version 150.0.7871.47. A remote attacker could harness crafted HTML and force a user to perform specific UI gestures to potentially escape the Chrome sandbox. The issue is documented across multipl...
CVE-2026-13785
Use after free in Bluetooth in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...
CVE-2026-9263
The Zephyr Bluetooth controller ISO Adaptation Layer subsys/bluetooth/controller/llsw/isoal.c fails to validate the length field of a framed ISO PDU start segment. Per the Bluetooth specification a start segment sc=0 always carries a 3-byte timeoffset, so its segment-header len must be at least...
CVE-2026-10654
A race condition in the Zephyr Bluetooth Classic RFCOMM host stack subsys/bluetooth/host/classic/rfcomm.c mishandles a simultaneous bidirectional session disconnect. When the local device has initiated a session teardown state BTRFCOMMSTATEDISCONNECTING, DISC sent, RTX timer armed and the connect...
CVE-2026-10654
The CVE-2026-10654 issue is a race in Zephyr’s Bluetooth Classic RFCOMM host stack (subsys/bluetooth/host/classic/rfcomm.c): when one side initiates a session teardown and the peer simultaneously sends a DISC for DLCI 0, rfcomm_handle_disc() forces the session to DISCONNECTED without calling bt_l...
CVE-2026-9263
The CVE-2026-9263 issue affects Zephyr’s Bluetooth controller ISO Adaptation Layer (ISOAL). It stems from insufficient validation of framed ISO PDU start segments: start segments with sc=0 are required to have a len of at least 3 (PDU_ISO_SEG_TIMEOFFSET_SIZE), but isoal_check_seg_header() accepte...
PT-2026-54062
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description A use-after-free issue exists in the Bluetooth component of Google Chrome on macOS. A remote attacker can exploit this by convincing a user to visit a crafted HTML page and perform...
CVE-2026-10593
The Zephyr Bluetooth LE Audio Basic Audio Profile BAP unicast client mishandles peer-supplied ASE state notifications. In unicastclientepqosstate subsys/bluetooth/audio/bapunicastclient.c, the handler writes attacker-controlled QoS fields interval, framing, phy, sdu, rtn, latency, pd through the...