722 matches found
CVE-2026-13919
Insufficient policy enforcement in Extensions in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13919
Insufficient policy enforcement in Extensions in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13919
CVE-2026-13919 describes an insufficent policy enforcement in Chrome’s Extensions on Chromium-based builds, where a crafted HTML page could enable a remote attacker with renderer access to bypass site isolation. Affected software/component: Google Chrome (Extensions/Chromium core). Root cause: po...
CVE-2026-13891
Vulnerability summary (CVE-2026-13891): Insufficient validation of untrusted input in the Extensions component of Google Chrome up to version 150.0.7871.47 allows a remote attacker who has already compromised the renderer process to escalate privileges by loading a crafted HTML page. The issue is...
CVE-2026-13891
Insufficient validation of untrusted input in Extensions in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13891
Insufficient validation of untrusted input in Extensions in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13888
Use after free in Extensions in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13888
Use after free in Extensions in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13888
The CVE-2026-13888 entry concerns a use-after-free in Chrome’s Extensions component affecting Chrome builds prior to 150.0.7871.47. The vulnerability allows a remote attacker to execute arbitrary code inside the Chrome sandbox via a crafted HTML page. Affected software: Google Chrome (Extensions ...
CVE-2026-13824
CVE-2026-13824 concerns Google Chrome extensions policy enforcement. The issue is described as insufficient policy enforcement in Chrome’s Extensions, allowing a remote attacker who has compromised the renderer process to escalate privileges via a crafted HTML page. The public notes specify the v...
CVE-2026-13824
Insufficient policy enforcement in Extensions in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. Chromium security severity: High...
CVE-2026-13824
Insufficient policy enforcement in Extensions in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. Chromium security severity: High...
CVE-2026-13774
Use after free in Extensions in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. Chromium security severity: Critical...
CVE-2026-13774
CVE-2026-13774: Use-after-free in Chrome Extensions allows arbitrary code execution when a user installs a malicious extension. Affected: Google Chrome (Extensions). Root cause: use-after-free in Extensions. Impact: potential arbitrary code execution. Mitigation: update to Chrome 150.0.7871.47 or...
CVE-2026-13774
Use after free in Extensions in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. Chromium security severity: Critical...
PT-2026-54275
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient validation of untrusted input within the Extensions component allows an attacker to perform UI spoofing. This occurs when a user is convinced to install a specially crafted...
PT-2026-54233
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Incorrect security UI in Extensions allows an attacker to inject arbitrary scripts or HTML via a crafted HTML page. This occurs when a user is convinced to install a malicious extension...
PT-2026-54165
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description A use after free issue exists within the Extensions component. This flaw allows a remote attacker to execute arbitrary code inside a sandbox by inducing the user to visit a specially...
PT-2026-54417
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An inappropriate implementation in Extensions allows a remote attacker who has compromised the renderer process to perform UI spoofing using a crafted HTML page. UI spoofing is a...
PT-2026-54051
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description A use after free issue exists within the Extensions component. This occurs when a program continues to use a pointer after it has been freed, which can lead to memory corruption. An...