23 matches found
CVE-2026-7339
Heap buffer overflow in WebRTC in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-7351
CVE-2026-7351 describes a race in MHTML handling in Google Chrome prior to 147.0.7727.138. The vulnerability allows a user who is induced to install a crafted Chrome Extension to leak cross-origin data via MHTML processing. The root cause, per sources, is a race condition in MHTML handling; no ex...
CVE-2026-7353
Heap buffer overflow in Skia in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
CVE-2026-7363
Use after free in Canvas in Google Chrome on Linux, ChromeOS prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Critical...
CVE-2026-6312
Google Chrome Vulnerability CVE-2026-6312 affects the Passwords feature. The issue is caused by insufficient policy enforcement in Passwords, allowing a remote attacker who compromises the renderer process to leak cross-origin data via a crafted HTML page. Affected: Chrome versions before 147.0.7...
PT-2026-35847
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 147.0.7727.138 Description A use after free issue in Chromoting allows a remote attacker to execute arbitrary code via malicious network traffic. Use after free is a memory corruption flaw that occurs when an...
SUSE CVE-2026-5860
Use after free in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...
SUSE CVE-2026-5891
Insufficient policy enforcement in browser UI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
SUSE CVE-2026-5914
Type Confusion in CSS in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. Chromium security severity: Low...
SUSE CVE-2026-5918
Inappropriate implementation in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...
Linux Distros Unpatched Vulnerability : CVE-2026-5889
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cryptographic Flaw in PDFium in Google Chrome prior to 147.0.7727.55 allowed an attacker to read potentially sensitive information from encrypted PDFs via a...
CVE-2026-5912
Integer overflow in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: Low...
DEBIAN-CVE-2026-5911
Policy bypass in ServiceWorkers in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Low...
DEBIAN-CVE-2026-5901
Insufficient policy enforcement in DevTools in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to bypass enterprise host restrictions for cookie modification via a crafted Chrome Extension. Chromium security severity: Low...
CVE-2026-5889
Cryptographic Flaw in PDFium in Google Chrome prior to 147.0.7727.55 allowed an attacker to read potentially sensitive information from encrypted PDFs via a brute-force attack. Chromium security severity: Medium...
CVE-2026-5913
Out of bounds read in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: Low...
CVE-2026-5892
CVE-2026-5892 affects Google Chrome/Chromium PWAs. The root cause is insufficient policy enforcement for PWAs in the renderer, allowing a remote attacker who had compromised the renderer to install a PWA without user consent via a crafted HTML page. Affected versions are prior to 147.0.7727.55 (C...
CVE-2026-5881
CVE-2026-5881 describes a policy bypass in Chrome’s LocalNetworkAccess that could allow a remote attacker to bypass navigation restrictions via a crafted HTML page. The CVE affects Chrome/Chromium prior to 147.0.7727.55, with a Medium severity (CVSS 6.5, NETWORK attack vector, LOW attack complexi...
CVE-2026-5861
Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...
Stable Channel Update for Desktop
The Chrome team is delighted to announce the promotion of Chrome 147 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 147.0.7727.55 Linux 147.0.7727.55/56 Windows/Mac contains a number of fixes and improvements -- a list of changes is availab...