CVE-2026-1504

Inappropriate implementation in Background Fetch API in Google Chrome prior to 144.0.7559.110 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

CVE-2026-1504

Inappropriate implementation in Background Fetch API in Google Chrome prior to 144.0.7559.110 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

EUVD-2026-4737

Inappropriate implementation in Background Fetch API in Google Chrome prior to 144.0.7559.110 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

CVE-2026-1504

Inappropriate implementation in Background Fetch API in Google Chrome prior to 144.0.7559.110 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

CVE-2026-1504

Inappropriate implementation in Background Fetch API in Google Chrome prior to 144.0.7559.110 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

PT-2026-5021

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 144.0.7559.110 Description An issue in the Background Fetch API in Google Chrome allowed a remote attacker to leak cross-origin data through a specially crafted HTML page. The security severity is rated as High...

Stable Channel Update for Desktop

The Stable channel has been updated to 144.0.7559.109/.110 for Windows/Mac and 144.0.7559.109 for Linux, which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log. Security Fixes and Rewards Note: Access to bug details and links may be kept...

Google Chrome < 144.0.7559.109 Vulnerability

The version of Google Chrome installed on the remote macOS host is prior to 144.0.7559.109. It is, therefore, affected by a vulnerability as referenced in the 202601stable-channel-update-for-desktop27 advisory. - Inappropriate implementation in Background Fetch API in Google Chrome prior to...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from an information disclosure vulnerability, which is caused due to improper implementation in the backend fetch AP. An attacker can exploit the vulnerability to disclose cross-origin data...

Google Chrome < 144.0.7559.109 Vulnerability

The version of Google Chrome installed on the remote Windows host is prior to 144.0.7559.109. It is, therefore, affected by a vulnerability as referenced in the 202601stable-channel-update-for-desktop27 advisory. - Inappropriate implementation in Background Fetch API in Google Chrome prior to...

chromium -- security fix

Chrome Releases reports: This update includes 1 security fix: 474435504 High CVE-2026-1504: Inappropriate implementation in Background Fetch API. Reported by Luan Herrera @lbherrera on 2026-01-09...

CVE-2025-71153 ksmbd: Fix memory leak in get_file_all_info()

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix memory leak in getfileallinfo In getfileallinfo, if vfsgetattr fails, the function returns immediately without freeing the allocated filename, leading to a memory leak. Fix this by freeing the filename before returning...

Azure Linux 3.0 Security Update: kernel (CVE-2025-37944)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-37944 advisory. - In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix invalid entry fetch in...

CVE-2026-24048

Backstage is an open framework for building developer portals, and @backstage/backend-defaults provides the default implementations and setup for a standard Backstage backend app. Prior to versions 0.12.2, 0.13.2, 0.14.1, and 0.15.0, the FetchUrlReader component, used by the catalog and other...

CVE-2026-24048

CVE-2026-24048 affects Backstage FetchUrlReader in @backstage/backend-defaults prior to v0.12.2, v0.13.2, v0.14.1, and v0.15.0. The component would follow HTTP redirects, enabling an attacker who controls a host in backend.reading.allow to redirect requests to internal/sensitive URLs outside the ...

CVE-2026-24048 Backstage has a Possible SSRF when reading from allowed URL's in `backend.reading.allow`

Backstage is an open framework for building developer portals, and @backstage/backend-defaults provides the default implementations and setup for a standard Backstage backend app. Prior to versions 0.12.2, 0.13.2, 0.14.1, and 0.15.0, the FetchUrlReader component, used by the catalog and other...

CVE-2026-24048

Backstage is an open framework for building developer portals, and @backstage/backend-defaults provides the default implementations and setup for a standard Backstage backend app. Prior to versions 0.12.2, 0.13.2, 0.14.1, and 0.15.0, the FetchUrlReader component, used by the catalog and other...

Server-side Request Forgery (SSRF)

Overview @backstage/backend-defaults is a Backend defaults used by Backstage backend apps Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the FetchUrlReader component that automatically follows HTTP redirects. An attacker can access internal or sensitive...

Backstage Code Issues and Vulnerabilities

Backstage is an open-source application developed by Backstage. It serves as an open platform for building developer portals. Versions of Backstage prior to 0.12.2, 0.13.2, 0.14.1, and 0.15.0 contained code vulnerabilities. These vulnerabilities stemmed from the FetchUrlReader component’s automat...

CVE-2026-22219

Chainlit versions prior to 2.9.4 contain a server-side request forgery SSRF vulnerability in the /project/element update flow when configured with the SQLAlchemy data layer backend. An authenticated client can provide a user-controlled url value in an Element, which is fetched by the SQLAlchemy...