366544 matches found
CVE-2026-11272
CVE-2026-11272 affects Google Chrome on iOS, specifically the Reading List feature. The root cause is insufficient validation of untrusted input, enabling a remote attacker to escalate privileges via a crafted HTML page when a user is guided to perform certain UI gestures. Impact is described as ...
CVE-2026-11270
CVE-2026-11270 affects Google Chrome on Android, where an inappropriate UI implementation allows a remote attacker to leak cross-origin data via a crafted HTML page. The issue is tied to Chrome/Chromium UI handling prior to version 149.0.7827.53. Impact is confined to cross-origin data leakage; n...
CVE-2026-11271
CVE-2026-11271 affects Google Chrome (component: Passwords) with an inappropriate implementation prior to version 149.0.7827.53. A remote attacker could entice a user to perform specific UI gestures, allowing leakage of cross-origin data via a crafted HTML page. Severity is labeled Low (CVSS 3.1:...
CVE-2026-11269
CVE-2026-11269 involves an inappropriate implementation in Google Chrome extensions that allows an attacker with a privileged network position to run arbitrary code in the sandbox via a crafted extension. Affected product: Google Chrome (Extensions component). Root cause: inappropriate extension ...
CVE-2026-11268
CVE-2026-11268 affects ANGLE in Google Chrome on Windows, with an uninitialized use that allows a remote attacker to leak cross-origin data via a crafted HTML page. The description indicates the issue exists in Chrome builds prior to version 149.0.7827.53, implying the fix is included in 149.0.78...
CVE-2026-11267
CVE-2026-11267 affects Google Chrome extensions. The root cause is insufficient policy enforcement in Chrome Extensions , allowing a user-witchedupler to bypass the site/content security policy when a malicious extension is installed. Affected component is the Chrome extension framework, with imp...
CVE-2026-11265
CVE-2026-11265 concerns Google Chrome’s Autofill. The issue is described as an inappropriate implementation that could allow a remote attacker to leak cross-origin data via a crafted HTML page. Affected software is Google Chrome (Chromium-based), with the fixed/patch version cited as 149.0.7827.5...
CVE-2026-11266
CVE-2026-11266 relates to an inappropriate implementation in SafeBrowsing in Google Chrome prior to 149.0.7827.53. This Chromium-based flaw could allow a remote attacker to bypass Safe Browsing by processing a malicious file. The vulnerability is described as low severity (CVSS v3.1: 4.3) with at...
CVE-2026-11263
CVE-2026-11263 involves insufficient policy enforcement in WebAuthentication for Google Chrome on Android. The issue allows a remote attacker who has compromised the renderer process to leak cross-origin data via a crafted HTML page. Affected software is Chrome on Android prior to version 149.0.7...
CVE-2026-11264
CVE-2026-11264 : Chrome/Chromium CSP policy bypass identified as a vulnerability affecting Chrome prior to 149.0.7827.53. A remote attacker could bypass the Content Security Policy via a crafted HTML page. Severity is low; attack vector is network with user interaction required. The remediation i...
CVE-2026-11261
Google Chrome is affected by CVE-2026-11261 due to an inappropriate implementation in the PDF handling within Chromium before version 149.0.7827.53. A remote attacker who has already compromised the renderer process could trigger UI spoofing by serving a crafted HTML page. The reported impact is ...
CVE-2026-11260
CVE-2026-11260 : In Google Chrome (Chromium-based) prior to 149.0.7827.53, an inappropriate Permissions implementation allows a remote attacker to bypass the Content Security Policy via a crafted HTML page. Impact is a CSP bypass; no exploit details are provided in the source documents. A patch t...
CVE-2026-11262
Use-after-free in TabStrip of Google Chrome before 149.0.7827.53 allows a remote attacker to execute arbitrary code via a crafted HTML page. Affected product: Google Chrome (Chromium-based); vulnerable component: TabStrip; root cause: use-after-free in TabStrip handling. CVSS v3.1 metrics indicat...
CVE-2026-11259
CVE-2026-11259 : In Google Chrome, the Cast feature allowed a remote attacker to bypass the same-origin policy due to insufficient validation of untrusted input. This affects Chrome versions prior to 149.0.7827.53. The issue is limited to a policy bypass and is described with a Low severity in Ch...
CVE-2026-11258
This CVE (CVE-2026-11258) affects Google Chrome’s File System Access and is due to an inappropriate implementation that allows a remote attacker to bypass discretionary access control when a user is persuaded by a crafted HTML page to perform specific UI gestures. Affected software: Chrome prior ...
CVE-2026-11256
CVE-2026-11256 : Integer overflow in Chrome’s GPU path before 149.0.7827.53 may allow a remote attacker who has compromised the renderer process to escape the sandbox via a crafted HTML page. Affected: Google Chrome (GPU/renderer). Root cause: integer overflow in GPU code. Impact: sandbox escape ...
CVE-2026-11255
The CVE-2026-11255 entry concerns Google Chrome’s Storage Access API. Insufficient validation of untrusted input in Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Affected software is Chrome (Stor...
CVE-2026-11257
CVE-2026-11257 affects Google Chrome prior to 149.0.7827.53. The issue is an inappropriate implementation in the browser that can allow a remote attacker to bypass navigation restrictions via a crafted HTML page. The CVSS 3.1 base score is 4.3 (Medium), with attack vector Network, complexity Low,...
CVE-2026-11253
CVE-2026-11253 affects Google Chrome prior to 149.0.7827.53. Insecure Permissions handling allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVSS 3.1: 4.3 (Medium); network attack vector, low complexity, no privileges, user interaction required. No exploitation details ...
CVE-2026-11254
Affected software: Google Chrome. The CVE-2026-11254 describes an insecure implementation in Permissions that allowed a remote attacker to perform UI spoofing via a crafted HTML page. The issue is tied to Chrome/Chromium before version 149.0.7827.53, with a stated remediation path implied by the ...
CVE-2026-11252
Technical details (affected product, versions, root cause, impact and exploit specifics) are not publicly available in the provided documents. Monitor updates from Chromium/Chrome advisories and associated ENISA/CVE sources for new information.
CVE-2026-11251
CVE-2026-11251 affects Google Chrome’s Password Manager. The root cause is insufficient policy enforcement, allowing a renderer-compromised remote attacker to bypass discretionary access control via a crafted HTML page. Affected software is Chrome prior to version 149.0.7827.53. The available sou...
CVE-2026-11250
CVE-2026-11250 concerns Google Chrome DevTools prior to version 149.0.7827.53. The issue is an inappropriate implementation in DevTools that allowed a remote attacker who had already compromised the renderer process to read potentially sensitive data from process memory via a crafted HTML page. P...
CVE-2026-11249
The CVE-2026-11249 entry describes a use-after-free in the Network component of Google Chrome affecting versions prior to 149.0.7827.53 . A remote attacker who has already compromised the renderer process could craft an HTML page to read potentially sensitive data from process memory. The connect...
CVE-2026-11248
The CVE covers an issue described as an inappropriate implementation in Google Lens within Google Chrome, before version 149.0.7827.53, allowing a remote attacker to bypass navigation restrictions via a crafted HTML page. The vulnerability affects Chrome/Lens behavior and is tagged with low Chrom...
CVE-2026-11247
Google Chrome on Android CustomTabs had insufficient policy enforcement before version 149.0.7827.53, allowing a remote attacker to leak cross-origin data via a crafted HTML page. Root cause: policy enforcement gaps in CustomTabs; impact: cross-origin data leakage. References indicate a patch in ...
CVE-2026-11245
CVE-2026-11245 affects Google Chrome (Payments) and is caused by an inappropriate implementation that allowed a remote attacker to perform UI spoofing via a crafted HTML page. Affected: Chrome versions before 149.0.7827.53. Impact is UI spoofing with no information disclosure or remote code execu...
CVE-2026-11244
The CVE-2026-11244 entry concerns Google Chrome’s WebAuthentication input validation. Affected component: WebAuthentication in Chrome (prior to 149.0.7827.53). Root cause: insufficient validation of untrusted input, enabling a remote attacker who compromised a renderer process to bypass the same-...
CVE-2026-11246
CVE-2026-11246 affects Google Chrome’s IndexedDB usage in the renderer, due to insufficient input validation. The issue allows a remote attacker who has compromised the renderer process to bypass the same-origin policy via a crafted HTML page. Affected behavior is limited to Chrome versions prior...
CVE-2026-11242
The CVE refers to Google Chrome before version 149.0.7827.53, where insufficient validation of untrusted input in Plugins could allow a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. The vulnerability is tied to the Plugins component; i...
CVE-2026-11243
CVE-2026-11243 involves Google Chrome (Chromium-based) where an inappropriate implementation in the Downloads component allows a remote attacker to bypass navigation restrictions via a crafted HTML page. Affected: Chrome before version 149.0.7827.53. Root cause: improper handling in Downloads lea...
CVE-2026-11241
Affected product: Google Chrome (Cast feature). Vulnerability: insufficient validation of untrusted input in Chrome prior to 149.0.7827.53 could allow privilege escalation. Root cause: untrusted HTML crafted page enabling local network attacker to escalate privileges. Impact: described as privile...
CVE-2026-11240
CVE-2026-11240 affects Google Chrome (Loader) with insufficient validation of untrusted input, allowing a remote attacker who has compromised the renderer process to bypass site isolation via a crafted HTML page. The issue is described for Chrome versions prior to 149.0.7827.53; exploitation deta...
CVE-2026-11239
CVE-2026-11239 affects Google Chrome extensions. Insecure or inappropriate implementation in Extensions prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to escalate privileges through a crafted HTML page. The CVSS score is 7.5 (HIGH) with impact to ...
CVE-2026-11236
Technical details for CVE-2026-11236 are not publicly available in the provided documents. Monitor for updates.
CVE-2026-11238
CVE-2026-11238 concerns the Google Chrome DevTools implementation. The connected documents state that an insecure DevTools path in Chrome prior to version 149.0.7827.53 allows a user-assisted attack: if a user installs a malicious extension, memory contents from affected processes may be exposed....
CVE-2026-11237
The CVE-2026-11237 entry concerns Google Chrome (Chromium-based) with the vulnerability in the Media component failing to validate untrusted input. A remote attacker who has compromised the renderer process could abuse a crafted HTML page to trigger UI spoofing. Affected versions are prior to 149...
CVE-2026-11235
The CVE-2026-11235 entry affects Google Chrome (Chromium base) in the Compositing path. Affected component: rendering/ compositor policy enforcement flaw that allowed a remote attacker, who had already compromised the renderer process, to execute arbitrary code inside the sandbox via a crafted HT...
CVE-2026-11234
CVE-2026-11234 affects Google Chrome prior to 149.0.7827.53. The issue is an incorrect implementation in FoldableAPIs that lets a remote attacker who has compromised the renderer process bypass site isolation via a crafted HTML page. The known impact is limited to bypassing site isolation, as des...
CVE-2026-11232
CVE-2026-11232 impacts Google Chrome TabGroups. The issue is an inappropriate implementation in TabGroups prior to version 149.0.7827.53, enabling a remote attacker to perform UI spoofing via malicious network traffic. Severity is indicated as Low. No remediation details are provided in the conne...
CVE-2026-11233
CVE-2026-11233 affects Google Chrome’s FoldableAPIs. The issue is insufficient policy enforcement allowing a remote attacker who has compromised the renderer process to bypass the same-origin policy via a crafted HTML page. Impact is limited to confidentiality (information exposure) and could ena...
CVE-2026-11231
The vulnerability CVE-2026-11231 affects Google Chrome on macOS, caused by an inappropriate implementation in Safe Browsing. A remote attacker could execute arbitrary code by convincing a user to open a malicious file, with the issue present in versions prior to 149.0.7827.53. Impact is described...
CVE-2026-11229
CVE-2026-11229 affects Google Chrome (Enterprise) with versions older than 149.0.7827.53. The issue is caused by an inappropriate implementation in Chrome’s Enterprise handling that enables a local attacker with physical access to escalate privileges. The vulnerability is classified as low severi...
CVE-2026-11230
The CVE-2026-11230 entry concerns Google Chrome Extensions use-after-free in the Extensions component, allowing a remote attacker to execute arbitrary code inside the sandbox via a crafted HTML page. Affected product/version: Google Chrome prior to 149.0.7827.53. Root cause: use-after-free in the...
CVE-2026-11227
Summary: CVE-2026-11227 affects Google Chrome’s Tab Hover Cards UI. The vulnerability is a mismatch in the security UI that could allow a remote attacker to spoof a domain via a crafted domain name. The issue is associated with Chrome versions before 149.0.7827.53 (Chromium security severity: Low...
CVE-2026-11228
The CVE-2026-11228 entry describes an Inappropriate implementation in Google Chrome’s File Input, prior to version 149.0.7827.53, enabling UI spoofing when a user is enticed into specific UI gestures via a crafted HTML page. Affected product: Google Chrome (Chromium-based). The underlying issue i...
CVE-2026-11226
The CVE affects Google Chrome on Android, where the PreviewTab’s policy enforcement is insufficient. A remote attacker could entice a user to perform specific UI gestures, enabling bypass of the same-origin policy via a crafted HTML page. Affected versions are Chrome for Android prior to 149.0.78...
CVE-2026-11224
CVE-2026-11224 describes a use-after-free in Chromoting for Google Chrome on Linux, before version 149.0.7827.53, that enables a remote attacker to execute arbitrary code via malicious network traffic. Chromium marks the severity as Low, but the base metrics show high impact on confidentiality, i...
CVE-2026-11225
CVE-2026-11225 affects Google Chrome WebUI prior to 149.0.7827.53, due to an inappropriate implementation in the WebUI component. The issue allows a remote attacker to perform domain spoofing via a crafted domain name. The vulnerability is categorized as Low severity (Chromium), with an exploit v...
CVE-2026-11223
CVE-2026-11223 describes insufficient validation of untrusted input in Google Chrome’s Network component prior to 149.0.7827.53. A remote attacker who has compromised the renderer process could bypass the same-origin policy via a crafted HTML page. The root cause is insufficient input validation ...