EUVD-2026-15135

A logic issue was addressed with improved state management. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. A malicious website may be able to access script message handlers intended for other origins...

CVE-2026-28861

A logic issue was addressed with improved state management. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. A malicious website may be able to access script message handlers intended for other origins...

CVE-2026-28861

A logic issue was addressed with improved state management. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. A malicious website may be able to access script message handlers intended for other origins...

The vulnerability of JavaScript script handlers in Google Chrome and Microsoft Edge browsers allows attackers to trigger a service failure.

The vulnerability of JavaScript script handlers in Google Chrome and Microsoft Edge browsers is related to type conversion errors. Exploiting this vulnerability can allow a malicious actor to cause service interruptions through a specially crafted HTML page...

The vulnerability of JavaScript script handlers in Google Chrome and Microsoft Edge browsers allows attackers to execute arbitrary code or cause service interruptions.

The vulnerability of JavaScript script handlers in Google Chrome and Microsoft Edge browsers is related to operations that go beyond buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause a service failure through a specially crafted...

The vulnerability in the JavaScript script handlers of Mozilla Firefox, Firefox ESR, and the email client Thunderbird allows a hacker to execute arbitrary code or cause a service failure.

The vulnerability of JavaScript script handlers in Mozilla Firefox, Firefox ESR, and the email client Thunderbird lies in the issue of writing beyond the buffer boundaries in memory during the processing of Promise objects. Exploiting this vulnerability allows an attacker to execute arbitrary cod...

The vulnerability of JavaScript script handlers in Google Chrome and Microsoft Edge browsers allows attackers to execute arbitrary code or cause service interruptions.

The vulnerability of JavaScript script handlers in Google Chrome and Microsoft Edge browsers relates to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause a denial-of-service attack through a specially crafted HTML page...

The vulnerability of JavaScript script handlers in Google Chrome and Microsoft Edge browsers allows attackers to execute arbitrary code and trigger service failures.

The vulnerability of JavaScript script handlers in Google Chrome and Microsoft Edge browsers is related to operations that go beyond buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code and cause service interruptions...

The vulnerability of the JavaScript script handler in Google Chrome and Microsoft Edge browsers allows attackers to execute arbitrary code.

The vulnerability of JavaScript script handlers in Google Chrome and Microsoft Edge relates to type mixing errors. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through a specially created HTML page from a remote location...

The vulnerability of JavaScript script handlers in Google Chrome and Microsoft Edge browsers allows attackers to execute arbitrary code and gain full control over the system.

The vulnerability of JavaScript script handlers in Google Chrome and Microsoft Edge browsers is related to type mixing errors. Exploiting this vulnerability allows a remote attacker to execute arbitrary code and gain full control over the system...

The vulnerability of JavaScript script handlers in Microsoft Edge and Google Chrome browsers allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of JavaScript script handlers in Microsoft Edge and Google Chrome browsers is related to errors in data type conversion. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of protected information...

The vulnerability of JavaScript script handlers in Microsoft Edge and Google Chrome browsers allows attackers to disclose protected information.

The vulnerability of JavaScript script handlers in Microsoft Edge and Google Chrome browsers is related to improper security checks for standard elements. Exploiting this vulnerability can allow a malicious actor to disclose protected information...

The vulnerability of JavaScript script handlers in Microsoft Edge and Google Chrome browsers allows attackers to disclose protected information.

The vulnerability of JavaScript script handlers in Microsoft Edge and Google Chrome browsers relates to improper security checks for standard elements. Exploiting this vulnerability allows a malicious actor to disclose sensitive information through a specially created HTML page...

The vulnerability of JavaScript script handlers in Google Chrome and Microsoft Edge browsers allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of JavaScript script handlers in Google Chrome and Microsoft Edge browsers relates to access to resources through incompatible types. Exploiting this vulnerability can allow attackers to compromise the confidentiality, integrity, and accessibility of protected information throug...

The vulnerability of JavaScript script handlers in Google Chrome and Microsoft Edge browsers allows attackers to execute arbitrary code using a specially crafted HTML page.

The vulnerability of JavaScript script handlers in Google Chrome and Microsoft Edge browsers is related to type mixing errors. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through a specially crafted HTML page from a remote location...

The vulnerability of JavaScript script handlers in Google Chrome and Microsoft Edge browsers allows attackers to execute arbitrary code.

The vulnerability of JavaScript script handlers in Google Chrome and Microsoft Edge browsers is related to buffer overflow in the “cull” mechanism. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially crafted HTML page...

The vulnerability of JavaScript script handlers in Google Chrome and Microsoft Edge browsers allows attackers to gain unauthorized access to protected information, execute arbitrary code, or cause a service failure.

The vulnerability of JavaScript script handlers in Google Chrome and Microsoft Edge relates to type conversion errors. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information, execute arbitrary code, or cause a denial-of-service attack by generatin...

The vulnerability of JavaScript script handlers in Google Chrome and Microsoft Edge browsers allows attackers to execute arbitrary code.

The vulnerability of JavaScript script handlers in Google Chrome and Microsoft Edge browsers is related to the use of memory after deallocation. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...

The vulnerability of JavaScript script handlers in Google Chrome and Microsoft Edge browsers allows attackers to execute arbitrary code.

The vulnerability of JavaScript script handlers in Google Chrome and Microsoft Edge browsers is related to writing beyond the buffer boundaries. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of JavaScript script handlers in Google Chrome and Microsoft Edge browsers allows attackers to execute arbitrary code.

The vulnerability of JavaScript script handlers in Google Chrome and Microsoft Edge browsers is related to type mixing errors. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through a specially created web page...