CVE-2026-3539

CVE-2026-3539 describes a heap-corruption risk in Google Chrome’s DevTools caused by an object lifecycle issue, exploitable via a crafted Chrome Extension. Affected software: Chrome (DevTools) prior to version 145.0.7632.159. The vulnerability can be triggered after user interaction, with an atta...

CVE-2026-3539

Object lifecycle issue in DevTools in Google Chrome prior to 145.0.7632.159 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. Chromium security severity: High...

CVE-2026-3539

Object lifecycle issue in DevTools in Google Chrome prior to 145.0.7632.159 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. Chromium security severity: High...

CVE-2026-3539

Object lifecycle issue in DevTools in Google Chrome prior to 145.0.7632.159 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. Chromium security severity: High...

CVE-2026-3539

Object lifecycle issue in DevTools in Google Chrome prior to 145.0.7632.159 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. Chromium security severity: High...

openSUSE 16 Security Update : chromium (openSUSE-SU-2026:20277-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20277-1 advisory. Changes in chromium: - Chromium 145.0.7632.116 boo1258733: CVE-2026-3061: Out of bounds read in Media CVE-2026-3062: Out of bounds read and writ...

GHSA-V3J7-34XH-6G3W OpenClaw Loopback CDP probe can leak Gateway token to local listener

Summary A local process can capture the OpenClaw Gateway auth token from Chrome CDP probe traffic on loopback. Details Affected versions inject x-openclaw-relay-token for loopback CDP URLs, and CDP reachability probes send that header to /json/version. If an attacker controls the probed loopback...

OpenClaw Loopback CDP probe can leak Gateway token to local listener

Summary A local process can capture the OpenClaw Gateway auth token from Chrome CDP probe traffic on loopback. Details Affected versions inject x-openclaw-relay-token for loopback CDP URLs, and CDP reachability probes send that header to /json/version. If an attacker controls the probed loopback...

PT-2026-23050

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 145.0.7632.159 Description An object lifecycle issue in the DevTools component of Google Chrome allowed an attacker to potentially exploit heap corruption. This exploitation could occur if a user was convinced t...

PT-2026-26006

Summary A local process can capture the OpenClaw Gateway auth token from Chrome CDP probe traffic on loopback. Details Affected versions inject x-openclaw-relay-token for loopback CDP URLs, and CDP reachability probes send that header to /json/version. If an attacker controls the probed loopback...

KLA90908 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Integer overflow vulnerability in ANGLE can be exploited to cause execute arbitrary code and...

Microsoft Edge (Chromium) < 145.0.3800.82 Multiple Vulnerabilities

The version of Microsoft Edge installed on the remote Windows host is prior to 145.0.3800.82. It is, therefore, affected by multiple vulnerabilities as referenced in the February 26, 2026 advisory. - Out of bounds read and write in Tint in Google Chrome on Mac prior to 145.0.7632.116 allowed a...

Chromium: CVE-2026-3063 Inappropriate implementation in DevTools

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

OPENSUSE-SU-2026:20277-1 Security update for chromium

This update for chromium fixes the following issues: Changes in chromium: - Chromium 145.0.7632.116 boo1258733: CVE-2026-3061: Out of bounds read in Media CVE-2026-3062: Out of bounds read and write in Tint CVE-2025-3063: Inappropriate implementation in DevTools...

📄 Google Chrome 145.0.7632.117 DevTools Injection

A high-severity vulnerability was identified in the DevTools component of Google Chrome versions prior to 145.0.7632.117. The issue stems from an inappropriate implementation that allowed insufficient isolation between Chrome extensions and privileged DevTools pages. If a user was convinced to...

KLA90907 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to cause denial of service. Below is a complete list of vulnerabilities: 1. Out of bounds memory read and write vulnerability in Tint can be exploited to cause denial of service. 2. Out of...

Malicious code in react-devtools-raycast (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 389c48f69049121e3e54751b68803d75bb5d571de2c8caf9c5e5d21f970612f0 The package react-devtools-raycast was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-1039 Malicious code in react-devtools-raycast (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 389c48f69049121e3e54751b68803d75bb5d571de2c8caf9c5e5d21f970612f0 The package react-devtools-raycast was found to contain malicious code. Source: ossf-package-analysis...

SUSE CVE-2026-3063

Inappropriate implementation in DevTools in Google Chrome prior to 145.0.7632.116 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via DevTools. Chromium security severity: High...

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2026:0062-1 Rating: important References: 1258733 Cross-References: CVE-2025-3063 CVE-2026-3061 CVE-2026-3062 Affected Products: openSUSE Backports SLE-15-SP6 An update that fixes three vulnerabilities is now...