30 matches found
CVE-2026-11236
An insufficient policy enforcement flaw was found in the Web Bluetooth component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=496427030...
SUSE CVE-2026-11236
Insufficient policy enforcement in Web Bluetooth in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...
Chromium: CVE-2026-11236 Insufficient policy enforcement in Web Bluetooth
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
EUVD-2026-34697
Insufficient policy enforcement in Web Bluetooth in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...
Linux Distros Unpatched Vulnerability : CVE-2026-11236
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient policy enforcement in Web Bluetooth in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to...
CVE-2026-11236
Insufficient policy enforcement in Web Bluetooth in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...
DEBIAN-CVE-2026-11236
Insufficient policy enforcement in Web Bluetooth in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...
CVE-2026-11236
Insufficient policy enforcement in Web Bluetooth in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...
CVE-2026-11236
Insufficient policy enforcement in Web Bluetooth in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...
CVE-2026-11236
Insufficient policy enforcement in Web Bluetooth in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...
CVE-2026-11236
Insufficient policy enforcement in Web Bluetooth in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...
CVE-2026-11236
Technical details for CVE-2026-11236 are not publicly available in the provided documents. Monitor for updates.
PT-2026-46761
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description Insufficient policy enforcement in Web Bluetooth allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. A...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 contained a security vulnerability. This vulnerability stemmed from insufficient execution of Web Bluetooth component policies, which could allow remote attackers who have breached the renderi...
EUVD-2022-1290
Malicious code in bioql PyPI...
MAL-2025-6882 Malicious code in web-bluetooth-spp-application (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis bdbd2a9a0d851f1dae6e50f3c00e0b0839441f59b05d4e49f753afe278cd0ca9 The OpenSSF Package Analysis project identified 'web-bluetooth-spp-application' @ 2.0.1 npm as malicious. It is considered malicious because: -...
CVE-2022-21718
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to 17.0.0-alpha.6, 16.0.6, 15.3.5, 14.2.4, and 13.6.6 allows renderers to obtain access to a bluetooth device via the web bluetooth API if the app has not...
SUSE CVE-2019-13723
Use after free in WebBluetooth in Google Chrome prior to 78.0.3904.108 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page...
Privilege Escalation
electron is vulnerable to privilege escalation. An attacker can obtain access to a bluetooth device via the web bluetooth API if the application has not configured a custom select-bluetooth-device event handler...
GHSA-3P22-GHQ8-V749 Renderers can obtain access to random bluetooth device without permission in Electron
Impact This vulnerability allows renderers to obtain access to a random bluetooth device via the web bluetooth API if the app has not configured a custom select-bluetooth-device event handler. The device that is accessed is random and the attacker would have no way of selecting a specific device...