CVE-2026-10912

Insufficient validation of untrusted input in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. Chromium security severity: High...

CVE-2026-10912

Insufficient validation of untrusted input in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. Chromium security severity: High...

RLSA-2026:21380 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: Incorrect boundary conditions in the JavaScript Engine: JIT component CVE-2026-8388 firefox: Other issue in the JavaScript Engine component CVE-2026-8391 firefo...

PT-2026-46818

Inappropriate implementation in Android Autofill in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...

PT-2026-46752

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.53 Description Insufficient policy enforcement in the PreviewTab allows a remote attacker to bypass the same origin policy—a security mechanism that restricts how a document or script loade...

PT-2026-46771

Insufficient validation of untrusted input in WebAuthentication in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...

PT-2026-46825

Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...

PT-2026-46773

Insufficient validation of untrusted input in IndexedDB in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...

PT-2026-46786

Insufficient validation of untrusted input in Cast in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...

firefox: Same-origin policy bypass in the Networking: HTTP component

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the Networking: HTTP component...

PT-2026-46597

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description Insufficient validation of untrusted input in the Cast component allows a remote attacker to bypass the same origin policy, which is a security mechanism that restricts how a document o...

PT-2026-46552

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in WebAppInstalls allows a remote attacker who has compromised the renderer process to bypass the same origin policy, which is a security mechanism that...

PT-2026-46466

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in the Passwords component allows a remote attacker to bypass the same origin policy, which is a security mechanism that restricts how a document or scri...

PT-2026-46660

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description Insufficient policy enforcement in Paint allows a remote attacker to bypass the same origin policy, which is a security mechanism that restricts how a document or script loaded from one...

PT-2026-46545

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description Insufficient validation of untrusted input in the Network component allows a remote attacker who has compromised the renderer process to bypass the same origin policy, which is a securi...

PT-2026-46759

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description Insufficient policy enforcement in FoldableAPIs allows a remote attacker who has compromised the renderer process to bypass the same origin policy, which is a security mechanism that...

PT-2026-46749

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description Insufficient validation of untrusted input in the Network component allows a remote attacker who has compromised the renderer process to bypass the same origin policy, which is a securi...

PT-2026-46551

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description Insufficient validation of untrusted input in DevTools allows a remote attacker who has compromised the renderer process to bypass the same origin policy, which is a security mechanism...

PT-2026-46525

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in Workers allows a remote attacker to bypass the same origin policy, which is a security mechanism that restricts how a document or script loaded from o...

PT-2026-46577

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in Extensions allows an attacker to bypass the same origin policy—a security mechanism that restricts how a document or script loaded from one origin can...