482 matches found
EUVD-2026-40797
Inappropriate implementation in DarkMode in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...
EUVD-2026-40786
Use after free in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Low...
EUVD-2026-40744
Inappropriate implementation in FedCM in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...
EUVD-2026-40682
Inappropriate implementation in Credential Management in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
EUVD-2026-40686
Incorrect security UI in File Input in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
EUVD-2026-40671
Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to spoof the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: Medium...
EUVD-2026-40557
Insufficient policy enforcement in GuestView in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: Medium...
EUVD-2026-40545
Inappropriate implementation in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...
EUVD-2026-40532
Use after free in USB in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
EUVD-2026-40506
Out of bounds read in Skia in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...
EUVD-2026-40496
Inappropriate implementation in Input in Google Chrome on Linux prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...
CVE-2026-14148
Type Confusion in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Low...
CVE-2026-14052
CVE-2026-14052 concerns Google Chrome’s FileSystem policy enforcement. The reported issue allows a remote attacker to bypass discretionary access control by presenting a crafted HTML page, affecting Chrome versions prior to 150.0.7871.47. The Chromium-derived description lists the impact as Low s...
CVE-2026-14051
CVE-2026-14051 concerns Google Chrome where the GamepadAPI has an uninitialized memory access bug. A remote attacker who has already compromised the renderer process could read potentially sensitive data from process memory via a crafted HTML page. Affected versions are Chrome prior to 150.0.7871...
CVE-2026-13947
CVE-2026-13947 concerns Google Chrome’s XR handling. The vulnerability is described as an uninitialized use in XR that affects Chrome prior to version 150.0.7871.47 . A remote attacker who had already compromised the renderer process could potentially read sensitive information from the process m...
CVE-2026-13868
Google Chrome for Android is affected by CVE-2026-13868 due to an inappropriate implementation in the Network component, enabling a remote attacker who has compromised the renderer process to bypass site isolation via a crafted HTML page. Affected version range is before 150.0.7871.47. The issue ...
CVE-2026-13866
In Google Chrome on Android, prior to version 150.0.7871.47, an inappropriate implementation in Input allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Affected product: Chrome for Android. Root cause: flawed input handling enabli...
CVE-2026-13847
CVE-2026-13847 affects Chrome for iOS on iOS, where insufficient validation of untrusted input allows a remote attacker to leak cross-origin data via a crafted HTML page. Affected versions are prior to 150.0.7871.47. The issue is labeled as High severity. remediation: update to 150.0.7871.47 or n...
Astra Linux – Vulnerability in Chromium
Before version 94.0.4606.61, using "use after free" in Portals within Google Chrome allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
The use of “after free” in videos within Google Chrome before version 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...