44304 matches found
CVE-2026-14430
CVE-2026-14430 describes an integer overflow in V8 (Chromium/Google Chrome) prior to version 150.0.7871.46 , allowing a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Affected component: V8 engine within Chrome. Impact per documents: remote code execution with...
CVE-2026-14420
Summary (CVE-2026-14420): Out-of-bounds read/write in Dawn (Chrome’s Dawn integration) in Google Chrome
CVE-2026-14389
The provided sources describe a vulnerability in Google Chrome’s Skia: an integer overflow in Skia, prior to Chrome 150.0.7871.46, could allow a remote attacker who has compromised the renderer process to potentially escape the sandbox via a crafted HTML page. Affected component: Skia inside Chro...
CVE-2026-14414
Insufficient validation of untrusted input in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-14401
CVE-2026-14401 affects Google Chrome on Android through ANGLE, where insufficient validation of untrusted input in ANGLE prior to 150.0.7871.46 enables a renderer-Process-compromised remote attacker to potentially escape the sandbox via a crafted HTML page. The vulnerability is described as high ...
CVE-2026-14407
Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...
CVE-2024-0741 vulnerabilities
Vulnerabilities for packages: firefox-esr...
CVE-2026-34098
Guardian language-system fails to sanitize the id GET parameter before inserting it into HTML source and form action attributes in media.php lines 119, 129. An authenticated attacker can craft a URL that injects script tags executing in the victim's browser session...
CVE-2023-5728 vulnerabilities
Vulnerabilities for packages: firefox-esr...
CVE-2025-13023 vulnerabilities
Vulnerabilities for packages: firefox, firefox-esr...
GHSA-7JCF-W576-JVJ3 vulnerabilities
Vulnerabilities for packages: firefox, firefox-esr...
CVE-2025-11710 vulnerabilities
Vulnerabilities for packages: firefox, firefox-esr...
GHSA-5JPH-4X8H-WX83 vulnerabilities
Vulnerabilities for packages: chromium...
CVE-2024-3516 vulnerabilities
Vulnerabilities for packages: chromium...
CVE-2025-6428 vulnerabilities
Vulnerabilities for packages: firefox...
AI-Generated Browser Ransomware Abuses Chromium API on Windows, Linux, macOS, Android
Cybersecurity researchers have flagged a new malware artifact generated using DeepSeek that constructed a novel attack path combining "unrealistic browser-malware concepts with a real browser capability" to turn it into a working ransomware technique that runs entirely inside the browser on both...
CVE-2026-14101
An insufficient policy enforcement flaw was found in the Sandbox component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=513454805...
EUVD-2026-40426
Capgo console.capgo.app/login before 12.128.2 accepts accesstoken and refreshtoken in URL query parameters, automatically authenticating users without confirmation. Attackers can craft malicious links to force victims into attacker-controlled sessions, exposing tokens in browser history and logs...
EUVD-2026-40843
Insufficient policy enforcement in StorageAccessAPI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...
EUVD-2026-40719
Use after free in Bluetooth in Google Chrome on Mac prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. Chromium security severity: Low...