EUVD-2026-34697

Insufficient policy enforcement in Web Bluetooth in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...

CVE-2026-11236

Insufficient policy enforcement in Web Bluetooth in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...

CVE-2026-11236

Insufficient policy enforcement in Web Bluetooth in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...

CVE-2026-11236

CVE-2026-11236 relates to Google Chrome Web Bluetooth where insufficient policy enforcement prior to 149.0.7827.53 could allow a remote attacker who has compromised the renderer to potentially perform a sandbox escape via a crafted HTML page. Affected product: Google Chrome with Web Bluetooth; ro...

CVE-2026-11236

Insufficient policy enforcement in Web Bluetooth in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...

PT-2026-46761

Insufficient policy enforcement in Web Bluetooth in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...

EUVD-2022-1290

Malicious code in bioql PyPI...

MAL-2025-6882 Malicious code in web-bluetooth-spp-application (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis bdbd2a9a0d851f1dae6e50f3c00e0b0839441f59b05d4e49f753afe278cd0ca9 The OpenSSF Package Analysis project identified 'web-bluetooth-spp-application' @ 2.0.1 npm as malicious. It is considered malicious because: -...

CVE-2022-21718

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to 17.0.0-alpha.6, 16.0.6, 15.3.5, 14.2.4, and 13.6.6 allows renderers to obtain access to a bluetooth device via the web bluetooth API if the app has not...

SUSE CVE-2019-13723

Use after free in WebBluetooth in Google Chrome prior to 78.0.3904.108 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page...

Privilege Escalation

electron is vulnerable to privilege escalation. An attacker can obtain access to a bluetooth device via the web bluetooth API if the application has not configured a custom select-bluetooth-device event handler...

GHSA-3P22-GHQ8-V749 Renderers can obtain access to random bluetooth device without permission in Electron

Impact This vulnerability allows renderers to obtain access to a random bluetooth device via the web bluetooth API if the app has not configured a custom select-bluetooth-device event handler. The device that is accessed is random and the attacker would have no way of selecting a specific device...

CVE-2022-21718

CVE-2022-21718 affects Electron. Affected versions (< 17.0.0-alpha.6, < 16.0.6, < 15.3.5, < 14.2.4,

PT-2022-15061 · Electron · Electron

Name of the Vulnerable Software and Affected Versions: Electron versions prior to 17.0.0-alpha.6 Electron versions prior to 16.0.6 Electron versions prior to 15.3.5 Electron versions prior to 14.2.4 Electron versions prior to 13.6.6 Description: A vulnerability in Electron allows renderers to...

Electron 安全漏洞

Electron is a personal developer of a user to write cross-platform desktop application JavaScript framework. The framework is based on nodejs and Chromium and can be used to write cross-platform desktop applications using HTML and CSS. A security vulnerability exists in Electron, which allows the...

Chrome Web Bluetooth Component Sandbox Escape Vulnerability

Chrome is a browser developed by Google that includes a Web Bluetooth module that allows communication with Bluetooth devices directly through the browser. A sandbox escape vulnerability exists in the Web Bluetooth component of Chrome. This vulnerability can be exploited by an attacker to achieve...

DEBIAN-CVE-2019-13724

Out of bounds memory access in WebBluetooth in Google Chrome prior to 78.0.3904.108 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page...

UBUNTU-CVE-2019-13723

Use after free in WebBluetooth in Google Chrome prior to 78.0.3904.108 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page...

UBUNTU-CVE-2019-13724

Out of bounds memory access in WebBluetooth in Google Chrome prior to 78.0.3904.108 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page...

On Heels of Criticism, Newly-Released Google Chrome 70 Prioritizes Privacy

Google has lifted the curtain on its latest version of Chrome, which the tech giant has pledged touts more data privacy features, as well as fixes for high-priority vulnerabilities. The release comes after Google had promised updates in Chrome 70 to “better communicate our changes and offer more...