366548 matches found
CVE-2026-11176
CVE-2026-11176 describes an inappropriate media implementation in Google Chrome before 149.0.7827.53 that could allow a remote attacker to leak cross-origin data through a crafted HTML page. The vulnerability affects Chrome’s media handling and is rated Medium severity by Chromium, with network a...
CVE-2026-11175
CVE-2026-11175 affects Google Chrome on Android, involving the Messages security UI. The root cause is an incorrect security UI which allows UI spoofing via a crafted HTML page. Impact is a remote attacker potentially spoofing the UI. Remediation: upgrade Chrome to version 149.0.7827.53 or later....
CVE-2026-11174
CVE-2026-11174 describes an insecure Site Isolation implementation in Google Chrome/Chromium, allowing a remote attacker who has compromised the renderer process to bypass site isolation via a crafted HTML page. The issue stems from an inappropriate implementation in Site Isolation, and affects C...
CVE-2026-11173
CVE-2026-11173 describes an out-of-bounds write in V8 affecting Google Chrome builds prior to 149.0.7827.53. The issue allows a remote attacker who has compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. Affected component: V8 in Chrome; vulnerabil...
CVE-2026-11170
CVE-2026-11170 describes an insecure implementation in Chromoting within Google Chrome on Linux, where a remote attacker could achieve OS‑level privilege escalation through malicious network traffic prior to Chrome/Chromium 149.0.7827.53. The issue affects the Chromoting component and is identifi...
CVE-2026-11172
Technical details about CVE-2026-11172 are not publicly available in the provided documents; monitor sources for updates.
CVE-2026-11171
CVE-2026-11171 describes an integer overflow in Blink of Google Chrome, affecting the browser prior to version 149.0.7827.53. This vulnerability could allow a remote attacker to execute arbitrary code inside the sandbox via a crafted HTML page. The available references indicate a Chrome stable-ch...
CVE-2026-11169
The CVE-2026-11169 issue affects Google Chrome (Chromium-based) and is described as an inappropriate XML implementation that enables UXSS via a crafted XML file. Affected software is Chrome prior to version 149.0.7827.53. The underlying cause is an improper XML handling path within Chrome/Chromiu...
CVE-2026-11168
CVE-2026-11168 affects Google Chrome extensions; vulnerability arises from an inappropriate implementation in Extensions prior to version 149.0.7827.53. If the renderer process is compromised, a remote attacker could obtain potentially sensitive information from the process memory via a crafted H...
CVE-2026-11166
CVE-2026-11166 concerns an Inappropriate implementation in SVG in Google Chrome (Chromium) prior to 149.0.7827.53. The vulnerability allows a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. Affected software is Google Chrome’s SVG handling in the Chromium stack...
CVE-2026-11167
CVE-2026-11167 affects WebView in Google Chrome on Android, prior to version 149.0.7827.53. The issue is described as an “inappropriate implementation in WebView” that could allow a remote attacker who has compromised the renderer process to achieve a sandbox escape via a crafted HTML page. The r...
CVE-2026-11165
CVE-2026-11165 describes a use-after-free in WebMIDI for Google Chrome on iOS, prior to version 149.0.7827.53. The vulnerability could allow a remote attacker to potentially perform a sandbox escape via a crafted HTML page. The description also notes Chromium security severity as Medium and shows...
CVE-2026-11163
CVE-2026-11163 describes a use-after-free in Messages for Google Chrome on Android, prior to version 149.0.7827.53, enabling a remote attacker to potentially escape the Chrome sandbox via a crafted HTML page. The underlying issue is a memory safety flaw in the Android Messages interaction, leadin...
CVE-2026-11164
CVE-2026-11164 describes a use-after-free in Blink of Google Chrome before 149.0.7827.53, enabling a remote attacker to execute arbitrary code inside the sandbox via a crafted HTML page. The connected documents confirm the component (Blink), impact (remote code execution in sandbox), and affected...
CVE-2026-11162
CVE-2026-11162 affects Google Chrome via an inappropriate CSS implementation in Chromium, enabling a remote attacker to leak cross-origin data through a crafted HTML page. Impact is described as Medium (CVSS 3.1: 4.3). Affected versions are Chrome prior to 149.0.7827.53; mitigation is to upgrade ...
CVE-2026-11161
CVE-2026-11161 affects Google Chrome due to an inappropriate implementation in DataTransfer. A crafted HTML page can leak cross-origin data, as described for Chrome versions prior to 149.0.7827.53. The described impact is a cross-origin data leak with Medium severity. The fix is to update to Chro...
CVE-2026-11159
CVE-2026-11159 affects Google Chrome (Chrome desktop) via an uninitialized use in Skia leading to potential leakage of cross-origin data from a crafted HTML page. Affected version range is prior to 149.0.7827.53 ; the issue is categorized as a Chromium-level vulnerability with a Medium severity. ...
CVE-2026-11160
CVE-2026-11160 affects Google Chrome on Linux, with an out-of-bounds read in Input reported prior to version 149.0.7827.53 . A crafted HTML page could allow a remote attacker to read potentially sensitive information from the process memory. The Chromium-based issue is classified as Medium severi...
CVE-2026-11158
Google Chrome on macOS is affected by CVE-2026-11158 due to insufficient validation of untrusted input in Downloads. A local attacker could potentially escape the sandbox via a crafted AppleScript command, with the issue present in versions prior to 149.0.7827.53. The vulnerability, described as ...
CVE-2026-11157
Summary: CVE-2026-11157 is a UXSS vulnerability in Google Chrome’s Accessibility feature exploitable via a crafted Chrome Extension. The issue occurs in Chrome builds prior to 149.0.7827.53 and could allow an attacker, by convincing a user to install a malicious extension, to inject arbitrary scr...
CVE-2026-11156
CVE-2026-11156 affects Google Chrome before 149.0.7827.53 due to an inappropriate CSS implementation that allows a remote attacker to leak cross-origin data via a crafted HTML page. The vulnerability is rooted in how CSS handles cross-origin data, enabling data exposure without user interaction b...
CVE-2026-11155
CVE-2026-11155 describes an inappropriate implementation in CSS in Google Chrome that, before version 149.0.7827.53, allowed a remote attacker to leak cross-origin data via a crafted HTML page. The underlying issue is in Chrome’s CSS handling (Chromium-based), creating potential cross-origin data...
CVE-2026-11154
CVE-2026-11154 affects Google Chrome (Dawn component) with a use-after-free in Dawn prior to Chrome 149.0.7827.53. The vulnerability could allow a remote attacker who has already compromised the renderer process to escape the browser sandbox via a crafted HTML page. This is a Chromium-based issue...
CVE-2026-11152
The CVE refers to an object lifecycle issue in Dawn within Google Chrome, exploitable before version 149.0.7827.53. A remote attacker could potentially perform a sandbox escape via a crafted HTML page. The Chromium note marks the security severity as Medium. Affected component: Dawn in Google Chr...
CVE-2026-11153
The CVE C-2026-11153 affects Google Chrome (Chromium-based) and describes a side-channel information leak in Forms that allowed a remote attacker to exfiltrate cross-origin data via a crafted HTML page. Affected versions are prior to 149.0.7827.53; the issue is remedied by updating Chrome to the ...
CVE-2026-11151
The CVE-2026-11151 entry concerns Google Chrome where the Password Manager component improperly validates untrusted input. A renderer process that has been compromised could be exploited via a crafted HTML page to escape the sandbox. Affected version range is Chrome prior to 149.0.7827.53. The is...
CVE-2026-11149
The CVE-2026-11149 entry concerns Google Chrome Extensions with insufficient validation of untrusted input, enabling privilege escalation when a renderer process is compromised. Affected software: Google Chrome prior to version 149.0.7827.53. Root cause: untrusted input validation in Extensions. ...
CVE-2026-11150
Summary: CVE-2026-11150 is an UXSS (arbitrary script/HTML) in Chrome due to an inappropriate XML implementation. Affected product: Google Chrome (Chromium base); vulnerable component: XML handling in the browser; root cause: improper XML processing leads to script/HTML injection via a crafted HTM...
CVE-2026-11148
The CVE-2026-11148 entry affects Google Chrome on Android prior to version 149.0.7827.53 due to an inappropriate implementation in Payments , allowing a local attacker to leak cross-origin data via a crafted HTML page. Connected sources confirm the same description across multiple feeds; no expli...
CVE-2026-11147
The CVE-2026-11147 vulnerability is a use-after-free in WebML within Google Chrome for Windows, located in the Chromium-based WebML implementation. The issue allows a remote attacker to execute arbitrary code inside the sandbox via a crafted HTML page. Affected software/version: Google Chrome on ...
CVE-2026-11145
Consolidated details show a vulnerability in Google Chrome for Android (affected component: Geolocation) due to a race condition, allowing a remote attacker to leak cross-origin data via a crafted HTML page. Impact is described as Confidentiality HIGH with no integrity/availability impact, CVSS b...
CVE-2026-11146
This CVE (CVE-2026-11146) concerns Google Chrome/Chromium Chromoting with insufficient validation of untrusted input. The vulnerability could allow a remote attacker who has compromised the renderer process to escape the sandbox via a crafted HTML page. Affected: Chromoting in Google Chrome befor...
CVE-2026-11143
CVE-2026-11143 concerns Google Chrome on Linux prior to 149.0.7827.53, where an issue in the Extensions component (described variously as a heap/buffer issue and an out-of-bounds read) could allow an attacker who persuades a user to install a malicious extension to extract potentially sensitive d...
CVE-2026-11142
CVE-2026-11142 affects Google Chrome (Chromium-based) via insufficient policy enforcement in Paint, allowing a remote attacker to bypass the same-origin policy through a crafted HTML page. The issue originates in Chromium/Paint handling and is associated with a fix in Chrome’s 149.0.7827.53 timef...
CVE-2026-11144
Consolidated details for CVE-2026-11144: A use-after-free in the Media component of Google Chrome (Chromium-based) allows a remote attacker to execute arbitrary code inside Chrome’s sandbox via a crafted video file. Affected software: Google Chrome versions before 149.0.7827.53. Root cause: use-a...
CVE-2026-11140
CVE-2026-11140 corresponds to an out-of-bounds read in Chromecast within Google Chrome before version 149.0.7827.53. The issue is triggered when a renderer process is compromised and processes a crafted HTML page, allowing a remote attacker to read potentially sensitive information from the proce...
CVE-2026-11141
This entry concerns CVE-2026-11141: Uninitialized Use in Audio in Google Chrome prior to version 149.0.7827.53. The underlying issue is in the Audio component within Chromium that allows a remote attacker who has already compromised the renderer process to cause uninitialized memory reads, potent...
CVE-2026-11139
CVE-2026-11139 affects Google Chrome (Paint) with an inappropriate implementation that allowed a remote attacker to leak cross-origin data via a crafted HTML page. The issue is in Chromium-based Chrome prior to version 149.0.7827.53. Impact per available data is cross-origin data leakage (no repo...
CVE-2026-11138
CVE-2026-11138 affects Google Chrome via an uninitialized use flaw in ANGLE. The vulnerability could allow a remote attacker to leak cross-origin data through a crafted HTML page, involving a network attack vector with low attack complexity but requiring user interaction. The published data indic...
CVE-2026-11137
CVE-2026-11137 is an uninitialized-use flaw in ANGLE within Google Chrome prior to 149.0.7827.53, allowing a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Affected component: ANGLE in Chromium-based Chrome; root cause: uninitialized memor...
CVE-2026-11136
CVE-2026-11136: Use-after-free in Canvas in Google Chrome before 149.0.7827.53 allows a remote attacker to execute arbitrary code inside the sandbox via a crafted HTML page. Affected product: Google Chrome (Canvas component); root cause: use-after-free condition in Canvas handling. Impact: potent...
CVE-2026-11135
CVE-2026-11135 describes insufficient policy enforcement in Chrome Autofill, allowing a remote attacker to bypass discretionary access control via a crafted HTML page. Affected software is Google Chrome (Chromium) prior to 149.0.7827.53. Root cause: incomplete enforcement of policy in Autofill fu...
CVE-2026-11133
CVE-2026-11133: Affected software is Google Chrome (Chromium-based) prior to 149.0.7827.53. The issue is reported as Insufficient policy enforcement in Paint, enabling a remote attacker to bypass same-origin policy via a crafted HTML page. Root cause is described as insufficient policy enforcemen...
CVE-2026-11134
CVE-2026-11134 arises from an insufficient data validation issue in the Media component of Google Chrome (Chromium-based) before version 149.0.7827.53. The flaw could allow a remote attacker to leak cross-origin data via a crafted HTML page. The description and connected sources consistently indi...
CVE-2026-11130
CVE-2026-11130 affects Google Chrome on all platforms, with a use-after-free in Media that allows remote code execution inside the sandbox via a crafted HTML page. Affects Chrome versions prior to 149.0.7827.53; the vulnerability’s impact is described as high (CVE metrics show CVSSv3.1: AV:N/AC:L...
CVE-2026-11131
CVE-2026-11131 affects Google Chrome on Android. A use-after-free in Autofill can be triggered in the renderer, potentially allowing a remote attacker who has compromised the renderer process to escape the sandbox via a crafted HTML page. Impact is a sandbox escape with high confidentiality, inte...
CVE-2026-11132
CVE-2026-11132 affects Google Chrome (Chromium-based) Paint: insufficient policy enforcement enables a remote attacker to bypass the same-origin policy via a crafted HTML page. Impact: cross-origin handling is bypassable in Paint prior to 149.0.7827.53. Root cause: policy enforcement weakness in ...
CVE-2026-11129
This CVE concerns Google Chrome Extensions with an inappropriate implementation in Chrome prior to 149.0.7827.53. The issue allows a remote attacker to leak cross-origin data through a crafted HTML page, as described (Chromium security severity: Medium). Affected product: Chrome (Extensions compo...
CVE-2026-11128
Summary of CVE-2026-11128 : In Google Chrome (Chromium-based) before 149.0.7827.53, an inappropriate Web Share implementation could leak cross-origin data when a user performed specific UI gestures on a crafted HTML page. This is rooted in Chromium’s Web Share handling and is addressed in Chromiu...
CVE-2026-11125
CVE-2026-11125 : A use-after-free in Chrome’s Compositing path allows a remote attacker to execute arbitrary code inside the sandbox via a crafted HTML page. Affected software is Google Chrome (Chromium-based); the underlying issue is a use-after-free in the Compositing component. Impact is a rem...