CVE-2026-11648

CVE-2026-11648 is a use-after-free in FullScreen on Windows Chrome prior to 149.0.7827.103, potentially enabling heap corruption via a crafted HTML page. Affected software: Google Chrome (Windows). Root cause: use-after-free in FullScreen path. Impact: remote code execution risk (as implied by he...

CVE-2026-10908

Use after free in FullScreen in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

Chromium: CVE-2026-7917 Use after free in Fullscreen

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

EUVD-2026-27919

Use after free in Fullscreen in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-7908

Use after free in Fullscreen in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-7917

CVE-2026-7917 describes a use-after-free in Chrome’s Fullscreen handling on Windows, prior to version 148.0.7778.96. A remote attacker who has already compromised the renderer could potentially escape the sandbox via a crafted HTML page. The issue is tied to Google Chrome/Chromium security fixes ...

KLA91026 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, execute arbitrary code, obtain sensitive information. Below is a complete list of vulnerabilities: 1. A remote code execution...

PT-2025-47790

This vulnerability allowed a site to enter fullscreen, after a user click, without a full-screen notification toast appearing. Without this notification, users could potentially be misled about what site they were on if a malicious site renders a fake UI like a fake address bar...

EUVD-2022-48276

Malicious code in bioql PyPI...

EUVD-2023-58453

Malicious code in bioql PyPI...

PT-2025-46929

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 128.0.6613.84 Description A flaw exists in the Fullscreen implementation of Google Chrome. This issue could allow a remote attacker to perform UI spoofing through a specially designed HTML page. Recommendations...

The vulnerability of the Fullscreen component in Google Chrome and Microsoft Edge browsers allows a malicious actor to gain unauthorized access to limited functionality.

The vulnerability of the Fullscreen component in Google Chrome and Microsoft Edge is related to lack of access control. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to limited functionality...

Google Chrome 安全漏洞

Google Chrome is a web browser by Google, Inc. A security vulnerability exists in Google Chrome prior to version 116.0.5845.96, which stems from an improper implementation of Fullscreen and allows remote attackers to obfuscate the security UI via a crafted HTML page...

PT-2023-4458 · Google +2 · Google Chrome +2

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 116.0.5845.96 Description: The issue is related to an inappropriate implementation in Fullscreen in Google Chrome on Android, which allowed a remote attacker to potentially spoof the contents of the Omnibox URL...

Spoofing

A background script invoking requestFullscreen and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

CVE-2023-25730

A background script invoking requestFullscreen and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

CVE-2022-22741

When resizing a popup while requesting fullscreen access, the popup would have become unable to leave fullscreen mode. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird 91.5...

CVE-2022-22743

When navigating from inside an iframe while requesting fullscreen access, an attacker-controlled tab could have made the browser unable to leave fullscreen mode. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird 91.5...

CVE-2022-31738

When exiting fullscreen mode, an iframe could have confused the browser about the current state of fullscreen, resulting in potential user confusion or spoofing attacks. This vulnerability affects Thunderbird 91.10, Firefox 101, and Firefox ESR 91.10...

CVE-2022-22741

When resizing a popup while requesting fullscreen access, the popup would have become unable to leave fullscreen mode. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird 91.5...