Chrome flaw let extensions hijack Gemini’s camera, mic, and file access

Chrome’s Gemini “Live in Chrome” panel Gemini’s embedded, agent-style assistant mode within Chrome had a high‑severity vulnerability tracked as CVE‑2026‑0628. The flaw let a low‑privilege extension inject code into the Gemini side panel and inherit its powerful capabilities, including local file...

CVE-2025-55194 Part-DB Persistent Denial of Service via Uncaught Exception from Misleading File Extension in Avatar Upload

Part-DB is an open source inventory management system for electronic components. Prior to version 1.17.3, any authenticated user can upload a profile picture with a misleading file extension e.g., .jpg.txt, resulting in a persistent 500 Internal Server Error when attempting to view or edit that...

OESA-2024-1976 firefox security update

Mozilla Firefox is a standalone web browser, designed for standards compliance and performance. Its functionality can be enhanced via a plethora of extensions. Security Fixes: By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were...

DataEase Code Issues Vulnerabilities

DataEase is an open source data visualization and analysis tool. It is used to help users quickly analyze data and gain insight into business trends to achieve business improvement and optimization. A code issue vulnerability exists in DataEase versions prior to 1.18.11. The vulnerability stems...

SUSE CVE-2015-1226

The DebuggerFunction::InitAgentHost function in browser/extensions/api/debugger/debuggerapi.cc in Google Chrome before 41.0.2272.76 does not properly restrict what URLs are available as debugger targets, which allows remote attackers to bypass intended access restrictions via a crafted extension...

Malicious code in mtaplotlib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx fa94624916f2154c92d5d4bc58878b0c1afbd89413c05c76afc7b9e7813b5515 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

Malicious code in matploltib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 27c4076980d837a8fba8cb31f2ff317a0c54ba79039f74e735f41f7d9b107108 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

Microweber Unrestricted File Upload Vulnerability

Microweber is an online store management system that provides drag and drop functionality from the Microweber community in the United States. The system includes modules for adding products, images, and more. A security vulnerability exists in the Microweber administrator account page. An attacke...

The vulnerability of Google Chrome, related to errors in managing permissions, privileges, and access control, allows a perpetrator to gain access to files in the local file system using a specially created extension.

The vulnerability of Google Chrome relates to errors in the frame navigation function of Blink. Exploiting this vulnerability can allow an attacker to gain access to files on the local file system using a specially created extension...

chromium-browser: UI spoof in Extensions

Eliding from the wrong side in an infobar in DevTools in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to Hide Chrome Security UI via a crafted Chrome Extension...

UBUNTU-CVE-2015-1226

The DebuggerFunction::InitAgentHost function in browser/extensions/api/debugger/debuggerapi.cc in Google Chrome before 41.0.2272.76 does not properly restrict what URLs are available as debugger targets, which allows remote attackers to bypass intended access restrictions via a crafted extension...

CVE-2002-0299

CNet CatchUp before 1.3.1 allows attackers to execute arbitrary code via a .RVP file that creates a file with an arbitrary extension such as .BAT, which is executed during a scan...