63 matches found
CVE-2026-14001
Inappropriate implementation in Network in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-14000
Inappropriate implementation in XML in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-14147
Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Low...
CVE-2026-14068
Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Low...
CVE-2026-14068
Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Low...
CVE-2026-13977
Inappropriate implementation in HTMLParser in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13957
Incorrect security UI in Extensions in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13836
Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: High...
CVE-2026-13812
Insufficient validation of untrusted input in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: High...
CVE-2026-13812
CVE-2026-13812 affects Chrome for iOS (Google Chrome on iOS) prior to version 150.0.7871.47. The issue is insufficient validation of untrusted input in a crafted HTML page, enabling UXSS if a user is induced to perform specific UI gestures. The vulnerability results in potential script/HTML injec...
EUVD-2026-37548
Inappropriate implementation in Views in Google Chrome on Linux prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: High...
CVE-2026-12459
Inappropriate implementation in Serial in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: High...
CVE-2026-12463
The CVE-2026-12463 entry corresponds to an UXSS vulnerability in Google Chrome on Linux, caused by an inappropriate implementation in Views that allowed a compromised renderer to inject arbitrary scripts/HTML via a crafted HTML page. Affected product is Chrome on Linux, with the issue present pri...
CVE-2026-11799 UXSS in Focus for iOS / Klar Webkit navigation
UXSS in Focus for iOS / Klar Webkit navigation. This vulnerability was fixed in Focus for iOS 151.3.1 and Klar for iOS 151.3.1...
CVE-2026-11799
CVE-2026-11799 concerns a UXSS flaw in Focus for iOS and Klar WebKit navigation. The affected components are Focus for iOS and Klar for iOS, with a root cause not explicitly detailed in the provided documents beyond the UXSS classification. The vulnerability is rated HIGH (CVSS 3.1: AV:N/AC:L/PR:...
Security Vulnerabilities fixed in Focus for iOS / Klar 151.3.1 — Mozilla
CVE-2026-11799: UXSS in Focus for iOS / Klar Webkit navigation Reporter Renwa Hiwa Impact high References Bug 1975667...
PT-2026-48265
Name of the Vulnerable Software and Affected Versions Focus for iOS versions prior to 151.3.1 Klar for iOS versions prior to 151.3.1 Description Universal Cross-Site Scripting UXSS exists in the Webkit navigation of Focus for iOS and Klar for iOS. UXSS is a security flaw that allows an attacker t...
SUSE CVE-2026-10916
Insufficient validation of untrusted input in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: High...
SUSE CVE-2026-11034
Insufficient validation of untrusted input in Tab Group Sync in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via malicious network traffic. Chromium security severity: Medium...
SUSE CVE-2026-11169
Inappropriate implementation in XML in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted XML file. Chromium security severity: Medium...