ROS-20260520-73-0022

A vulnerability in the Digital Credentials API component of Google Chrome and Microsoft Edge browsers is related to the ability to use memory after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted...

Astra Linux - уязвимость в chromium

Using the “after free” mechanism in the Digital Credentials API in Google Chrome before version 146.0.7680.153 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape through a crafted HTML page. Chromium security severity: High...

Fedora 42 : chromium (2026-cc466cfb57)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-cc466cfb57 advisory. Update to 146.0.7680.164 High CVE-2026-4673: Heap buffer overflow in WebAudio High CVE-2026-4674: Out of bounds read in CSS High CVE-2026-4675: Heap...

OPENSUSE-SU-2026:20422-1 Security update for chromium

This update for chromium fixes the following issues: Changes in chromium: - Chromium 146.0.7680.153 boo1259964: CVE-2026-4439: Out of bounds memory access in WebGL CVE-2026-4440: Out of bounds read and write in WebGL CVE-2026-4441: Use after free in Base CVE-2026-4442: Heap buffer overflow in CSS...

Chromium: CVE-2026-4456 Use after free in Digital Credentials API

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

EUVD-2026-13473

Use after free in Digital Credentials API in Google Chrome prior to 146.0.7680.153 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-4456

Use after free in Digital Credentials API in Google Chrome prior to 146.0.7680.153 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-4456

Use after free in Digital Credentials API in Google Chrome prior to 146.0.7680.153 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-4456

Use after free in Digital Credentials API in Google Chrome prior to 146.0.7680.153 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-4456

Use after free in Digital Credentials API in Google Chrome prior to 146.0.7680.153 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-4456

Chrome: Use-after-free in the Digital Credentials API within the renderer can enable a sandbox escape when a crafted HTML page is loaded by a compromised renderer process. Affected product: Google Chrome. Vulnerable component: Digital Credentials API / renderer process. Root cause: use-after-free...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 146.0.7680.153 contained a security vulnerability. This vulnerability stemmed from the Digital Credentials API allowing for reusing of resources after release, which could enable remote attackers to execute...

CVE-2026-4456

Use after free in Digital Credentials API in Google Chrome prior to 146.0.7680.153 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

KLA90944 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, bypass security restrictions. Below is a complete list of vulnerabilities: 1. Type confusion vulnerability in V8 can be exploited to cause...

PT-2026-26527

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 146.0.7680.153 Description A use-after-free issue exists in the Digital Credentials API of Google Chrome. A remote attacker compromising the renderer process could potentially achieve a sandbox escape through a...

Nextcloud Information Disclosure Vulnerability (CNVD-2025-11223)

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. Nextcloud suffers from an information disclosure vulnerability that stems from the fact that after setting up user- or administrator-defined external storage...

RHEL 8 : openstack-keystone (RHSA-2019:4358)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:4358 advisory. The OpenStack Identity service keystone authenticates and authorizes OpenStack users by keeping track of users and their permitted activities. The...

SUSE CVE-2019-19687

OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enforcescope is false. Users with a role on a project are able to view any other users' credentials,...

openstack-keystone: EC2 and credential endpoints are not protected from a scoped context

A vulnerability was found in Keystone's EC2 credentials API. This flaw allows any user authenticated within a limited scope trust/OAuth/application credential to create an EC2 credential with escalated permissions, for example, obtaining an "admin" role, while the user is on a limited "viewer" ro...

Debian: Security Advisory (DSA-4679-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...