CVE-2026-11227

Summary: CVE-2026-11227 affects Google Chrome’s Tab Hover Cards UI. The vulnerability is a mismatch in the security UI that could allow a remote attacker to spoof a domain via a crafted domain name. The issue is associated with Chrome versions before 149.0.7827.53 (Chromium security severity: Low...

CVE-2026-11224

CVE-2026-11224 describes a use-after-free in Chromoting for Google Chrome on Linux, before version 149.0.7827.53, that enables a remote attacker to execute arbitrary code via malicious network traffic. Chromium marks the severity as Low, but the base metrics show high impact on confidentiality, i...

CVE-2026-11225

CVE-2026-11225 affects Google Chrome WebUI prior to 149.0.7827.53, due to an inappropriate implementation in the WebUI component. The issue allows a remote attacker to perform domain spoofing via a crafted domain name. The vulnerability is categorized as Low severity (Chromium), with an exploit v...

CVE-2026-11223

CVE-2026-11223 describes insufficient validation of untrusted input in Google Chrome’s Network component prior to 149.0.7827.53. A remote attacker who has compromised the renderer process could bypass the same-origin policy via a crafted HTML page. The root cause is insufficient input validation ...

CVE-2026-11221

Affected software: Google Chrome. Vulnerable component: PointerLock (Chromium). Root cause: insufficient validation of untrusted input. Impact: remote attacker with renderer access can spoof UI via crafted HTML page (Low severity). Affected versions: Chrome prior to 149.0.7827.53. Exploitation co...

CVE-2026-11222

This CVE (CVE-2026-11222) affects Google Chrome (Chromium engine) and concerns an incorrect security UI in the Tab Strip that enables domain spoofing via a crafted HTML page. The vulnerability is tied to Chrome versions before 149.0.7827.53. Impact is described as a low-severity Chromium issue wi...

CVE-2026-11219

CVE-2026-11219 concerns Google Chrome: an Inappropriate implementation in Navigation allows bypassing navigation restrictions via a crafted HTML page. Affected software is Chrome prior to version 149.0.7827.53. The underlying issue is described as an improper/navigation-related implementation in ...

CVE-2026-11220

CVE-2026-11220 : The provided documents indicate a vulnerability in Google Chrome related to the Navigation component, caused by insufficient validation of untrusted input. This weakness exists in Chrome versions prior to 149.0.7827.53 and could let a remote attacker who has already compromised t...

CVE-2026-11217

CVE-2026-11217 describes an inappropriate implementation in Google Chrome's Fenced Frames that, before version 149.0.7827.53, could allow a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. The vulnerability is labeled with Low severity in ...

CVE-2026-11218

CVE-2026-11218 affects Google Chrome on Windows prior to 149.0.7827.53. The root cause is an inappropriate implementation in PlatformIntegration, enabling a remote attacker to trigger arbitrary code execution when a user is persuaded to perform specific UI gestures with a malicious file. This is ...

CVE-2026-11216

CVE-2026-11216 concerns Google Chrome (Chromium-based) with an incorrect security UI in the File Input. The description states a remote attacker could convince a user to perform specific UI gestures on a crafted HTML page to achieve UI spoofing. The impact is UI spoofing via the file input UI, wi...

CVE-2026-11214

CVE-2026-11214 affects Chrome for iOS (Google Chrome on iOS) due to an inappropriate implementation. On versions prior to 149.0.7827.53, a remote attacker could leak cross-origin data via a crafted HTML page. Severity is Medium (CVSS base 6.5). Remediation: update to 149.0.7827.53 or later. If de...

CVE-2026-11215

CVE-2026-11215 concerns an insecure/incorrect Cronet implementation in Google Chrome on Android prior to version 149.0.7827.53, enabling a remote attacker to spoof a domain via a crafted domain name. The vulnerability arises in Cronet’s domain handling and is described with a Chromium security se...

CVE-2026-11213

Google Chrome Reading Mode is affected by CVE-2026-11213 due to insufficient validation of untrusted input, allowing a remote attacker who has compromised the renderer process to potentially escape the sandbox via a crafted HTML page. The vulnerability is present in Chrome versions prior to 149.0...

CVE-2026-11211

This CVE (CVE-2026-11211) affects Google Chrome’s V8 engine prior to version 149.0.7827.53. The root cause is an integer overflow in V8 that can be triggered by a crafted HTML page, enabling remote code execution within Chrome’s sandbox. Public references confirm the vulnerability in Chrome/Chrom...

CVE-2026-11212

The CVE-2026-11212 affects Google Chrome (DevTools) prior to version 149.0.7827.53, where insufficient policy enforcement in DevTools could allow a user- tricked to install a malicious extension to leak cross-origin data. The root cause is policy enforcement gaps in DevTools that enable data exfi...

CVE-2026-11209

CVE-2026-11209 applies to Google Chrome, affecting the Passwords implementation prior to version 149.0.7827.53. The issue arises from an inappropriate implementation that allows a remote attacker who has compromised the renderer process to read potentially sensitive information from process memor...

CVE-2026-11210

CVE-2026-11210 concerns Google Chrome’s Safe Browsing component. The issue is an inappropriate implementation that allows a remote attacker to bypass discretionary access control via a crafted RAR file, affecting Chrome builds prior to 149.0.7827.53 . The vulnerability is remote, requires user in...

CVE-2026-11206

This CVE concerns Google Chrome’s ServiceWorker: insufficient policy enforcement allows a remote attacker to leak cross-origin data via a crafted HTML page. Vulnerable are Chrome versions prior to 149.0.7827.53; the issue’s impact is cross-origin data disclosure with a network attacker, requiring...

CVE-2026-11208

The CVE-2026-11208 issue affects Google Chrome (Codecs) and is caused by a use-after-free vulnerability in Codecs, exploitable via a crafted HTML page to leak potentially sensitive data from process memory. Affected products are Chrome versions before 149.0.7827.53. The impact is information disc...

CVE-2026-11207

Summary: CVE-2026-11207 affects Google Chrome Autofill in Chromium-based builds prior to 149.0.7827.53. The root cause is insufficient validation of untrusted input in Autofill, which could allow a remote attacker to potentially perform a sandbox escape via malicious network traffic. What is affe...

CVE-2026-11204

CVE-2026-11204 describes an inappropriate implementation in the Signin flow of Google Chrome on iOS before 149.0.7827.53 that allows a remote attacker to bypass navigation restrictions via a crafted HTML page. The vulnerability is in the Chromium-based iOS Signin function, with a Network attack v...

CVE-2026-11205

CVE-2026-11205 concerns Insufficient validation of untrusted input in Chrome for iOS (Google Chrome on iOS) up to build 149.0.7827.53, enabling a remote attacker to cause UXSS if a user performs specific UI gestures prompted by a crafted QR code. The advisory notes a Medium severity (CVSS 3.1: AV...

CVE-2026-11203

CVE-2026-11203 describes an inappropriate implementation in the GPU component of Google Chrome on macOS , affected prior to version 149.0.7827.53 . This flaw could allow a remote attacker to leak cross-origin data via a crafted HTML page, with the impact described as high confidentiality risk and...

CVE-2026-11202

Summary: CVE-2026-11202 concerns Chrome for iOS (Google Chrome on iOS) prior to 149.0.7827.53, where an inappropriate implementation allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. The vulnerability is tied to Chromium-based behavior on iOS, with a mediu...

CVE-2026-11199

CVE-2026-11199 affects Google Chrome WebRTC. The issue is described as an “inappropriate implementation” in WebRTC that, in Chrome versions prior to 149.0.7827.53, could allow a privileged-network attacker to leak cross-origin data via malicious network traffic. The CVE is categorized with a Chro...

CVE-2026-11201

The CVE-2026-11201 entry reports a use-after-free in Chrome’s ServiceWorker that could allow arbitrary code execution when a user is convinced to install a crafted Chrome Extension, affecting Google Chrome versions prior to 149.0.7827.53. The vulnerability is linked to the Chromium-based extensio...

CVE-2026-11200

CVE-2026-11200 concerns Google Chrome’s WebRTC implementation. A faulty WebRTC handling introduced in Chrome versions before 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. The CVSS metrics indicateNETWORK attack vector, low to moderate access complexity...

CVE-2026-11198

CVE-2026-11198 describes an issue in Google Chrome where insufficient validation of untrusted input in the Codecs component could enable a remote attacker to cause a sandbox escape via a crafted video file. Affected product: Google Chrome (Chromium-based). Root cause: insufficient input validatio...

CVE-2026-11197

CVE-2026-11197 affects Google Chrome: insufficient policy enforcement in Workers allows a remote attacker who has compromised the renderer to bypass the same-origin policy via a crafted HTML page, prior to version 149.0.7827.53 . Documented impact is a Medium severity; exploitation status is not ...

CVE-2026-11196

CVE-2026-11196: Type confusion in XML handling in Google Chrome prior to 149.0.7827.53. The issue originates in Chrome/Chromium’s XML processing and could allow a remote attacker to read potentially sensitive information from process memory via a crafted XML file. Impact is labeled Medium; confid...

CVE-2026-11195

CVE-2026-11195 : In Google Chrome, an inappropriate implementation in MHTML handling allows a remote attacker to leak cross-origin data via a crafted HTML page when a user is induced to perform specific UI gestures. Affected product/component: Chrome/MHTML. Root cause: improper implementation in ...

CVE-2026-11192

AffectedSoftware : Google Chrome (Password Manager). Vulnerability : Insufficient validation of untrusted input in Password Manager allows a remote attacker to perform UI spoofing via malicious network traffic. Impact : UI spoofing could mislead users or steal credentials if leveraged against the...

CVE-2026-11193

Affected software: Google Chrome Password Manager (Chromium). Condition: Insufficient policy enforcement allows a remote attacker to bypass discretionary access control via a crafted HTML page in Chrome versions prior to 149.0.7827.53. Impact: attacker can bypass DAC; CVSS shows Network vector, E...

CVE-2026-11194

CVE-2026-11194 concerns Google Chrome’s network stack: an inappropriate implementation enables a remote attacker to leak cross-origin data via a crafted HTML page. Affected software is Chrome prior to 149.0.7827.53. The vulnerability stems from the Network component/root cause described in the co...

CVE-2026-11191

CVE-2026-11191 affects ANGLE in Google Chrome. The issue is an out-of-bounds memory access when handling crafted HTML pages, enabling remote attackers to trigger memory access issues. The public detail notes this occurs in Chrome before and up to version 149.0.7827.53; patch: update to Chrome 149...

CVE-2026-11190

CVE-2026-11190 affects Google Chrome extensions: an attacker could bypass discretionary access control by convincing a user to install a crafted extension, via an inappropriate implementation in Extensions prior to 149.0.7827.53. Impact is described as Medium; the issue is mitigated by updating C...

CVE-2026-11188

The connected sources confirm CVE-2026-11188 is a use-after-free in the USB handling of Google Chrome on Android, prior to version 149.0.7827.53, enabling a remote attacker to potentially escape the sandbox via a crafted HTML page. Affected software: Google Chrome on Android; vulnerable component...

CVE-2026-11189

CVE-2026-11189 affects Google Chrome DevTools; the root cause is insufficient validation of untrusted input in DevTools, allowing a crafted Chrome Extension to bypass navigation restrictions. Affected software is Chrome with DevTools prior to 149.0.7827.53. Remediation: update Chrome to 149.0.782...

CVE-2026-11186

CVE-2026-11186: In Google Chrome, an inappropriate CSS implementation allows UXSS via a crafted HTML page. Affected are Chrome versions prior to 149.0.7827.53 (based on the description); the underlying issue is a faulty CSS handling in Chrome/Chromium that enables remote script/HTML injection. Im...

CVE-2026-11187

CVE-2026-11187 affects Google Chrome prior to 149.0.7827.53 due to an inappropriate implementation in Glic that allowed a remote attacker to bypass navigation restrictions with a crafted HTML page. Impact is described as a module-level navigation bypass with MEDIUM severity (CVSS 6.3). The vulner...

CVE-2026-11185

CVE-2026-11185 is a use-after-free in Google Chrome’s V8 engine, affecting Chrome builds prior to 149.0.7827.53. An attacker could lure a user to install a crafted malicious extension and achieve arbitrary code execution inside the sandbox. Affected component: V8 in Chrome. Root cause: use-after-...

CVE-2026-11182

CVE-2026-11182 involves an inappropriate SVG implementation in Google Chrome before 149.0.7827.53 that could allow a remote attacker to leak cross-origin data via a crafted HTML page. The underlying issue is in the SVG handling within Chromium-based Chromium builds, leading to cross-origin data e...

CVE-2026-11183

CVE-2026-11183 describes an out-of-bounds read in GWP-ASan used by Google Chrome, allowing a local attacker to read potentially sensitive data from a process’s memory via a malicious file. Affected software: Google Chrome (GWP-ASan component). Impact: potential exposure of sensitive information; ...

CVE-2026-11184

CVE-2026-11184 affects Google Chrome (Chromium-backed) prior to 149.0.7827.53, where insufficient policy enforcement in the Actor component could allow a remote attacker to bypass navigation restrictions through a crafted HTML page. The vulnerability is rated Medium, with network attack vector, n...

CVE-2026-11181

The CVE-2026-11181 case concerns Google Chrome’s Media Session implementation, where an inappropriate implementation allowed a remote attacker to bypass the same-origin policy via a crafted HTML page. Affected: Google Chrome prior to version 149.0.7827.53. Severity is stated as Medium. The descri...

CVE-2026-11180

CVE-2026-11180 describes an insecure SVG handling in Google Chrome before version 149.0.7827.53, where an improper implementation could allow a remote attacker to leak cross-origin data via a crafted HTML page. The impact is data disclosure with network access as the attack vector, and user inter...

CVE-2026-11177

The CVE describes a use-after-free in Chrome’s Omnibox prior to version 149.0.7827.53, where a remote attacker could trigger heap corruption by enticing a user to perform specific UI gestures on a crafted HTML page. Affected software is Google Chrome (Omnibox component); underlying cause is a use...

CVE-2026-11178

Technical details about CVE-2026-11178 are not publicly available in the supplied documents. Monitor for updates from official advisories and vendor notices.

CVE-2026-11179

CVE-2026-11179 concerns Google Chrome/Chromium: an inappropriate ORB implementation allowed a remote attacker to bypass site isolation via a crafted HTML page. Affected software: Chrome prior to version 149.0.7827.53. The impact is described as bypassing site isolation, enabling potential cross-o...