719 matches found
CVE-2026-14142
Inappropriate implementation in Extensions in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...
CVE-2026-14142
Inappropriate implementation in Extensions in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...
CVE-2026-14053
CVE-2026-14053 affects Google Chrome where extensions enforcement is insufficient. A remote attacker who has already compromised the renderer process could leak cross-origin data via a crafted HTML page, due to policy enforcement gaps in Extensions before version 150.0.7871.47. The vulnerability ...
CVE-2026-14053
Insufficient policy enforcement in Extensions in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...
CVE-2026-14053
Insufficient policy enforcement in Extensions in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...
CVE-2026-14047
Insufficient policy enforcement in Extensions in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension. Chromium security severity: Low...
CVE-2026-14047
CVE-2026-14047 affects Google Chrome before version 150.0.7871.47 due to insufficient policy enforcement in Extensions, enabling an attacker who persuades a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension. The vulnerability’s impact is descri...
CVE-2026-14003
Insufficient policy enforcement in Extensions in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. Chromium security severity: Medium...
CVE-2026-14003
Affected software/scope: Google Chrome extensions mechanism. Vulnerability: Insufficient policy enforcement in Chrome Extensions prior to 150.0.7871.47 allows a user-assisted attacker to leak cross-origin data when a malicious extension is installed. Underlying issue: policy enforcement weakness ...
CVE-2026-13999
Insufficient validation of untrusted input in Extensions in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. Chromium security severity: Medium...
CVE-2026-13999
Insufficient validation of untrusted input in Extensions in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. Chromium security severity: Medium...
CVE-2026-13997
Incorrect security UI in Extensions in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13999
CVE-2026-13999 affects Google Chrome where insufficient validation of untrusted input in Extensions can enable UI spoofing via a crafted Chrome Extension. The vulnerability is triggered when a user is convinced to install a malicious extension, allowing spoofed UI elements as described in multipl...
CVE-2026-13957
Incorrect security UI in Extensions in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13957
Chrome extensions UXSS issue (CVE-2026-13957): Incorrect security UI in Extensions allowed a user-assisted attacker to inject arbitrary scripts/HTML via a crafted HTML page in Chrome before version 150.0.7871.47. Impact is partial and requires user interaction; update to Chrome 150.0.7871.47 or n...
CVE-2026-13948
CVE-2026-13948 : Concrete details in connected records show an insufficient policy enforcement in Google Chrome extensions prior to 150.0.7871.47, enabling a user-assisted UI spoofing attack if a user is convinced to install a malicious Chrome Extension. Root cause: policy enforcement weakness in...
CVE-2026-13948
Insufficient policy enforcement in Extensions in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. Chromium security severity: Medium...
CVE-2026-13948
Insufficient policy enforcement in Extensions in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. Chromium security severity: Medium...
CVE-2026-13919
Insufficient policy enforcement in Extensions in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13919
CVE-2026-13919 describes an insufficent policy enforcement in Chrome’s Extensions on Chromium-based builds, where a crafted HTML page could enable a remote attacker with renderer access to bypass site isolation. Affected software/component: Google Chrome (Extensions/Chromium core). Root cause: po...