CVE-2026-11106

Summary: CVE-2026-11106 describes an inappropriate implementation in Media in Google Chrome (Chromium-based) prior to 149.0.7827.53 that allowed a remote attacker to leak cross-origin data via a crafted HTML page. The vulnerability affects the Chrome/Chromium media pipeline and is rated Medium se...

CVE-2026-11106

Inappropriate implementation in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-11106

Inappropriate implementation in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-11091

CVE-2026-11091 affects Dawn in Google Chrome prior to version 149.0.7827.53. The root cause is an inappropriate implementation that enables out-of-bounds memory access via a crafted HTML page. Impact is described as potentially enabling a remote attacker to cause memory access violations; CVSS me...

CVE-2026-11023

The CVE-2026-11023 issue affects Google Chrome prior to 149.0.7827.53 and is caused by an inappropriate implementation in the WebAppInstalls component. The vulnerability could allow a remote attacker who has compromised the renderer process to bypass the same-origin policy via a crafted HTML page...

CVE-2026-10989

CVE-2026-10989 affects Google Chrome’s V8 engine prior to version 149.0.7827.53 . The weakness stems from an inappropriate implementation in V8 , allowing a remote attacker to potentially exploit a heap corruption vulnerability via a crafted HTML page after convincing a user to perform specific U...

CVE-2026-10937

The CVE-2026-10937 entry describes an issue in Google Chrome related to the Passwords component. Root cause: an inappropriate implementation in Passwords in Chrome prior to 149.0.7827.53 that allowed a remote attacker to bypass the same-origin policy via a crafted HTML page. Impact: enables SOP b...

PT-2026-46772

Inappropriate implementation in Payments in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

PT-2026-49122

This crate provides Rust bindings to ML-KEM FIPS 203 via C implementations from PQClean. The PQClean project is being archived in or after July 2026 see PQClean/PQClean604, after which no further security patches or bug fixes will be applied to the upstream implementations. As a result, this crat...

PT-2026-46765

Inappropriate implementation in DevTools in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. Chromium security severity: Low...

PT-2026-46787

Inappropriate implementation in Permissions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Low...

PT-2026-46784

Inappropriate implementation in Browser in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...

PT-2026-46513

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.53 Description An inappropriate implementation in the Accessibility component allows a remote attacker to perform UI spoofing via a crafted HTML page. UI spoofing is a technique where an...

HCL iControl 安全漏洞

HCL iControl is an IT infrastructure monitoring and automation platform developed by the Indian company HCL. HCL iControl has a security vulnerability, which stems from weak input validation. This issue arises due to incorrect validation of input types during the implementation of architectural...

CVE-2026-8874 CVE-2026-8874

Version 3.0.7 of the Securly Chrome Extension downloads JSON files containing crisis alert keywords and filtering rules over unencrypted HTTP via the Fetch API. Other endpoints in the same extension correctly fetch IWF and CIPA data over HTTPS, demonstrating an inconsistent implementation of TLS...

PT-2026-46495

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in Codecs allows a remote attacker to potentially perform a sandbox escape by using a crafted video file. A sandbox escape is a technique used to break o...

PT-2026-46745

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in Navigation allows a remote attacker to bypass navigation restrictions by using a crafted HTML page. Recommendations Update to version 149.0.7827.53 or...

PT-2026-46755

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in the Enterprise component allows a local attacker with physical access to the device to perform privilege escalation. Recommendations Update to version...

PT-2026-46703

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in the Media component allows a remote attacker to leak cross-origin data, which is information from a different origin than the one that initiated the...

PT-2026-46661

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in the Media component allows a remote attacker to leak cross-origin data, which is information from a different origin than the one that initiated the...