518 matches found
CVE-2026-13281
CVE-2026-13281 involves an integer overflow in Mojo, the Chromium IPC framework used by Google Chrome. A remote attacker who has already compromised the renderer process could potentially achieve a sandbox escape via a malicious file. Affected software: Google Chrome prior to 149.0.7827.201. Root...
CVE-2026-13024
CVE-2026-13024 : The issue is in Google Chrome’s Navigation logic, where insufficient validation of untrusted input in the renderer allows a remote attacker who has compromised the renderer process to bypass site isolation via a crafted HTML page. Affected product: Google Chrome (Chromium-based)....
Astra Linux – Vulnerability in Chromium
Integer overflow in Mojo in Google Chrome prior to version 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape through a crafted HTML page...
SUSE CVE-2026-12453
Insufficient validation of untrusted input in Input in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. Chromium security severity: High...
SUSE CVE-2026-12460
Insufficient policy enforcement in File System Access in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted PDF file. Chromium security severity: High...
SUSE CVE-2026-12463
Inappropriate implementation in Views in Google Chrome on Linux prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: High...
SUSE CVE-2026-12464
Use after free in Browser in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
SUSE CVE-2026-12465
Object lifecycle issue in Metrics in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
SUSE CVE-2026-12467
Use after free in Extensions in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
CVE-2026-12468
Race in Updater in Google Chrome on Mac prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
DEBIAN-CVE-2026-12465
Object lifecycle issue in Metrics in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
DEBIAN-CVE-2026-12463
Inappropriate implementation in Views in Google Chrome on Linux prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: High...
CVE-2026-12462
Use after free in Media in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...
CVE-2026-12454
Race in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
CVE-2026-12438
Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...
CVE-2026-12467
Use after free in Extensions in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
CVE-2026-12465
Object lifecycle issue in Metrics in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
CVE-2026-12463
The CVE-2026-12463 entry corresponds to an UXSS vulnerability in Google Chrome on Linux, caused by an inappropriate implementation in Views that allowed a compromised renderer to inject arbitrary scripts/HTML via a crafted HTML page. Affected product is Chrome on Linux, with the issue present pri...
CVE-2026-12464
CVE-2026-12464 : A use-after-free in the Google Chrome renderer before 149.0.7827.155 may allow a remote attacker who compromises the renderer to escape the sandbox via a crafted HTML page, per multiple sources. Affected software is Chrome browsers with the vulnerable Chromium component; the issu...
CVE-2026-12438
The CVE-2026-12438 entry corresponds to an issue in WebView for Google Chrome on Android, where an attacker who compromised the renderer process could escape the browser sandbox via a crafted HTML page. Affected product/vector: Android WebView in Chrome; root cause: inappropriate implementation i...