8088 matches found
CVE-2026-11133
Insufficient policy enforcement in Paint in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-11132
Insufficient policy enforcement in Paint in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-11132
CVE-2026-11132 concerns Google Chrome’s Paint component. The vulnerability arises from insufficient policy enforcement, enabling a remote attacker to bypass the Same Origin Policy through a crafted HTML page. The issue affects Chrome versions prior to 149.0.7827.53 (Chromium base). Impact is a po...
CVE-2026-11081
Inappropriate implementation in Canvas in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-11081
Chrome earlier than 149.0.7827.53 has an inappropriate Canvas implementation that allowed a remote attacker to bypass the same-origin policy via a crafted HTML page. Affected software: Google Chrome (Canvas). Root cause: insecure Canvas handling enabling cross-origin bypass. Impact: potential rem...
CVE-2026-11078
CVE-2026-11078 describes an insecure implementation in Chrome’s FileSystem that allowed a remote attacker, once they had compromised the renderer process, to bypass the same-origin policy via a crafted HTML page. The issue affects Google Chrome prior to version 149.0.7827.53. The root cause is an...
CVE-2026-11078
Inappropriate implementation in FileSystem in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-11069
Insufficient validation of untrusted input in Cast in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-11069
The CVE-2026-11069 entry describes a vulnerability in the Cast component of Google Chrome. It arises from insufficient validation of untrusted input and affects Chrome versions prior to 149.0.7827.53. A remote attacker could bypass the same-origin policy by presenting a crafted HTML page, potenti...
CVE-2026-11048
CVE-2026-11048 concerns Google Chrome: an insecure/incorrect implementation in Chrome Extensions before version 149.0.7827.53 allowed a crafted extension, installed by a persuaded user, to bypass the Same Origin Policy. Affected product: Chrome extensions framework; root cause: inappropriate impl...
CVE-2026-11048
Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension. Chromium security severity: Medium...
CVE-2026-11036
Inappropriate implementation in DOM in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-11036
CVE-2026-11036 affects Google Chrome: an incorrect DOM implementation before version 149.0.7827.53 allows a remote attacker to bypass the same-origin policy via a crafted HTML page. The issue is rooted in Chrome's DOM handling as described in the public CVE entries. Impact is bypassing same-origi...
CVE-2026-11022
Insufficient validation of untrusted input in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-11023
Inappropriate implementation in WebAppInstalls in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-11022
CVE-2026-11022 involves Google Chrome’s DevTools within the Chromium engine. The issue is “insufficient validation of untrusted input” in DevTools, before version 149.0.7827.53, allowing a remote attacker who has exploited the renderer process to bypass the same-origin policy via a crafted HTML p...
CVE-2026-11023
CVE-2026-11023 affects Google Chrome (Chrome/Chromium) prior to 149.0.7827.53. The issue is an inappropriate implementation in WebAppInstalls that, when a renderer process is compromised, enables bypass of the same-origin policy via a crafted HTML page. Root cause: questionable handling in WebApp...
CVE-2026-11016
CVE-2026-11016 : Google Chrome suffers from insufficient validation of untrusted input in the Network component. The vulnerability allows a remote attacker who has compromised the renderer process to bypass the same-origin policy via a crafted HTML page, under Chrome versions prior to 149.0.7827....
CVE-2026-11016
Insufficient validation of untrusted input in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-10996
The CVE-2026-10996 entry concerns Google Chrome’s Web Workers where an improper implementation allows a remote attacker to bypass the Same Origin Policy via a crafted HTML page. Affected product: Google Chrome (Workers). Root cause: incorrect Worker implementation enabling cross-origin bypass. Im...