2967 matches found
CVE-2026-13036
Use after free in Blink in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...
CVE-2026-13024
Insufficient validation of untrusted input in Navigation in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...
CVE-2026-13036
Use after free in Blink in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...
EUVD-2026-39046
Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...
CVE-2026-13031
Use after free in Blink in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...
CVE-2026-13024
Insufficient validation of untrusted input in Navigation in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...
CVE-2026-13024
CVE-2026-13024 : The issue is in Google Chrome’s Navigation logic, where insufficient validation of untrusted input in the renderer allows a remote attacker who has compromised the renderer process to bypass site isolation via a crafted HTML page. Affected product: Google Chrome (Chromium-based)....
CVE-2026-13021
Google Chrome prior to 149.0.7827.197 contains an inappropriate implementation in DeviceBoundSessionCredentials that can allow a remote attacker to bypass the same-origin policy via a crafted HTML page. The CVE description notes a Chromium-based issue with High severity; updates to Chrome are ref...
CVE-2026-13033
CVE-2026-13033 affects Google Chrome’s Blink component, specifically Blink>InterestGroups. The vulnerability is described as an out-of-bounds read and write that could allow a remote attacker to execute arbitrary code via a crafted HTML page. Affected versions are Chrome prior to 149.0.7827.19...
CVE-2026-13028
CVE-2026-13028 is a use-after-free in WebGL of Google Chrome on Android, prior to version 149.0.7827.197, that could allow a remote attacker to sandbox-escape via a crafted HTML page. Severity is Critical (CVSS 3.1: AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). The available connected documents reiterate...
PT-2026-52054
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.197 Description A use after free issue in Blink allows a remote attacker to execute arbitrary code inside a sandbox by using a crafted HTML page. Use after free is a memory corruption flaw that occurs...
Astra Linux – Vulnerability in Chromium
Insufficient data validation in Reader Mode in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page and a malicious server...
Astra Linux – Vulnerability in Chromium
Before version 87.0.4280.141, using "after free" in audio playback in Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Before version 90.0.4430.212, using Autofill in Google Chrome allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Before version 142.0.7444.59, reading outside the bounds in WebXR with Google Chrome allowed a remote attacker to perform an out-of-bounds memory read through a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in Chromium
Before version 92.0.4515.131, writing out-of-bounds data using Tab groups in Google Chrome allowed an attacker who convinced a user to install a malicious extension to perform an out-of-bounds memory write via a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Before version 92.0.4515.107, using Autofill in Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Before version 91.0.4472.77, using TabStrip in Google Chrome allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Before version 92.0.4515.159, using free after functions in WebRTC in Google Chrome allowed an attacker who convinced a user to visit a malicious website to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Before version 95.0.4638.54, using Free after PDF accessibility in Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...