CVE-2026-0907

Incorrect security UI in Split View in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

CVE-2026-0907

Incorrect security UI in Split View in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

CVE-2026-0907

Incorrect security UI in Split View in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

CVE-2026-0907

Incorrect security UI in Split View in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

CVE-2026-0907

CVE-2026-0907 affects Google Chrome/Chromium Split View UI, allowing UI spoofing via a crafted HTML page before version 144.0.7559.59. Connected documents confirm related Chromium/CEF updates in the 144.0.7559.x series across Fedora and ChromeOS advisories, indicating a patched release beyond 144...

CVE-2026-0907

Incorrect security UI in Split View in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

CVE-2026-0907

Incorrect security UI in Split View in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

SecureSplit: Mitigating Backdoor Attacks in Split Learning

Split Learning SL offers a framework for collaborative model training that respects data privacy by allowing participants to share the same dataset while maintaining distinct feature sets. However, SL is susceptible to backdoor attacks, in which malicious clients subtly alter their embeddings to...

MiracleLinux 9 : ruby:3.1 (AXSA:2024-7662:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7662:01 advisory. ruby/cgi-gem: HTTP response splitting in CGI CVE-2021-33621 ruby: ReDoS vulnerability in URI CVE-2023-28755 ruby: ReDoS vulnerability - upstream's...

MiracleLinux 8 : ruby:2.5 (AXSA:2021-2345:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2345:01 advisory. ruby: NUL injection vulnerability of File.fnmatch and File.fnmatch? CVE-2019-15845 ruby: Regular expression denial of service vulnerability of...

Fedora 42 : chromium (2026-3736e2ff1a)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-3736e2ff1a advisory. Update to 144.0.7559.59 CVE-2026-0899: Out of bounds memory access in V8 CVE-2026-0900: Inappropriate implementation in V8 CVE-2026-0901:...

OPENSUSE-SU-2026:20054-1 Security update for chromium

This update for chromium fixes the following issues: Changes in chromium: - Chromium 144.0.7559.59 boo1256614 CVE-2026-0899: Out of bounds memory access in V8 CVE-2026-0900: Inappropriate implementation in V8 CVE-2026-0901: Inappropriate implementation in Blink CVE-2026-0902: Inappropriate...

Chromium: CVE-2026-0907 Incorrect security UI in Split View

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004060)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004060 advisory. An issue was discovered in splithugepmd in mm/hugememory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access becau...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability that originates from a security user interface error in split-screen view, which can be exploited by an attacker to bypass security restrictions...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004459)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004459 advisory. An issue was discovered in splithugepmd in mm/hugememory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access becau...

PT-2026-4643

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=475607265 Crash type: Heap-use-after-free READ 8 Crash state: graph::LigatureSubstFormat1::shrink graph::LigatureSubstFormat1::split context t::shrink hb vector t graph::actuate subtable splitgraph::LigatureSu...

Linux Distros Unpatched Vulnerability : CVE-2026-0907

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect security UI in Split View in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium...

CVE-2026-22700

RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography ECC support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a denial-of-service vulnerability...

GHSA-GRG2-63FW-F2QR vLLM is vulnerable to DoS in Idefics3 vision models via image payload with ambiguous dimensions

Summary Users can crash the vLLM engine serving multimodal models that use the Idefics3 vision model implementation by sending a specially crafted 1x1 pixel image. This causes a tensor dimension mismatch that results in an unhandled runtime error, leading to complete server termination. Details T...