DEBIAN-CVE-2026-10918

Use after free in Viz in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-10895

Use after free in Ozone in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

Chromium: CVE-2026-7998 Insufficient validation of untrusted input in Dialog

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Gotenberg's DNS rebinding bypasses SSRF validation on Chromium URL conversion routes

Summary FilterOutboundURL resolves the hostname, checks the resolved IPs against the private-address deny-list, and returns only the error. It discards the resolved addresses. Chromium later performs its own DNS resolution when it navigates to the URL. An attacker who controls DNS for a hostname...

CVE-2026-4462

Out of bounds read in Blink in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: High...

PT-2025-44680

Name of the Vulnerable Software and Affected Versions Chromium affected versions not specified Description An issue exists within Chromium’s V8 component due to an inappropriate implementation. This could allow attackers to affect the system. Microsoft Edge, being Chromium-based, is also impacted...