CVE-2026-11201

An use after free flaw was found in the ServiceWorker component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=505068950...

CVE-2026-8879

Version 3.0.7 of the Securly Chrome Extension dynamically registers content13.min.js as a content script via chrome.scripting.registerContentScripts at runtime. This script is NOT declared in manifest.json and bypasses Chrome Web Store static security review. It runs on all URLs and immediately...

Chromium: CVE-2026-11201 Use after free in ServiceWorker

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Linux Distros Unpatched Vulnerability : CVE-2026-11206

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient policy enforcement in ServiceWorker in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML...

DEBIAN-CVE-2026-11201

Use after free in ServiceWorker in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. Chromium security severity: Medium...

CVE-2026-11201

Use after free in ServiceWorker in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. Chromium security severity: Medium...

CVE-2026-11206

Insufficient policy enforcement in ServiceWorker in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-11206

Insufficient policy enforcement in ServiceWorker in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-11201

The CVE-2026-11201 entry reports a use-after-free in Chrome’s ServiceWorker that could allow arbitrary code execution when a user is convinced to install a crafted Chrome Extension, affecting Google Chrome versions prior to 149.0.7827.53. The vulnerability is linked to the Chromium-based extensio...

CVE-2026-8879 CVE-2026-8879

Version 3.0.7 of the Securly Chrome Extension dynamically registers content13.min.js as a content script via chrome.scripting.registerContentScripts at runtime. This script is NOT declared in manifest.json and bypasses Chrome Web Store static security review. It runs on all URLs and immediately...

EUVD-2026-34165

Version 3.0.7 of the Securly Chrome Extension dynamically registers content13.min.js as a content script via chrome.scripting.registerContentScripts at runtime. This script is NOT declared in manifest.json and bypasses Chrome Web Store static security review. It runs on all URLs and immediately...

CVE-2026-8879

Version 3.0.7 of the Securly Chrome Extension dynamically registers content13.min.js as a content script via chrome.scripting.registerContentScripts at runtime. This script is NOT declared in manifest.json and bypasses Chrome Web Store static security review. It runs on all URLs and immediately...

CVE-2026-8879

CVE-2026-8879 affects Securly Chrome Extension v3.0.7. The vulnerability stems from dynamically registering content13.min.js as a content script at runtime via chrome.scripting.registerContentScripts(), a script not declared in manifest.json that bypasses the Chrome Web Store static security revi...

PT-2026-46051

Name of the Vulnerable Software and Affected Versions Securly Chrome Extension version 3.0.7 Description The software dynamically registers content13.min.js as a content script at runtime using the chrome.scripting.registerContentScripts function. Because this script is not declared in the...

CVE-2026-9115

An insufficient policy enforcement flaw was found in the Service Worker component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=495999481...

CVE-2026-42553

Cinny is a Matrix client. Prior to 4.10.3, A remote authenticated attacker who shares a room with a victim and has permissions to create room emotes for example in a DM can cause the victim's client to send their Matrix access token to an attacker-controlled server. This occurs when the victim...

CVE-2026-42553

Cinny (Matrix client) before version 4.10.3 is affected by a token-disclosure vulnerability in two parts: (1) EmojiBoard fallback uses an untrusted pack.meta.avatar as a MXC URL, enabling an attacker-controlled HTTP(S) URL in a malicious emote pack; (2) the service worker attaches the user’s Auth...

CVE-2026-42553

Cinny is a Matrix client. Prior to 4.10.3, A remote authenticated attacker who shares a room with a victim and has permissions to create room emotes for example in a DM can cause the victim's client to send their Matrix access token to an attacker-controlled server. This occurs when the victim...

EUVD-2026-32612

Cinny is a Matrix client. Prior to 4.10.3, A remote authenticated attacker who shares a room with a victim and has permissions to create room emotes for example in a DM can cause the victim's client to send their Matrix access token to an attacker-controlled server. This occurs when the victim...

CVE-2026-42553 Cinny: Access token disclosure via invalidated emoji pack avatar URL in service worker

Cinny is a Matrix client. Prior to 4.10.3, A remote authenticated attacker who shares a room with a victim and has permissions to create room emotes for example in a DM can cause the victim's client to send their Matrix access token to an attacker-controlled server. This occurs when the victim...