Lucene search
+L

90 matches found

EUVD
EUVD
added 2026/07/01 12:34 a.m.8 views

EUVD-2026-40798

Use after free in WebProtect in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. Chromium security severity: Low...

6.1AI score0.00306EPSS
Exploits0References3
CVE
CVE
added 2026/06/30 10:38 p.m.31 views

CVE-2026-13864

CVE-2026-13864 affects Google Chrome WebHID. Prior to version 150.0.7871.47, insufficient policy enforcement allowed an attacker to escalate privileges by convincing a user to install a crafted Chrome Extension. Impact: local privilege escalation; exploitation requires user interaction (installin...

8.1CVSS5.8AI score0.00269EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.9 views

PT-2026-54356

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient policy enforcement in DevTools allows an attacker to obtain potentially sensitive information from process memory. This occurs if an attacker convinces a user to install a...

9.8CVSS5.9AI score0.00413EPSS
Exploits0References448
EUVD
EUVD
added 2026/06/24 6:43 p.m.5 views

EUVD-2026-39043

Use after free in Web Authentication in Google Chrome prior to 149.0.7827.197 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. Chromium security severity: High...

7.5CVSS5.9AI score0.00149EPSS
Exploits0References2
CVE
CVE
added 2026/06/08 11:27 p.m.30 views

CVE-2026-11644

CVE-2026-11644 describes a use-after-free in the Views component of Google Chrome on Linux, allowing code execution via a crafted Chrome Extension when a user is convinced to install a malicious extension. Affected software: Google Chrome (Linux) with the vulnerable Views code path. Root cause: u...

7.5CVSS6AI score0.00202EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/04 11:17 p.m.9 views

DEBIAN-CVE-2026-10997

Insufficient policy enforcement in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. Chromium security severity: Medium...

6.5CVSS5.4AI score0.00241EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/04 11:5 p.m.10 views

CVE-2026-11126

Inappropriate implementation in DevTools in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. Chromium security severity: Medium...

4.3CVSS5.4AI score0.00142EPSS
Exploits0
CVE
CVE
added 2026/06/04 11:4 p.m.26 views

CVE-2026-11062

CVE-2026-11062 affects Google Chrome extensions: insufficient policy enforcement in Extensions allows an attacker to inject scripts/HTML into a privileged page when a user installs a crafted malicious extension. Impact is partial integrity compromise of privileged pages; exploit not confirmed in ...

4.3CVSS5.8AI score0.00135EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/28 10:25 p.m.39 views

CVE-2026-9964

Use after free in Bluetooth in Google Chrome on Mac prior to 148.0.7778.216 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. Chromium security severity: High...

0.00233EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/05/28 10:25 p.m.11 views

CVE-2026-9881

Use after free in Bluetooth in Google Chrome on Mac prior to 148.0.7778.216 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. Chromium security severity: Critical...

9CVSS5.8AI score0.00203EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.10 views

PT-2026-44590

Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 148.0.7778.216 Description A use after free issue exists in the Bluetooth component. An attacker who convinces a user to install a malicious extension could potentially perform a sandbox escape—a process ...

9.6CVSS5.8AI score0.00368EPSS
Exploits0References155
Vulnrichment
Vulnrichment
added 2026/05/15 9:26 p.m.9 views

CVE-2026-45315 Open WebUI: Stored XSS via attacker-controlled file extension in /api/v1/audio/transcriptions

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the audio transcription upload endpoint takes the file extension from the user-supplied filename and saves the file under CACHEDIR/audio/transcriptions/.. The /cache/path route serve...

8.7CVSS5.8AI score0.0018EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/14 7:52 p.m.16 views

EUVD-2026-30384

Inappropriate implementation in Downloads in Google Chrome on Mac prior to 148.0.7778.168 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. Chromium security severity: Medium...

4.7CVSS5.8AI score0.00134EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/05/08 2:26 a.m.11 views

SUSE CVE-2026-7941

Insufficient validation of untrusted input in Mobile in Google Chrome on Android prior to 148.0.7778.96 allowed a local attacker to inject arbitrary scripts or HTML UXSS via a crafted Chrome Extension. Chromium security severity: Medium...

4.4CVSS5.9AI score0.00112EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/08 2:25 a.m.11 views

SUSE CVE-2026-8008

Inappropriate implementation in DevTools in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. Chromium security severity: Low...

5.4CVSS5.8AI score0.00121EPSS
Exploits0References3
NVD
NVD
added 2026/05/06 7:16 p.m.6 views

CVE-2026-7962

Insufficient policy enforcement in DirectSockets in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform arbitrary read/write via a crafted Chrome Extension. Chromium security severity: Medium...

5.4CVSS0.00171EPSS
Exploits0References2
NVD
NVD
added 2026/05/06 7:16 p.m.9 views

CVE-2026-7940

Use after free in V8 in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code inside a sandbox via a crafted Chrome Extension. Chromium security severity: Medium...

8.8CVSS0.00196EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/06 6:12 p.m.36 views

CVE-2026-7940

Use after free in V8 in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code inside a sandbox via a crafted Chrome Extension. Chromium security severity: Medium...

0.00196EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/04/08 9:21 p.m.11 views

CVE-2026-5914

Type Confusion in CSS in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. Chromium security severity: Low...

8.8CVSS8.5AI score0.00164EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/04/08 9:21 p.m.4 views

CVE-2026-5914

Type Confusion in CSS in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. Chromium security severity: Low...

5.9AI score0.00164EPSS
Exploits0References2
Rows per page
Query Builder