CVE-2026-11172

An incorrect security ui flaw was found in the Contact Picker component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=502328201...

SUSE CVE-2026-11172

Incorrect security UI in Contact Picker in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

EUVD-2026-34633

Incorrect security UI in Contact Picker in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-11172

Incorrect security UI in Contact Picker in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

DEBIAN-CVE-2026-11172

Incorrect security UI in Contact Picker in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-11172

Incorrect security UI in Contact Picker in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-11172

Incorrect security UI in Contact Picker in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-11172

Technical details about CVE-2026-11172 are not publicly available in the provided documents; monitor sources for updates.

CVE-2026-11172

Incorrect security UI in Contact Picker in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-11172

Incorrect security UI in Contact Picker in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

PT-2026-46699

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.53 Description Incorrect security UI in the Contact Picker allows a remote attacker to perform UI spoofing via a crafted HTML page. UI spoofing is a technique where an attacker mimics a...

Astra Linux - уязвимость в batik

Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests...

Astra Linux - уязвимость в firefox

A ambiguous file picker design could have confused users who intended to select and upload a single file, into uploading an entire directory. This issue was addressed by adding a new prompt. This vulnerability affects Firefox versions earlier than 85...

Astra Linux - уязвимость в firefox, thunderbird

When creating a callback via IPC to display the Color Picker window, multiple identical callbacks might be created at once. Eventually, all of them would be destroyed as soon as one of the callbacks is completed. This could lead to a use-after-free condition, resulting in a potentially exploitabl...

Astra Linux - уязвимость в firefox, thunderbird

The date picker may partially obscure security prompts. A malicious site could use this feature to trick users into granting permissions. This vulnerability affects Firefox 129, Firefox ESR 115.14, Firefox ESR 128.1, Thunderbird 128.1, and Thunderbird 115.14...

Astra Linux - уязвимость в chromium

The inappropriate implementation of the File Picker in Google Chrome prior to version 139.0.7258.127 allowed a remote attacker who convinced a user to perform certain UI gestures to leak cross-origin data through a crafted HTML page. Chromium security severity: Medium...

Astra Linux - уязвимость в jqueryui

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the altField option from untrusted sources might execute untrusted code. This issue has been fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now treated as a CSS...

Astra Linux - уязвимость в jqueryui

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various Text options of the Datepicker widget from untrusted sources might execute untrusted code. This issue has been fixed in jQuery UI 1.13.0. The values passed to various Text options are...

Astra Linux - уязвимость в firefox, thunderbird

When creating a callback via IPC to display the File Picker window, multiple identical callbacks might be created at once. Eventually, all of them would be destroyed as soon as one of the callbacks is completed. This could lead to a use-after-free condition, resulting in a potentially exploitable...

@antv/g-mobile-svg (>=1.0.0 <=1.0.46), @antv/g-plugin-rough-svg-renderer (>=2.0.0 <=2.0.47) +2 more potentially affected by unknown CVE via @antv/g-plugin-svg-picker (>=2.0.0 <=2.0.9)

@antv/g-plugin-svg-picker NPM version =2.0.0, =1.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.46 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3953...