CVE-2026-11274

Inappropriate implementation in DOM Distiller in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...

CVE-2026-11272

Insufficient validation of untrusted input in Reading List in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted HTML page. Chromium security severity: Low...

CVE-2026-10958

CVE-2026-10958 : A use-after-free in Chrome for iOS (Google Chrome on iOS) prior to version 149.0.7827.53 allows a remote attacker who persuades a user to perform specific UI gestures to run arbitrary code via a crafted HTML page. Affected product: Chrome for iOS. Root cause: use-after-free in th...

CVE-2026-10952

Use after free in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2026-10952

CVE-2026-10952 : Use-after-free in Chrome on iOS (Google Chrome on iOS) prior to version 149.0.7827.53 can allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. The vulnerability is tied to a use-after-free in Chrome for iOS, with an impact described as high by C...

CVE-2026-10951

Use after free in Autofill in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

SUSE CVE-2026-9971

Inappropriate implementation in iOS in Google Chrome on iOS prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: High...

SUSE CVE-2026-8584

Inappropriate implementation in Views in Google Chrome on iOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-7941

Insufficient validation of untrusted input in Mobile in Google Chrome on Android prior to 148.0.7778.96 allowed a local attacker to inject arbitrary scripts or HTML UXSS via a crafted Chrome Extension. Chromium security severity: Medium...

CVE-2026-7931

CVE-2026-7931 affects Google Chrome on iOS (pre-148.0.7778.96). The issue is due to insufficient validation of untrusted input, enabling a remote attacker to spoof UI via a crafted HTML page. The Chrome 148 release (148.0.7778.96) provides fixes across platforms, with Chrome’s stable channel upda...

CVE-2026-7897

Use after free in Mobile in Google Chrome on iOS prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

PT-2026-38124

Name of the Vulnerable Software and Affected Versions Google Chrome on iOS versions prior to 148.0.7778.96 Description Insufficient validation of untrusted input allows a remote attacker to perform UI spoofing, which is the act of mimicking a legitimate user interface to deceive users, via a...

EUVD-2026-20717

Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted domain name. Chromium security severity: Low...

CVE-2026-5895

Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted domain name. Chromium security severity: Low...

CVE-2026-3930

Unsafe navigation in Navigation in Google Chrome on iOS prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...

PT-2026-24878

🚨 CVE-2026-3930 Unsafe navigation in Navigation in Google Chrome on iOS prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium 🎖@cveNotify...

DEBIAN-CVE-2024-8909

Inappropriate implementation in UI in Google Chrome on iOS prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

HackerOne: Domain highlighting on External link warning is not working on Chrome & Microsoft Edge browsers on Mobile

The domain highlighting functionality on the External Link Warning interstitial page was not working as intended on the Chrome and Microsoft Edge mobile browsers. The issue was reported to have been previously fixed by HackerOne, but it appears to have resurfaced. The vulnerability could have...

PT-2024-2640 · Google +3 · Google Chrome +3

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 123.0.6312.58 Description: The issue is related to inappropriate implementation in iOS, allowing a remote attacker to leak cross-origin data via a crafted HTML page. This is due to insufficient access control,...

DEBIAN-CVE-2023-1225

Insufficient policy enforcement in Navigation in Google Chrome on iOS prior to 111.0.5563.64 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...