3136 matches found
CVE-2026-14155
CVE-2026-14155 describes an issue in Google Chrome's StorageAccessAPI where insufficient policy enforcement in versions prior to 150.0.7871.47 could allow a remote attacker to leak cross-origin data via a crafted HTML page. The Chromium entry lists the impact as Low severity. The vulnerability af...
CVE-2026-14081
The CVE describes an issue in Google Chrome’s DevTools where insufficient policy enforcement allowed a user-trust breach via a crafted Chrome extension. Affected software: Google Chrome (DevTools context) prior to version 150.0.7871.47. Root cause: insufficient policy enforcement in DevTools. Imp...
CVE-2026-14079
Vulnerability CVE-2026-14079 affects Google Chrome prior to version 150.0.7871.47 where insufficient policy enforcement in the browser network layer allowed a remote attacker to bypass the same-origin policy via a crafted HTML page. The issue is rated Low severity. Remediation: update to Chrome 1...
CVE-2026-14076
The CVE covers Google Chrome (Chromium-based) where the network component failed to enforce content security policy, enabling a remote attacker to bypass CSP with a crafted HTML page. Affected versions are Chrome prior to 150.0.7871.47. The vulnerability is categorized with a Low severity in Chro...
CVE-2026-14075
Chrome for iOS (Google Chrome on iOS) prior to version 150.0.7871.47 has insufficient policy enforcement that could allow a remote attacker to bypass the no-referrer policy via a crafted HTML page. Affected product: Chrome on iOS (Chromium-based). Root cause: policy enforcement gap in no-referrer...
CVE-2026-14059
Affected: Google Chrome (Chromium) Related-Website-Sets component. Issue: insufficient policy enforcement allowed a remote attacker to leak cross-origin data via a crafted HTML page. Root cause: policy enforcement gap in Related-Website-Sets prior to version 150.0.7871.47. Impact: cross-origin da...
CVE-2026-14053
CVE-2026-14053 concerns Google Chrome extensions and their policy enforcement. The vulnerability arises from insufficient policy enforcement in Chrome’s Extensions component, allowing, under a compromised renderer, leakage of cross-origin data via a crafted HTML page. Affected software is Google ...
CVE-2026-14054
CVE-2026-14054 affects Google Chrome prior to 150.0.7871.47 due to insufficient policy enforcement in the Network component, enabling a remote attacker to bypass navigation restrictions with a crafted HTML page. Root cause: policy enforcement weakness within Network handling. Affected product: Go...
CVE-2026-14047
CVE-2026-14047 affects Google Chrome’s Extension system. The vulnerability arises from insufficient policy enforcement in Chrome Extensions prior to version 150.0.7871.47, enabling an attacker who tricks a user into installing a malicious extension to bypass Content Security Policy via a crafted ...
CVE-2026-14041
CVE-2026-14041 describes insufficient policy enforcement in Chrome’s Serial component before version 150.0.7871.47, enabling a remote attacker to escalate privileges via a crafted HTML page. Affected software is Google Chrome (Chromium-derived); the issue is a low severity, as noted. The availabl...
CVE-2026-14003
Google Chrome before 150.0.7871.47 is affected by CVE-2026-14003 due to insufficient policy enforcement in Extensions. An attacker could lure a user into installing a malicious Chrome extension, enabling leakage of cross-origin data via the crafted extension. The vulnerability is described as a M...
CVE-2026-13978
Google Chrome before version 150.0.7871.47 has a vulnerability in PageInfo due to insufficient policy enforcement, enabling UI spoofing via a crafted HTML page. Affected product: Chrome (PageInfo component). Impact is UI spoofing; no exploitation details are provided beyond the described vector. ...
CVE-2026-13948
CVE-2026-13948 : Google Chrome suffers insufficient policy enforcement in Extensions prior to 150.0.7871.47, enabling an attacker who tricks a user into installing a malicious extension to perform UI spoofing via a crafted extension. Affected component: Chrome extensions policy enforcement. Root ...
CVE-2026-13949
The CVE-2026-13949 entry concerns Google Chrome on Android, where insufficient policy enforcement in the Payments component allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Affected software: Chrome on Android prior to version 150....
CVE-2026-13945
Affected software: Google Chrome on Linux. Issue: insufficient policy enforcement in Chrome Extensions allows UI spoofing when a user installs a malicious extension. Underlying cause: policy enforcement weakness in Extensions (details not provided). Impact: UI spoofing by a crafted extension as d...
CVE-2026-13930
CVE-2026-13930 affects Google Chrome prior to 150.0.7871.47 due to insufficient policy enforcement in the Actor component, enabling a remote attacker to bypass navigation restrictions with a crafted HTML page. The issue is described across the CVE records as a Chromium-based policy enforcement fl...
CVE-2026-13919
CVE-2026-13919 concerns insufficient policy enforcement in Google Chrome Extensions prior to 150.0.7871.47. A remote attacker who has already compromised the renderer process could bypass site isolation via a crafted HTML page. The vulnerability affects Chrome’s extension-related policy enforceme...
CVE-2026-13911
Google Chrome 150.x and earlier suffers an insufflcient policy enforcement vulnerability in the Spellcheck component. A remote attacker who has already compromised the renderer process can read potentially sensitive data from the process memory by presenting a crafted HTML page. The issue is tied...
CVE-2026-13909
CVE-2026-13909 affects Google Chrome through insufficient policy enforcement in DevTools, allowing a remote attacker who has already compromised the renderer process to potentially escape the sandbox via a crafted HTML page. The issue is tied to Chrome/Chromium code prior to version 150.0.7871.47...
CVE-2026-13903
CVE-2026-13903: Google Chrome Bluetooth policy enforcement flaw prior to 150.0.7871.47 could let a remote attacker escalate privileges via a crafted HTML page. This is documented across the CVE entries, confirming the affected software (Chrome) and vulnerability class (Bluetooth policy enforcemen...