379 matches found
EUVD-2026-34750
Side-channel information leakage in Paint in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...
EUVD-2026-34603
Insufficient policy enforcement in Paint in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...
EUVD-2026-34600
Inappropriate implementation in Paint in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...
EUVD-2026-34594
Insufficient policy enforcement in Paint in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...
EUVD-2026-34593
Insufficient policy enforcement in Paint in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-11289
Side-channel information leakage in Paint in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...
CVE-2026-11139
Inappropriate implementation in Paint in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-11142
Insufficient policy enforcement in Paint in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-11132
Insufficient policy enforcement in Paint in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-11133
Insufficient policy enforcement in Paint in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-11289
CVE-2026-11289 : In Google Chrome, a side‑channel information leakage affects the Paint component, allowing a remote attacker to leak cross‑origin data via a crafted HTML page. The description notes the issue is present in Chrome before build 149.0.7827.53 (Chromium severity: Low). No explicit re...
CVE-2026-11289
Side-channel information leakage in Paint in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...
CVE-2026-11142
CVE-2026-11142 describes an insufficient policy enforcement flaw in Chrome’s Paint component, enabling a remote attacker to bypass the same-origin policy through a crafted HTML page. The issue affects Google Chrome builds prior to 149.0.7827.53 and is categorized as Medium. The vulnerability aris...
CVE-2026-11142
Insufficient policy enforcement in Paint in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-11139
Inappropriate implementation in Paint in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-11139
Summary: CVE-2026-11139 relates to an inappropriate implementation in the Paint component of Google Chrome, allowing a remote attacker to leak cross-origin data via a crafted HTML page. The issue affects Chrome builds prior to 149.0.7827.53. The Connected documents indicate the vulnerability deta...
CVE-2026-11133
CVE-2026-11133 concerns Google Chrome (Paint) with insufficient policy enforcement, allowing a remote attacker to bypass the same-origin policy via a crafted HTML page. The vulnerability affects Chrome versions prior to 149.0.7827.53; update to 149.0.7827.53 or later to mitigate. This is document...
CVE-2026-11133
Insufficient policy enforcement in Paint in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-11132
CVE-2026-11132 concerns Google Chrome’s Paint component. The vulnerability arises from insufficient policy enforcement, enabling a remote attacker to bypass the Same Origin Policy through a crafted HTML page. The issue affects Chrome versions prior to 149.0.7827.53 (Chromium base). Impact is a po...
gimp: GIMP: Remote Code Execution via PSP file parsing
A flaw was found in GIMP. A remote attacker could exploit this vulnerability by enticing a user to open a specially crafted PSP PaintShop Pro file. This flaw is caused by a heap-based buffer overflow, where the application does not properly validate the length of user-supplied data. Successful...