7001 matches found
CVE-2026-14023
Insufficient validation of untrusted input in SanitizerAPI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13959
The CVE-2026-13959 entry describes an issue in Blink (Chrome) where insufficient validation of untrusted input allows a remote attacker to bypass the Same Origin policy via a crafted HTML page. Affected software is Google Chrome (Blink engine) with versions prior to 150.0.7871.47. The impact is a...
CVE-2026-13959
Insufficient validation of untrusted input in Blink in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13959
Insufficient validation of untrusted input in Blink in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13924
Insufficient validation of untrusted input in WebView in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13924
Insufficient validation of untrusted input in WebView in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13924
CVE-2026-13924 affects WebView in Google Chrome on Android, prior to version 150.0.7871.47. The issue is insufficient validation of untrusted input in WebView, allowing a remote attacker who already compromised the renderer process to bypass the same-origin policy via a crafted HTML page. The vul...
CVE-2026-13921
The set of connected records confirms CVE-2026-13921 affects Google Chrome (Chromium-based) via the DeviceBoundSessionCredentials component where insufficient validation of untrusted input enables a remote bypass of the same-origin policy through a crafted HTML page. The vulnerability is describe...
CVE-2026-13921
Insufficient validation of untrusted input in DeviceBoundSessionCredentials in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13881
CVE-2026-13881 details (concrete): In Google Chrome (Chromium WebAppInstalls) before version 150.0.7871.47, an inappropriate implementation allows a remote attacker to bypass the same-origin policy via a crafted HTML page. This is a network-exploitable issue with user interaction required and pot...
CVE-2026-13881
Inappropriate implementation in WebAppInstalls in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13881
Inappropriate implementation in WebAppInstalls in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13839
Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...
CVE-2026-13839
Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...
CVE-2026-13839
CVE-2026-13839 corresponds to an issue in Google Chrome (CSS handling) where an inappropriate CSS implementation allowed a remote attacker to bypass the same-origin policy via a crafted HTML page. Affected software: Google Chrome prior to version 150.0.7871.47. Root cause: CSS/HTML rendering path...
CVE-2026-13838
CVE-2026-13838 affects Google Chrome (Chromium-based) due to an inappropriate CSS implementation that permits bypassing the same-origin policy via a crafted HTML page. Affects versions prior to 150.0.7871.47; impact is a policy bypass (high severity). No exploit details or in-the-wild data provid...
CVE-2026-13838
Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...
CVE-2026-13838
Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...
CVE-2026-13822
Inappropriate implementation in Extensions in Google Chrome on Android prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension. Chromium security severity: High...
CVE-2026-13822
CVE-2026-13822 affects Google Chrome on Android prior to version 150.0.7871.47. The issue is an inappropriate implementation in Chrome Extensions that lets an attacker who persuades a user to install a malicious extension bypass the same-origin policy via a crafted Chrome Extension. Impact is des...