58 matches found
EUVD-2026-33196
Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. Chromium security severity: High...
CVE-2026-8550
Use after free in Google Lens in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...
CVE-2026-8579
CVE-2026-8579 concerns insufficient validation of untrusted input in Skia within Google Chrome before 148.0.7778.168. The underlying issue allows a remote attacker who has already compromised the renderer process to trigger an out-of-bounds memory write via a crafted print file. Affected componen...
PT-2026-41112
Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 148.0.7778.168 Description Insufficient policy enforcement in WebXR allows a remote attacker who has compromised the renderer process to obtain potentially sensitive information from process memory vi...
PT-2026-41042
Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 148.0.7778.168 Description A use after free issue in Input allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Use after...
Electerm's full process.env exposed to renderer via window.pre.env
Impact The getConstants IPC handler in src/app/lib/ipc-sync.js serialises the entire process.env object and sends it to the renderer. The data is stored as window.pre.env and is accessible from any JavaScript running in the renderer e.g., via the DevTools console or a compromised webview context...
CVE-2026-43942
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In versions 3.8.15 and prior, the getConstants IPC handler in src/app/lib/ipc-sync.js serialises the entire process.env object and sends it to the renderer. The data is stored as window.pre.env and is...
CVE-2026-43942
electerm versions 3.8.15 and prior are affected by an IPC vulnerability: the getConstants() handler serialises the entire process.env and exposes it to the renderer as window.pre.env. Any attacker able to execute JavaScript in the renderer could exfiltrate these secrets to a remote server, enabli...
CVE-2026-43942 electerm: Full process.env exposed to renderer via window.pre.env in electerm
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In versions 3.8.15 and prior, the getConstants IPC handler in src/app/lib/ipc-sync.js serialises the entire process.env object and sends it to the renderer. The data is stored as window.pre.env and is...
CVE-2026-43942 electerm: Full process.env exposed to renderer via window.pre.env in electerm
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In versions 3.8.15 and prior, the getConstants IPC handler in src/app/lib/ipc-sync.js serialises the entire process.env object and sends it to the renderer. The data is stored as window.pre.env and is...
EUVD-2026-28117
Insufficient validation of untrusted input in Cast in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. Chromium security severity: Low...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a security vulnerability. This vulnerability stemmed from insufficient trusted input validation in Dialog. It could allow remote attackers with access to the renderer process to...
Google Chrome 输入验证错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a vulnerability related to input validation errors. This vulnerability stemmed from insufficient input validation in Media components, which could allow a remote attacker with access...
Google Chrome 输入验证错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a vulnerability related to input validation. This vulnerability stemmed from insufficient input validation by the Popup Blocker, which could allow a remote attacker with access to th...
DEBIAN-CVE-2026-7357
Use after free in GPU in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
CVE-2026-6919
CVE-2026-6919 is a use-after-free in Google Chrome’s DevTools prior to 147.0.7727.117 that could allow a remote attacker who already compromised the renderer process to escape the Chrome sandbox via a crafted HTML page. Documents from NVD/NVD mirrors and Debian/EU data confirm the vulnerability d...
SUSE CVE-2026-6310
Use after free in Dawn in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
CVE-2026-34765
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5, when a renderer calls window.open with a target name, Electron did not correctly scope the named-window lookup to the opener's browsing...
PT-2026-29455
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 146.0.7680.178 Description An integer overflow in ANGLE on Windows allowed a remote attacker who had compromised the renderer process to perform an out-of-bounds memory write via a crafted HTML page...
CVE-2025-11205
Heap buffer overflow in WebGPU in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...