CVE-2026-10958

CVE-2026-10958 : A use-after-free in Chrome for iOS (Google Chrome on iOS) prior to version 149.0.7827.53 allows a remote attacker who persuades a user to perform specific UI gestures to run arbitrary code via a crafted HTML page. Affected product: Chrome for iOS. Root cause: use-after-free in th...

CVE-2026-10954

CVE-2026-10954 describes a use-after-free in the Chrome component “Actor,” allowing a remote attacker to execute arbitrary code inside the Chrome sandbox via a crafted HTML page. Affected software: Google Chrome prior to version 149.0.7827.53 . Impact: remote code execution in sandbox context. Mi...

CVE-2026-10950

Insufficient policy enforcement in Autofill in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

CVE-2026-10950

CVE-2026-10950 describes an issue in Autofill for Google Chrome on iOS : insufficient policy enforcement allowed a remote attacker to leak cross-origin data via a crafted HTML page. Affected software is Chrome on iOS prior to version 149.0.7827.53 . The root cause is policy enforcement gaps in Au...

CVE-2026-10949

Heap buffer overflow in Video in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-10945

Use after free in PDF in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: High...

CVE-2026-10946

Heap buffer overflow in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

CVE-2026-10944

CVE-2026-10944 affects Google Chrome for iOS. The vulnerability arises from insufficient policy enforcement in Autofill , allowing a remote attacker to leak cross-origin data via a crafted HTML page on versions prior to 149.0.7827.53 . Root cause: autofill policy enforcement weakness; impact: pot...

CVE-2026-10942

Inappropriate implementation in UI in Google Chrome on Windows prior to 149.0.7827.53 allowed a local attacker to perform privilege escalation via a malicious file. Chromium security severity: High...

CVE-2026-10937

Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...

CVE-2026-10930

CVE-2026-10930 describes an out-of-bounds read in ANGLE used by Google Chrome on macOS, exploited via a crafted HTML page to trigger a remote memory read. Affected versions are Chrome on Mac prior to 149.0.7827.53; the issue is fixed in 149.0.7827.53. No additional exploit details are provided in...

CVE-2026-10930

Out of bounds read in ANGLE in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: High...

CVE-2026-10927

CVE-2026-10927 affects Google Chrome on Dawn, where an out-of-bounds read in Dawn could allow a remote attacker who has compromised the renderer process to escape the sandbox via a crafted HTML page. The issue is present in Chrome builds prior to 149.0.7827.53; upgrading to 149.0.7827.53 or later...

CVE-2026-10923

Use after free in WebAppInstalls in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to execute arbitrary code via a malicious file. Chromium security severity: High...

CVE-2026-10924

CVE-2026-10924 affects Chromecast in Google Chrome, with an integer overflow in components handling HTML rendering that can be triggered by a crafted HTML page. A remote attacker who has already compromised the renderer process could potentially perform a sandbox escape. The relevant versions are...

CVE-2026-10919

Use after free in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-10912

CVE-2026-10912: Insufficient validation of untrusted input in Extensions in Google Chrome before 149.0.7827.53 allowed a remote attacker who had renderer access to bypass the same-origin policy via a crafted HTML page. Affected software: Google Chrome (Extensions). Root cause: insufficient input ...

CVE-2026-10908

Use after free in FullScreen in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-10907

Out of bounds write in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2026-10906

CVE-2026-10906 is a use-after-free in Chrome’s WebAuthentication prior to 149.0.7827.53. A remote attacker could exploit heap corruption by convincing a user to perform specific UI gestures on a crafted HTML page. The vulnerability affects Google Chrome desktop builds listed in the Chrome 149 sta...