CVE-2026-11700

This CVE affects Google Chrome’s Tracing component in the renderer process. The root cause is a use-after-free in Tracing, which, if an attacker can compromise the renderer, could enable a sandbox escape via a crafted HTML page. The vulnerability is described for Chrome versions prior to 149.0.78...

CVE-2026-11698

CVE-2026-11698 affects Google Chrome on macOS. The connected documents confirm a use-after-free in the Bluetooth subsystem of Chrome/Chromium, leading to a potential heap corruption condition when processing a crafted HTML page. The vulnerability is triggered in Chrome builds prior to version 149...

CVE-2026-11697

CVE-2026-11697 affects Google Chrome’s UI layer built on Chromium, where insufficient validation of untrusted input could enable a remote attacker to escape the sandbox via a crafted HTML page. The issue is described as a High-severity vulnerability, with exploitation linked to messages that prev...

CVE-2026-11695

CVE-2026-11695 affects Google Chrome Passwords with an inappropriate implementation that allows a remote attacker to leak cross-origin data via a crafted HTML page. Affected product: Google Chrome (password handling). Root cause: improper handling leading to cross-origin data exposure. Impact: cr...

CVE-2026-11696

Google Chrome on Windows is affected by CVE-2026-11696 due to an uninitialized use in the Video component prior to 149.0.7827.103. A remote attacker who has already gained renderer process access could read potentially sensitive data from process memory via a crafted HTML page. Impact: disclosure...

CVE-2026-11694

Technical details (affected product, root cause, exploitability) are not publicly available in the provided documents. Monitor for updates.

CVE-2026-11693

CVE-2026-11693 affects Google Chrome prior to version 149.0.7827.103, due to an inappropriate implementation in Plugins that allowed a rendered-page compromise to bypass site isolation via a crafted HTML page. The issue enables a remote attacker who already has renderer access to impact isolation...

CVE-2026-11691

CVE-2026-11691 involves Google Chrome’s New Tab Page and is caused by insufficient validation of untrusted input. The vulnerability affects Chrome prior to version 149.0.7827.103, enabling a remote attacker who has compromised the renderer process to leak cross-origin data via a crafted HTML page...

CVE-2026-11692

CVE-2026-11692 is a use-after-free in Chrome’s Read Anything feature prior to 149.0.7827.103. If a renderer process is already compromised, this could enable a sandbox escape via a crafted HTML page. The connected sources consistently describe the issue as a high-severity Chrome/Chromium vulnerab...

CVE-2026-11690

Summary: CVE-2026-11690 describes an out-of-bounds read/write in Media component of Google Chrome on macOS, prior to version 149.0.7827.103. A remote attacker who has compromised the renderer process could execute arbitrary code inside the sandbox via a crafted HTML page. The issue is rated High ...

CVE-2026-11689

Technical details for CVE-2026-11689 are not publicly available in the provided documents. Monitor for updates from vendors and security advisories.

CVE-2026-11688

CVE-2026-11688 describes an inappropriate SVG implementation in Google Chrome prior to 149.0.7827.103 that enables a remote attacker to execute arbitrary code inside the sandbox via a crafted HTML page. Impact is high (C/H/I/A = 8.8 CVSS v3.1) per Chromium, with network access, no privileges, use...

CVE-2026-11687

Summary: CVE-2026-11687 is a use-after-free in Dawn within Google Chrome for Mac, leading to potential heap corruption via a crafted HTML page. The underlying issue is a use-after-free in Dawn, with impact described as a remote attacker able to cause high-severity outcomes (confidentiality, integ...

CVE-2026-11686

The CVE-2026-11686 entry describes an issue in Dawn within Google Chrome on macOS before 149.0.7827.103. The root cause is insufficient validation of untrusted input in Dawn, which could allow a remote attacker who has compromised the renderer process to leak cross-origin data via a crafted HTML ...

CVE-2026-11684

CVE-2026-11684 affects Google Chrome’s Network policy enforcement. Affected component: network policy handling in Chrome before 149.0.7827.103. Root cause: insufficient policy enforcement allowed a remote attacker who had compromised the utility process to leak cross-origin data via a crafted HTM...

CVE-2026-11685

CVE-2026-11685 involves an inappropriate implementation in MediaCapture in Google Chrome on macOS, where versions prior to 149.0.7827.103 allow a remote attacker to leak cross-origin data via a crafted HTML page. The issue is scoped to Chrome on Mac and is triggered by processing a crafted HTML p...

CVE-2026-11683

CVE-2026-11683 affects Google Chrome’s WebCodecs. The root cause is a use-after-free in WebCodecs that allows a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. The vulnerability is in Chrome versions prior to 149.0.7827.103 (Chromium-based). Impact is described...

CVE-2026-11682

CVE-2026-11682 : In Chrome on Linux, an inappropriate implementation in Views (Chromium-based) prior to version 149.0.7827.103 could allow a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Impact is sandbox escape potential...

CVE-2026-11680

CVE-2026-11680 describes a use-after-free in the Media component of Google Chrome on Windows, before version 149.0.7827.103. The underlying issue reportedly allows a remote attacker to execute arbitrary code inside Chrome’s sandbox via a crafted HTML page. Affected software is Chrome for Windows;...

CVE-2026-11681

CVE-2026-11681 : Use-after-free in Chrome’s Ozone component on Linux prior to 149.0.7827.103 allows a remote attacker to potentially trigger heap corruption via a crafted HTML page. Impact is described as high; the vulnerability is within the Chromium-based Chrome stack and affects the Ozone laye...

CVE-2026-11679

CVE-2026-11679 : Use-after-free in Codecs within Google Chrome on Windows, fixed in the 149.0.7827.103 (and later) update. The vulnerability could allow a remote attacker who has compromised the renderer process to perform a sandbox escape via a crafted HTML page. Affected product is Google Chrom...

CVE-2026-11677

CVE-2026-11677 describes a race in the Chrome network process on macOS prior to 149.0.7827.103 that could enable a remote attacker who had network-process access to escape the browser sandbox via a crafted HTML page. The vulnerability affects Google Chrome for macOS; the underlying issue is descr...

CVE-2026-11678

Summary: CVE-2026-11678 is an integer overflow in libyuv used by Google Chrome, fixed in version 149.0.7827.103. The issue could allow a remote attacker who has compromised the renderer process to extract potentially sensitive data from process memory via a crafted HTML page. Affected component: ...

CVE-2026-11676

CVE-2026-11676 affects Google Chrome on Linux/ChromeOS (Dawn component) and is due to insufficient validation of untrusted input, allowing a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. The issue is observed prior to Chr...

CVE-2026-11675

CVE-2026-11675 : Out-of-bounds read in Skia used by Google Chrome before 149.0.7827.103. A remote attacker who compromises the renderer process could leak cross-origin data via a crafted HTML page. The issue arises from Skia, with impact limited to confidentiality (LOW in CVSS 3.1 per the documen...

CVE-2026-11674

CVE-2026-11674 affects Google Chrome (Guest View) on Chromium-based builds prior to 149.0.7827.103. The issue is a use-after-free in Guest View, enabling a remote attacker to execute arbitrary code inside the sandbox via a crafted HTML page. Affected product/version: Google Chrome (before 149.0.7...

CVE-2026-11673

CVE-2026-11673 (Google Chrome/Chromium) Use-after-free in the InterestGroups component allows a remote attacker to execute arbitrary code inside the browser sandbox via a crafted HTML page. Affected product/version: Google Chrome (Chromium) prior to 149.0.7827.103. Root cause: use-after-free in I...

CVE-2026-11672

CVE-2026-11672 describes a heap buffer overflow in the GPU component of Google Chrome on Android, prior to version 149.0.7827.103. The underlying issue is a memory safety flaw in the GPU/renderer path that could allow a remote attacker who has compromised the renderer process to perform a sandbox...

CVE-2026-11671

Summary: CVE-2026-11671 is a use-after-free in Chrome’s Navigation path that could allow a remote attacker to escape the browser sandbox via a crafted HTML page, affecting Chrome builds prior to 149.0.7827.103. Impact: High (sandbox escape possibility; remote code execution potential) per Chromiu...

CVE-2026-11669

Affects Google Chrome on ChromeOS : an out-of-bounds read in Media prior to version 149.0.7827.103 . A remote attacker who has compromised the renderer process could craft an HTML page to read potentially sensitive data from process memory. No exploitation details are provided. Remediation: upgra...

CVE-2026-11670

CVE-2026-11670: Use-after-free in PDF handling in Google Chrome prior to 149.0.7827.103 enables remote code execution in the sandbox when parsing a crafted PDF. Affected component is Chrome's PDF rendering; impact is high. Remediation per the connected documents is to update to Chrome 149.0.7827....

CVE-2026-11667

CVE-2026-11667 affects Google Chrome WebRTC. The vulnerability is an out-of-bounds read in WebRTC that, if the GPU process is compromised, could enable heap corruption via a crafted HTML page. Impacted software: Chrome prior to version 149.0.7827.103. The publicly documented remediation is to upg...

CVE-2026-11668

CVE-2026-11668 concerns Google Chrome on Linux and ChromeOS versions before 149.0.7827.103, with an uninitialized use in codecs leading to potential cross-origin data leakage via a crafted video file. The issue is described as high severity; affected: Chrome on Linux/ChromeOS prior to the listed ...

CVE-2026-11665

CVE-2026-11665: Out-of-bounds read in Dawn within Google Chrome on Windows allows a remote attacker to leak cross-origin data via a crafted HTML page. Affected: Chrome on Windows (Dawn component); root cause is an out-of-bounds read. Impact is data leakage of cross-origin data. Remediation: patch...

CVE-2026-11666

Google Chrome CVE-2026-11666: Insufficient validation of untrusted input in Input allows UI spoofing via a crafted HTML page in Chrome versions before 149.0.7827.103. Affected: desktop Chrome; root cause is input validation weakness in Input. Impact: remote attacker can spoof UI with crafted page...

CVE-2026-11663

CVE-2026-11663 concerns Google Chrome affected by a use-after-free in Skia prior to version 149.0.7827.103. If a renderer-process compromise occurs, a crafted HTML page could potentially enable a sandbox escape. The vulnerability is described with a high severity. The document set indicates the f...

CVE-2026-11664

This CVE (CVE-2026-11664) affects Google Chrome’s Payments component and concerns a use-after-free in the Payments pathway that could enable remote heap corruption via a crafted HTML page. The vulnerability is rooted in use-after-free semantics within Chromium’s Payments code, leading to potentia...

CVE-2026-11662

CVE-2026-11662 affects Google Chrome bindings: Type Confusion in Bindings could allow remote code execution in a sandbox via a crafted HTML page, before version 149.0.7827.103. The issue is rated High (CVSS 3.1 base 8.8), with network attack vector and user interaction required. Affected componen...

CVE-2026-11660

CVE-2026-11660: Google Chrome’s New Tab Page suffered insufficient validation of untrusted input, enabling a renderer-compromised remote attacker to potentially escape the sandbox via a crafted HTML page. Affected: Chrome before 149.0.7827.103. Impact: sandbox escape risk; attacker could leverage...

CVE-2026-11661

CVE-2026-11661 affects Google Chrome on Windows prior to 149.0.7827.103, with a use-after-free in Views that could allow a remote attacker (having renderer access) to escape the sandbox via a crafted HTML page. The Chromium/chrome update (149.0.7827.102/103 for Windows) addresses the issue; the s...

CVE-2026-11658

The CVE-2026-11658 entry describes Insufficient validation of untrusted input in Extensions for Google Chrome, prior to 149.0.7827.103. A renderer-compromised remote attacker could bypass site isolation via a crafted HTML page. Affected component: Extensions in Google Chrome; underlying cause: in...

CVE-2026-11659

CVE-2026-11659 affects Google Chrome on Linux, where an integer overflow in the UI could enable a sandbox-escape via a crafted HTML page. The issue is fixed in Chrome 149.0.7827.103 for Linux (update to 149.0.7827.103 or later). The public description cites a high-severity impact and sandbox-esca...

CVE-2026-11656

CVE-2026-11656 affects Google Chrome via a Use-after-Free in the ServiceWorker component, enabling a sandbox escape when a user installs a crafted malicious extension. Public descriptions consistently state the vulnerability occurs in Chrome versions prior to 149.0.7827.103. The available sources...

CVE-2026-11657

CVE-2026-11657 covers a use-after-free in Chrome’s Payments component on macOS, allowing remote code execution via a crafted HTML page. Affected product: Google Chrome on Mac (before version 149.0.7827.103). Underlying issue: use-after-free in Payments. Impact: arbitrary code execution with high ...

CVE-2026-11654

CVE-2026-11654 is a use-after-free in CameraCapture in Google Chrome on macOS. The issue allows remote code execution via a crafted HTML page that could lead to a sandbox escape. Affected software: Google Chrome on Mac prior to 149.0.7827.103. Mitigation: update to Chrome Stable channel build 149...

CVE-2026-11655

CVE-2026-11655 is a vulnerability in Google Chrome on macOS caused by an integer overflow in Media handling, prior to build 149.0.7827.103. The flaw could allow a remote attacker who has compromised the renderer process to potentially escape the browser sandbox via a crafted HTML page, with a Chr...

CVE-2026-11653

The CVE-2026-11653 issue concerns Google Chrome extensions. It is described as Insufficient validation of untrusted input in Extensions, enabling a remote attacker who has already compromised the renderer process to bypass site isolation via a crafted HTML page. The vulnerability affects Chrome p...

CVE-2026-11652

CVE-2026-11652 is a use-after-free in Chrome/Chromium Extensions before 149.0.7827.103. If a renderer process is compromised, a remote attacker could potentially escape the sandbox via a crafted HTML page, as described in multiple sources. Affected product: Google Chrome/Chromium Extensions; vuln...

CVE-2026-11651

Technical details are not publicly available in the provided documents. Monitor for updates from vendors and security advisories.

CVE-2026-11649

CVE-2026-11649: Use-after-free in V8 affects Google Chrome before version 149.0.7827.103. Exploitation could allow a remote attacker to execute arbitrary code inside Chrome’s sandbox via a crafted HTML page. Root cause is a use-after-free in V8 handling of certain objects (as described). Impact i...