CVE-2026-10937

The CVE-2026-10937 entry describes an issue in Google Chrome related to the Passwords component. Root cause: an inappropriate implementation in Passwords in Chrome prior to 149.0.7827.53 that allowed a remote attacker to bypass the same-origin policy via a crafted HTML page. Impact: enables SOP b...

CVE-2026-10937

Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...

CVE-2026-10937

Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...

CVE-2026-10937

Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...

CVE-2026-10922

Insufficient validation of untrusted input in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass same origin policy via malicious network traffic. Chromium security severity: High...

CVE-2026-10922

CVE-2026-10922 affects Google Chrome’s DevTools prior to 149.0.7827.53. The issue is caused by insufficient validation of untrusted input, allowing a remote attacker to bypass the same-origin policy when a user is induced to perform specific UI gestures in the context of malicious network traffic...

CVE-2026-10922

Insufficient validation of untrusted input in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass same origin policy via malicious network traffic. Chromium security severity: High...

CVE-2026-10922

Insufficient validation of untrusted input in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass same origin policy via malicious network traffic. Chromium security severity: High...

CVE-2026-10912

Insufficient validation of untrusted input in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. Chromium security severity: High...

CVE-2026-10912

Insufficient validation of untrusted input in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. Chromium security severity: High...

CVE-2026-10912

CVE-2026-10912 affects Google Chrome extensions. The issue is caused by insufficient validation of untrusted input in Extensions, allowing a remote attacker who has compromised the renderer process to bypass the same-origin policy via a crafted HTML page. The vulnerability is tied to Chrome versi...

CVE-2026-10912

Insufficient validation of untrusted input in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. Chromium security severity: High...

RLSA-2026:21380 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: Incorrect boundary conditions in the JavaScript Engine: JIT component CVE-2026-8388 firefox: Other issue in the JavaScript Engine component CVE-2026-8391 firefo...

PT-2026-46771

Insufficient validation of untrusted input in WebAuthentication in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...

PT-2026-46773

Insufficient validation of untrusted input in IndexedDB in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...

PT-2026-46825

Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...

PT-2026-46752

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.53 Description Insufficient policy enforcement in the PreviewTab allows a remote attacker to bypass the same origin policy—a security mechanism that restricts how a document or script loade...

PT-2026-46818

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.53 Description An inappropriate implementation in Android Autofill allows a remote attacker to bypass the same origin policy, which is a security mechanism that restricts how a document or...

PT-2026-46786

Insufficient validation of untrusted input in Cast in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...

firefox: Same-origin policy bypass in the Networking: HTTP component

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the Networking: HTTP component...