15844 matches found
CVE-2026-13031
Use after free in Blink in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...
CVE-2026-13021
Inappropriate implementation in DeviceBoundSessionCredentials in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...
CVE-2026-13025
Race in DevTools in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
CVE-2026-13036
The CVE-2026-13036 entry documents a use-after-free in Blink of Google Chrome before 149.0.7827.197, enabling a remote attacker to execute arbitrary code inside the sandbox via a crafted HTML page. Affected component: Blink (Chromium-based crawler). Root cause: use-after-free in Blink logic; impa...
CVE-2026-13034
Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...
CVE-2026-13034
Vulnerability summary (CVE-2026-13034). In Google Chrome, an inappropriate implementation in the Passwords component before version 149.0.7827.197 allows a remote attacker who has compromised the renderer process to bypass site isolation via a crafted HTML page. The issue is tied to Chromium’s se...
CVE-2026-13030
Uninitialized Use in GPU in Google Chrome on Android prior to 149.0.7827.197 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...
CVE-2026-13031
Use after free in Blink in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...
EUVD-2026-39041
Use after free in Digital Credentials in Google Chrome on Mac prior to 149.0.7827.197 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
CVE-2026-13027
Use after free in FileSystem in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
CVE-2026-13025
Race in DevTools in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
CVE-2026-13025
CVE-2026-13025 describes a race in DevTools of Google Chrome prior to 149.0.7827.197 that could allow a remote attacker, who already compromised the renderer process, to potentially escape the sandbox via a crafted HTML page. The issue is rated High (CVSS v3.1: AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H...
EUVD-2026-39036
Inappropriate implementation in DeviceBoundSessionCredentials in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...
CVE-2026-13038
Use-after-free in Chrome’s Autofill on Windows exploited via a crafted HTML page could allow remote code execution. Affected versions are Chrome on Windows before 149.0.7827.197. If exploiting, attacker could take arbitrary code execution; impact is severe (CVE-2026-13038). The cited sources indi...
EUVD-2026-39033
Use after free in WebGL in Google Chrome on Android prior to 149.0.7827.197 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...
EUVD-2026-39032
Use after free in WebGL in Google Chrome on Android prior to 149.0.7827.197 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...
Astra Linux – Vulnerability in Chromium
Insufficient data validation in the File System API of Google Chrome prior to version 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
A heap buffer overflow vulnerability in Google Chrome’s Media component on Linux, prior to version 88.0.4324.182, allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in the Referrer component in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Inappropriate implementations of WebAuthentication in Google Chrome prior to version 96.0.4664.45 allowed a remote attacker to leak cross-origin data through a crafted HTML page...