Android Security Bulletin—June 2026Stay organized with collectionsSave and categorize content based on your preferences.

The XR Security Bulletin contains details of security vulnerabilities affecting the XR platform. The full XR update comprises the security patch level of 2026-06-05 or later from the June 2026 Android Security Bulletin in addition to all issues in this bulletin. We encourage all customers to acce...

SUSE CVE-2026-9890

Use after free in XR in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

CVE-2026-9890

An use after free flaw was found in the XR component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=513135985...

Linux Distros Unpatched Vulnerability : CVE-2026-9118

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in XR in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium...

CVE-2026-9118

Use after free in XR in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

CVE-2026-7610

A vulnerability has been found in TRENDnet TEW-821DAP 1.12B01. This affects an unknown function of the file /www/cgi/ssi of the component Firmware Update. Such manipulation leads to cleartext transmission of sensitive information. The attack can be executed remotely. This attack is characterized ...

CVE-2026-7608

A vulnerability was detected in TRENDnet TEW-821DAP up to 1.12B01. The affected element is the function toolsdiagnostic. The manipulation results in os command injection. The exploit is now public and may be used. The vendor explains: "That firmware version will only work on our hardware version...

Astra Linux - уязвимость в chromium

In WebXR in Google Chrome, out-of-bounds memory access before version 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...

CVE-2026-7608

A vulnerability was detected in TRENDnet TEW-821DAP up to 1.12B01. The affected element is the function toolsdiagnostic. The manipulation results in os command injection. The exploit is now public and may be used. The vendor explains: "That firmware version will only work on our hardware version...

EUVD-2026-26774

A vulnerability has been found in TRENDnet TEW-821DAP 1.12B01. This affects an unknown function of the file /www/cgi/ssi of the component Firmware Update. Such manipulation leads to cleartext transmission of sensitive information. The attack can be executed remotely. This attack is characterized ...

EUVD-2026-26773

A flaw has been found in TRENDnet TEW-821DAP up to 1.12B01. The impacted element is the function toolsdiagnostic of the file /tmp/diagnostic of the component Firmware Udpate. This manipulation causes os command injection. Remote exploitation of the attack is possible. The exploit has been publish...

CVE-2026-7609 TRENDnet TEW-821DAP Firmware Udpate diagnostic tools_diagnostic os command injection

A flaw has been found in TRENDnet TEW-821DAP up to 1.12B01. The impacted element is the function toolsdiagnostic of the file /tmp/diagnostic of the component Firmware Udpate. This manipulation causes os command injection. Remote exploitation of the attack is possible. The exploit has been publish...

EUVD-2026-26767

A vulnerability was detected in TRENDnet TEW-821DAP up to 1.12B01. The affected element is the function toolsdiagnostic. The manipulation results in os command injection. The exploit is now public and may be used. The vendor explains: "That firmware version will only work on our hardware version...

CVE-2026-7608

TRENDnet TEW-821DAP (firmware up to 1.12B01) is affected by a vulnerability in the tools_diagnostic function that allows OS command injection. Public exploit exists. The vendor notes the hardware version is v1.xR and that the product is EOL and no longer sold, with the vulnerability affecting onl...

CVE-2026-7607

A security vulnerability has been detected in TRENDnet TEW-821DAP 1.12B01. Impacted is the function autoupdatefirmware of the component Firmware Udpate. The manipulation of the argument str leads to buffer overflow. The attack may be initiated remotely. The vendor explains: "That firmware version...

CVE-2026-7606

TRENDnet TEW-821DAP firmware, version 1.12B01, contains a weakness in the Firmware Update Handler (functions find_hwid/new_gui_update_firmware). Crafting the dest argument enables insufficient verification of data authenticity. The vulnerability is remotely exploitable; exploitation is described ...

PT-2026-36595

A vulnerability was detected in TRENDnet TEW-821DAP up to 1.12B01. The affected element is the function tools diagnostic. The manipulation results in os command injection. The exploit is now public and may be used. The vendor explains: "That firmware version will only work on our hardware version...

PT-2026-36586

Name of the Vulnerable Software and Affected Versions TRENDnet TEW-821DAP version 1.12B01 Description A buffer overflow exists in the Firmware Update component. A remote attacker can trigger this issue by manipulating the str argument passed to the auto update firmware function. Recommendations A...

MINI-G333-XRRG-P353

Bulletin has no description...

CVE-2026-6358

An use after free flaw was found in the XR component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=497724498...