CVE-2026-11129

This CVE concerns Google Chrome Extensions with an inappropriate implementation in Chrome prior to 149.0.7827.53. The issue allows a remote attacker to leak cross-origin data through a crafted HTML page, as described (Chromium security severity: Medium). Affected product: Chrome (Extensions compo...

CVE-2026-11122

Inappropriate implementation in Keyboard in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-11119

Inappropriate implementation in GPU in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-11119

Inappropriate implementation in GPU in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-11119

Inappropriate implementation in GPU in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-11106

Inappropriate implementation in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-11106

Inappropriate implementation in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-11106

Summary: CVE-2026-11106 describes an inappropriate implementation in Media in Google Chrome (Chromium-based) prior to 149.0.7827.53 that allowed a remote attacker to leak cross-origin data via a crafted HTML page. The vulnerability affects the Chrome/Chromium media pipeline and is rated Medium se...

CVE-2026-11091

CVE-2026-11091 affects Dawn in Google Chrome prior to version 149.0.7827.53. The root cause is an inappropriate implementation that enables out-of-bounds memory access via a crafted HTML page. Impact is described as potentially enabling a remote attacker to cause memory access violations; CVSS me...

CVE-2026-11023

The CVE-2026-11023 issue affects Google Chrome prior to 149.0.7827.53 and is caused by an inappropriate implementation in the WebAppInstalls component. The vulnerability could allow a remote attacker who has compromised the renderer process to bypass the same-origin policy via a crafted HTML page...

CVE-2026-10989

CVE-2026-10989 affects Google Chrome’s V8 engine prior to version 149.0.7827.53 . The weakness stems from an inappropriate implementation in V8 , allowing a remote attacker to potentially exploit a heap corruption vulnerability via a crafted HTML page after convincing a user to perform specific U...

CVE-2026-10937

The CVE-2026-10937 entry describes an issue in Google Chrome related to the Passwords component. Root cause: an inappropriate implementation in Passwords in Chrome prior to 149.0.7827.53 that allowed a remote attacker to bypass the same-origin policy via a crafted HTML page. Impact: enables SOP b...

PT-2026-46765

Inappropriate implementation in DevTools in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. Chromium security severity: Low...

PT-2026-46772

Inappropriate implementation in Payments in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

PT-2026-46513

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.53 Description An inappropriate implementation in the Accessibility component allows a remote attacker to perform UI spoofing via a crafted HTML page. UI spoofing is a technique where an...

PT-2026-46787

Inappropriate implementation in Permissions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Low...

PT-2026-46784

Inappropriate implementation in Browser in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...

CVE-2026-8874 CVE-2026-8874

Version 3.0.7 of the Securly Chrome Extension downloads JSON files containing crisis alert keywords and filtering rules over unencrypted HTTP via the Fetch API. Other endpoints in the same extension correctly fetch IWF and CIPA data over HTTPS, demonstrating an inconsistent implementation of TLS...

PT-2026-46703

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in the Media component allows a remote attacker to leak cross-origin data, which is information from a different origin than the one that initiated the...

PT-2026-46661

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in the Media component allows a remote attacker to leak cross-origin data, which is information from a different origin than the one that initiated the...