SUSE CVE-2026-11028

Use after free in Media in Google Chrome on Linux and ChromeOS prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-0248

An improper certificate validation vulnerability in the Prisma Access Agent® for Android and Chrome OS enables an attacker to perform a man-in-the-middle MitM attack to intercept VPN traffic. By presenting a certificate for any domain issued by a trusted Certificate Authority, the attacker can...

DEBIAN-CVE-2026-11028

Use after free in Media in Google Chrome on Linux and ChromeOS prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-11028

Use after free in Media in Google Chrome on Linux and ChromeOS prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

PT-2026-46557

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description A use after free issue in the Media component allows a remote attacker who has compromised the renderer process to execute arbitrary code inside a sandbox. This is achieved through the...

SUSE CVE-2026-46134

In the Linux kernel, the following vulnerability has been resolved: platform/chrome: crosectypec: Init mutex in Thunderbolt registration crostypecregisterthunderbolt missed initializing the adata-lock mutex. This leads to a NULL dereference when the mutex is later acquired e.g. in...

CVE-2026-9985

Insufficient validation of untrusted input in Media in Google Chrome on ChromeOS prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

CVE-2026-9985

The CVE-2026-9985 entry affects Google Chrome on ChromeOS, leveraging the Media component in Chromium. The root cause is insufficient validation of untrusted input within Media, allowing a remote attacker that already compromised the renderer process to read potentially sensitive memory contents ...

CVE-2026-9985

Insufficient validation of untrusted input in Media in Google Chrome on ChromeOS prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

CVE-2026-9985

Insufficient validation of untrusted input in Media in Google Chrome on ChromeOS prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

PT-2026-44693

Name of the Vulnerable Software and Affected Versions Google Chrome on ChromeOS versions prior to 148.0.7778.216 Description Insufficient validation of untrusted input in the Media component allows a remote attacker who has compromised the renderer process to obtain potentially sensitive...

PT-2026-44257

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description A NULL dereference occurs in the Linux kernel when the cros typec register thunderbolt function fails to initialize the adata-lock mutex. This issue manifests when the uninitialized mutex i...

CVE-2026-9117

Type Confusion in GFX in Google Chrome on Linux, ChromeOS prior to 148.0.7778.179 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted video file. Chromium security severity: High...

CVE-2026-9123

Heap buffer overflow in Chromecast in Google Chrome on Android, Linux, ChromeOS prior to 148.0.7778.179 allowed a local attacker to execute arbitrary code inside a sandbox via malicious network traffic. Chromium security severity: Medium...

Astra Linux - уязвимость в chromium

In the Overview Mode of Google Chrome on Chrome OS, before version 109.0.5414.74, a remote attacker who convinced a user to perform certain UI interactions could potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: platform/chrome: crosecchardev: fix kernel data leak from ioctl It is possible to view the data of kernel pages by providing a larger insize value in struct croseccommand1 when invoking EC host commands. This issue can be fixed b...

Astra Linux - уязвимость в chromium

Before version 105.0.5195.52, using PhoneHub in Google Chrome on Chrome OS allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...

Astra Linux - уязвимость в chromium

In the Network Config UI of the Google Chrome browser on ChromeOS, incorrect security user interfaces prior to version 90.0.4430.72 allowed a remote attacker to potentially compromise Wi-Fi connection security through a malicious wireless adapter...

Astra Linux - уязвимость в chromium

Out-of-bounds memory access occurred in the UI interface of Lacros in Google Chrome on the Chrome OS. Prior to version 101.0.4951.41, this vulnerability allowed a remote attacker to potentially exploit heap corruption through specific user interactions...

Astra Linux - уязвимость в chromium

Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page. Chromium security severity: High...