251667 matches found
CVE-2026-11128
Google Chrome’s Web Share API has an inappropriate implementation flaw prior to version 149.0.7827.53 that could allow a remote attacker to leak cross-origin data when a user is guided through specific UI gestures on a crafted HTML page. Root cause: improper Web Share handling. A fix is available...
CVE-2026-11107
Inappropriate implementation in Downloads in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-11107
Inappropriate implementation in Downloads in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-11107
The CVE-2026-11107 entry concerns Google Chrome on desktop with an Inappropriate implementation in Downloads that allowed UI spoofing via a crafted HTML page. Affected software: Chrome versions prior to 149.0.7827.53. Root cause: incorrect handling in the Downloads component leading to a spoofabl...
CVE-2026-11042
CVE-2026-11042 is a use-after-free in Chrome’s Views component (Chromium) that could allow heap corruption. A crafted HTML page and user interaction (specific UI gestures) may trigger exploitation before Chrome build 149.0.7827.53. The issue affects Google Chrome (Views subsystem) and is tied to ...
CVE-2026-11042
Use after free in Views in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-11042
Use after free in Views in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-11042
Use after free in Views in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-11031
Insufficient validation of untrusted input in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via malicious network traffic. Chromium security severity: Medium...
CVE-2026-11026
CVE-2026-11026 affects Google Chrome extensions. An inappropriate implementation in Chrome extensions prior to 149.0.7827.53 can let an attacker, by convincing a user to install a malicious extension, bypass navigation restrictions via a crafted Chrome Extension. This vulnerability is described w...
CVE-2026-11026
Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. Chromium security severity: Medium...
CVE-2026-11001
Inappropriate implementation in Payments in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-11001
The CVE-2026-11001 affects Google Chrome’s Payments component (Chromium-based). An inappropriate implementation prior to version 149.0.7827.53 allows a remote attacker, by persuading a user to perform specific UI gestures on a crafted HTML page, to perform UI spoofing. The concrete impact stated ...
CVE-2026-10995
Heap buffer overflow in TabStrip in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-10995
Heap buffer overflow in TabStrip in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-10995
The CVE-2026-10995 entry describes a heap buffer overflow in Google Chrome’s TabStrip prior to version 149.0.7827.53. The issue can be triggered by a user-supplied crafted HTML page where the attacker coerces the user into performing specific UI gestures, potentially allowing heap corruption. Doc...
CVE-2026-10991
CVE-2026-10991 is a use-after-free in V8 affecting Google Chrome prior to 149.0.7827.53. The vulnerability could allow a remote attacker to execute arbitrary code inside the browser sandbox if a user is tricked into performing specific UI gestures on a crafted HTML page. This is tied to the V8 en...
CVE-2026-10989
Inappropriate implementation in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
CVE-2026-10989
Inappropriate implementation in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
CVE-2026-10989
Inappropriate implementation in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...