378 matches found
CVE-2026-10916
Insufficient validation of untrusted input in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: High...
DEBIAN-CVE-2026-10916
Insufficient validation of untrusted input in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: High...
CVE-2026-11279
Out of bounds read in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Low...
CVE-2026-11279
Out of bounds read in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Low...
CVE-2026-11279
Out of bounds read in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Low...
CVE-2026-11279
CVE-2026-11279 affects Google Chrome DevTools; an out-of-bounds read in DevTools could allow a remote attacker to run arbitrary code inside the browser sandbox via a crafted HTML page. Affected version range is Chrome versions before 149.0.7827.53. The issue is described with Chromium security se...
CVE-2026-11279
Out of bounds read in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Low...
CVE-2026-11250
CVE-2026-11250 concerns Google Chrome DevTools prior to version 149.0.7827.53. The issue is an inappropriate implementation in DevTools that allowed a remote attacker who had already compromised the renderer process to read potentially sensitive data from process memory via a crafted HTML page. P...
CVE-2026-11250
Inappropriate implementation in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Low...
CVE-2026-11238
Inappropriate implementation in DevTools in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. Chromium security severity: Low...
CVE-2026-11212
Insufficient policy enforcement in DevTools in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. Chromium security severity: Medium...
CVE-2026-11212
The CVE-2026-11212 affects Google Chrome (DevTools) prior to version 149.0.7827.53, where insufficient policy enforcement in DevTools could allow a user- tricked to install a malicious extension to leak cross-origin data. The root cause is policy enforcement gaps in DevTools that enable data exfi...
CVE-2026-11189
Insufficient validation of untrusted input in DevTools in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. Chromium security severity: Medium...
CVE-2026-11189
Insufficient validation of untrusted input in DevTools in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. Chromium security severity: Medium...
CVE-2026-11126
Inappropriate implementation in DevTools in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. Chromium security severity: Medium...
CVE-2026-11092
Summary of CVE-2026-11092 : Google Chrome’s DevTools policy enforcement is insufficient before version 149.0.7827.53. An attacker could persuade a user to install a crafted (malicious) Chrome Extension to execute privilege escalation. Affected software: Chrome with DevTools; trigger requires user...
CVE-2026-11092
Insufficient policy enforcement in DevTools in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to perform privilege escalation via a crafted Chrome Extension. Chromium security severity: Medium...
CVE-2026-11092
Insufficient policy enforcement in DevTools in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to perform privilege escalation via a crafted Chrome Extension. Chromium security severity: Medium...
CVE-2026-11022
CVE-2026-11022 affects Google Chrome/Chromium prior to 149.0.7827.53 with insufficient validation of untrusted input in DevTools, enabling a remote attacker who has compromised the renderer to bypass same-origin policy via a crafted HTML page. Debian advisories (DSA-6325) confirm fixes in chromiu...
CVE-2026-11022
Insufficient validation of untrusted input in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...