18521 matches found
CVE-2026-15764
Use after free in Ozone in Google Chrome on Linux prior to 150.0.7871.125 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...
CVE-2026-15765
Use after free in Ozone in Google Chrome prior to 150.0.7871.125 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...
CVE-2026-15775
Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...
CVE-2026-15775
CVE-2026-15775 affects Google Chrome's V8 under a pre-150.0.7871.125 build. The issue is an inappropriate implementation that allowed a remote attacker to bypass the same-origin policy via a crafted HTML page. Impact is described as high in Chromium notes, with exploitation requiring user interac...
CVE-2026-15773
CVE-2026-15773 is a Use-After-Free in Chrome’s Core on Windows prior to 150.0.7871.125 that could allow a remote attacker to achieve a sandbox escape via a crafted HTML page. The vulnerability affects Google Chrome Windows builds and is tracked in multiple sources. No exploitation status is provi...
CVE-2026-15772
The CVE-2026-15772 entry describes a Use-After-Free in the GPU component of Google Chrome on Android prior to version 150.0.7871.125, which could allow a remote attacker who already compromised the renderer process to potentially escape the sandbox via a crafted HTML page. The issue is classified...
CVE-2026-15771
CVE-2026-15771 affects Google Chrome on Windows prior to 150.0.7871.125. The vulnerability arises from insufficient validation of untrusted input in the Media component, allowing a remote attacker who has compromised the renderer process to potentially read sensitive information from process memo...
CVE-2026-15768
Insufficient policy enforcement in HTML-in-Canvas in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...
CVE-2026-15769
CVE-2026-15769 concerns insufficient validation of untrusted input in Linux Toolkit Theming in Google Chrome on Linux prior to 150.0.7871.125, potentially allowing a renderer-compromised remote attacker to escape the sandbox via a crafted HTML page. The Chrome update notes roll-out of 150.0.7871....
CVE-2026-15766
CVE-2026-15766 refers to an Uninitialized Use in Skia inside Google Chrome before version 150.0.7871.125. The vulnerability affects Skia components used by Chrome, allowing a remote attacker to potentially read sensitive information from process memory via a crafted HTML page. The Chrome update n...
CVE-2026-15764
CVE-2026-15764 is a use-after-free in Chrome’s Ozone path on Linux, enabling potential heap corruption when a user is coerced into specific UI gestures via a crafted HTML page. Affected software is Google Chrome on Linux prior to the fixed build, with the issue classified as Critical (CVSS v3.1: ...
PT-2026-58741
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.125 Description Insufficient validation of untrusted input in Navigation allows a remote attacker who has compromised the renderer process to bypass navigation restrictions using a crafted HTML page...
PT-2026-58728
Use after free in Ozone in Google Chrome prior to 150.0.7871.125 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...
PT-2026-58727
Name of the Vulnerable Software and Affected Versions Google Chrome on Linux versions prior to 150.0.7871.125 Description A use-after-free issue exists in the Ozone graphics layer. A remote attacker could potentially exploit heap corruption—a condition where memory is corrupted in the heap area—v...
PT-2026-58733
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.125 Description An uninitialized use in the V8 engine allows a remote attacker to obtain potentially sensitive information from process memory by using a crafted HTML page. V8 is the open-source...
PT-2026-58729
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.125 Description An uninitialized use in Skia allows a remote attacker to obtain potentially sensitive information from process memory by using a crafted HTML page. Recommendations Update Google Chrome...
PT-2026-58735
Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 150.0.7871.125 Description A use after free issue in the GPU component allows a remote attacker who has already compromised the renderer process to potentially perform a sandbox escape. This is achiev...
golang.org/x/net/html: golang.org/x/net/html: Arbitrary code execution via Cross-Site Scripting
A flaw was found in golang.org/x/net/html. A remote attacker could exploit this vulnerability by providing specially crafted HTML. When this arbitrary HTML is parsed and rendered, it can result in an unexpected HTML tree, bypassing input sanitization. This can be leveraged to execute Cross-Site...
EUVD-2026-42478
Uninitialized Use in V8 in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...
EUVD-2026-42460
Inappropriate implementation in Navigation in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to bypass site isolation via a crafted HTML page. Chromium security severity: Medium...