CVE-2026-11648

Use after free in FullScreen in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2026-11646

Use after free in ViewTransitions in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

CVE-2026-11642

CVE-2026-11642 describes a use-after-free in Google Chrome’s Web Apps renderer that could allow a remote attacker who already compromised the renderer to potentially perform a sandbox escape via a crafted HTML page. Affected product: Chrome (Web Apps) prior to version 149.0.7827.103. Impact : san...

CVE-2026-11640

Integer overflow in libyuv in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

CVE-2026-11631

Use after free in Aura in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

PT-2026-47490

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description A use after free issue in Payments allows a remote attacker to potentially exploit heap corruption through a crafted HTML page. Use after free occurs when an application continues to u...

PT-2026-47455

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description A use after free issue in Ozone allows a remote attacker to potentially exploit heap corruption through a crafted HTML page. Use after free is a condition where a program continues to...

PT-2026-47501

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description An out of bounds read occurs in Skia, a graphics library. This allows a remote attacker who has already compromised the renderer process to leak cross-origin data by using a specially...

PT-2026-47472

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description A use after free issue exists in ViewTransitions, which allows a remote attacker to execute arbitrary code within a sandbox by utilizing a specially crafted HTML page. Use after free i...

PT-2026-47519

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description An inappropriate implementation in Plugins allows a remote attacker who has compromised the renderer process to bypass site isolation by using a crafted HTML page. Site isolation is a...

PT-2026-47523

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description Insufficient validation of untrusted input in the UI allows a remote attacker to potentially perform a sandbox escape by using a crafted HTML page. A sandbox escape is a technique used...

PT-2026-47473

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.103 Description A use after free issue in the Printing component allows a remote attacker who has already compromised the renderer process to potentially perform a sandbox escape. This is...

PT-2026-47524

Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 149.0.7827.103 Description A use after free issue exists in the Bluetooth component, which could allow a remote attacker to potentially exploit heap corruption through a crafted HTML page. Use after free ...

PT-2026-47495

Name of the Vulnerable Software and Affected Versions Google Chrome on ChromeOS versions prior to 149.0.7827.103 Description An out of bounds read occurs in the Media component. This allows a remote attacker who has already compromised the renderer process to access potentially sensitive...

PT-2026-47498

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.103 Description A heap buffer overflow exists in the GPU component. This issue allows a remote attacker who has already compromised the renderer process to potentially achieve a sandbox...

SUSE CVE-2026-10909

Use after free in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

SUSE CVE-2026-10916

Insufficient validation of untrusted input in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: High...

SUSE CVE-2026-10931

Use after free in FileSystem in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

SUSE CVE-2026-10976

Uninitialized Use in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

SUSE CVE-2026-10996

Inappropriate implementation in Workers in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...