SUSE CVE-2026-11036

Inappropriate implementation in DOM in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...

DEBIAN-CVE-2026-11036

Inappropriate implementation in DOM in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-11036

Inappropriate implementation in DOM in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-11036

CVE-2026-11036 affects Google Chrome before 149.0.7827.53 due to an inappropriate implementation in the DOM, enabling a remote attacker to bypass the same-origin policy via a crafted HTML page. The vulnerability is described across multiple sources (NVD/EUVD/CIRCL sighting) with the same core det...

CVE-2026-7907

CVE-2026-7907 is a use-after-free in the DOM exposed by Google Chrome up to version 148.0.7778.96. The vulnerability could allow a remote attacker to execute arbitrary code inside the Chrome sandbox via a crafted HTML page. Affected product: Google Chrome (Desktop/Mobile Chrome 148 series). The C...

chromium-browser: same-origin bypass in DOM

The DOM implementation in Google Chrome before 48.0.2564.109 does not properly restrict frame-attach operations from occurring during or after frame-detach operations, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, related to FrameLoader.cpp,...

Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....

One bug to rule them all IE5,IE6,IE7,IE8,Netscape,Firefox,Safari,Opera,Konqueror, Seamonkey,Wii,PS3,iPhone,iPod,Nokia,Siemens.... and more. Update/Changes : ---------------- Backround : + I failed to include details about the nature of the bug DOM, the root cause is a DOM flaw and not a Javascrip...