810 matches found
CVE-2026-14049
Inappropriate implementation in GPU in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Low...
CVE-2026-14024
CVE-2026-14024 : A use-after-free in Ozone within Google Chrome on Linux versions before 150.0.7871.47 allows a remote attacker who entices a user to perform specific UI gestures to potentially trigger heap corruption via a crafted HTML page. Impact is described as high for confidentiality, integ...
CVE-2026-14009
Inappropriate implementation in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13984
Incorrect security UI in TabStrip in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13973
CVE-2026-13973 affects Google Chrome UI handling: an inappropriate UI implementation prior to version 150.0.7871.47 allows a remote attacker to spoof UI via a crafted HTML page when a user is guided to perform specific UI gestures. The vulnerability is described across NVD/ENISA/CVE records with ...
CVE-2026-13965
Use after free in Oilpan in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13947
CVE-2026-13947 concerns Google Chrome’s XR handling. The vulnerability is described as an uninitialized use in XR that affects Chrome prior to version 150.0.7871.47 . A remote attacker who had already compromised the renderer process could potentially read sensitive information from the process m...
CVE-2026-13941
CVE-2026-13941 affects Google Chrome on Android. The vulnerability arises from an inappropriate SiteSettings implementation that enables UI spoofing via a crafted HTML page. Affected version is Chrome for Android before 150.0.7871.47. Impact is UI spoofing (no confidentiality, no data loss per th...
CVE-2026-13930
Insufficient policy enforcement in Actor in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13919
Insufficient policy enforcement in Extensions in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13880
Use after free in USB in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13868
Technical details (affected components, root cause, fixes) are not publicly available in the provided documents; monitor for updates from official advisories.
CVE-2026-13866
CVE-2026-13866 affects Google Chrome on Android prior to 150.0.7871.47. The issue is an inappropriate implementation in Input that lets a remote attacker with renderer access bypass site isolation via a crafted HTML page. Impact is a site-isolation bypass with potential access to other origins; n...
CVE-2026-13865
Insufficient validation of untrusted input in Enterprise in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13861
Use after free in Core in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13847
Chrome for iOS (Google Chrome on iOS) is affected by CVE-2026-13847 due to insufficient validation of untrusted input, allowing a remote attacker to leak cross-origin data via a crafted HTML page. The vulnerability affects Chrome on iOS prior to version 150.0.7871.47. Impact is cross-origin data ...
CVE-2026-13841
CVE-2026-13841 affects Google Chrome components using Skia . The issue is an integer overflow in Skia that, on Chrome builds prior to 150.0.7871.47 , could allow a remote attacker who already compromised the renderer process to perform a sandbox escape via a crafted HTML page . The explicit impac...
CVE-2026-13825
CVE-2026-13825 describes an uninitialized use in Dawn within Google Chrome (Chromium-based) prior to version 150.0.7871.47, enabling a remote attacker to potentially trigger heap corruption via a crafted HTML page. Affected product: Google Chrome (Chromium Dawn component). Root cause: uninitializ...
CVE-2026-13818
Inappropriate implementation in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: High...
CVE-2026-13815
Use after free in Blink in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...