366549 matches found
CVE-2026-11077
CVE-2026-11077 affects Google Chrome (Dawn) and is caused by a bad cast in Dawn that allows a remote attacker to execute arbitrary code inside Chrome’s sandbox via a crafted HTML page. Affected version range is before 149.0.7827.53; the vulnerability is fixed in that release. The CVSS/metrics ind...
CVE-2026-11076
CVE-2026-11076 is a Type Confusion in CSS in Google Chrome before 149.0.7827.53, allowing a remote attacker to execute arbitrary code in a sandbox via a crafted HTML page. Affected software: Google Chrome (Chromium-based). The underlying issue is a CSS-related type confusion in the browser’s rend...
CVE-2026-11075
CVE-2026-11075 describes an out-of-bounds read in V8 within Google Chrome prior to 149.0.7827.53, enabling a remote attacker to potentially reading sensitive data from a process’s memory through a crafted HTML page. Affected component is V8 (JavaScript engine) in Chrome; impact is information dis...
CVE-2026-11073
CVE-2026-11073 describes a use-after-free in WebGL in Google Chrome prior to 149.0.7827.53 , enabling a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Affected software: Google Chrome (WebGL). Root cause: use-after-free in WebGL. Impact: c...
CVE-2026-11074
Summary: CVE-2026-11074 affects Google Chrome on Linux. Vulnerable component: WebRTC in Chrome. Root cause: use-after-free in WebRTC code path. Impact: remote attacker could execute arbitrary code by convincing a user to load a crafted HTML page. Version info: fixed in Chrome 149.0.7827.53 (prior...
CVE-2026-11070
CVE-2026-11070 affects Chromoting in Google Chrome on Windows, where insufficient validation of untrusted input could allow a sandbox escape via malicious network traffic, if an attacker compromised the network process. The vulnerability is triggered by untrusted network data in Chromoting prior ...
CVE-2026-11072
The CVE-2026-11072 issue affects WebView in Google Chrome on Android (before version 149.0.7827.53). The root cause is a use-after-free in WebView, enabling a local attacker to execute arbitrary code via a malicious file. The provided sources indicate the impact as local code execution with a Med...
CVE-2026-11071
CVE-2026-11071 describes a use-after-free in Base within Google Chrome on Linux prior to version 149.0.7827.53. The issue allows a remote attacker who has compromised the renderer process to read potentially sensitive information from process memory via a crafted HTML page. Affected product: Goog...
CVE-2026-11068
Summary: CVE-2026-11068 is a use-after-free in Chrome’s WebSockets implementation that could allow remote code execution inside a sandbox. The issue affects Google Chrome builds prior to version 149.0.7827.53. The vulnerability description across multiple sources aligns on the same root cause and...
CVE-2026-11069
CVE-2026-11069 concerns Google Chrome prior to 149.0.7827.53, where cast-related input validation on untrusted data is insufficient. The underlying issue permits a remote attacker to bypass the same-origin policy via a crafted HTML page, with the impact described as Medium. The vulnerability affe...
CVE-2026-11065
The CVE-2026-11065 issue is a use-after-free in ANGLE used by Google Chrome prior to 149.0.7827.53. If a renderer process is already compromised, an attacker could potentially escape the sandbox via a crafted HTML page. The impact is described as high/critical in overall runtime risk due to sandb...
CVE-2026-11066
The CVE-2026-11066 entry concerns Insufficient validation of untrusted input in ANGLE used by Google Chrome. Affected: ANGLE component within Chrome (pre-149.0.7827.53). Impact: allows a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Underlying cause: insufficien...
CVE-2026-11067
CVE-2026-11067 describes an uninitialized use in Dawn within Google Chrome before version 149.0.7827.53. The issue allows a remote attacker to potentially read sensitive information from process memory via a crafted HTML page. The connected sources confirm the vulnerability affects Dawn in Chrome...
CVE-2026-11063
The CVE-2026-11063 entry concerns Google Chrome on Windows, where insufficient validation of untrusted input in WebNN could allow a renderer-compromised attacker to escape the sandbox via a crafted HTML page. Affected component: WebNN in Chrome; root cause: input validation flaw in WebNN handling...
CVE-2026-11064
Technical details (affected product/component, root cause, impact, fixes) are not publicly available in the provided documents. Monitor for updates.
CVE-2026-11060
CVE-2026-11060 corresponds to a use-after-free in the Media component of Google Chrome on Windows, prior to version 149.0.7827.53. The underlying issue can allow a remote attacker to execute arbitrary code within the Chrome sandbox via a crafted HTML page. The vulnerability is tied to Chromium co...
CVE-2026-11061
CVE-2026-11061 involves a Type Confusion in ANGLE used by Google Chrome/Chromium before version 149.0.7827.53, which could enable a remote attacker to perform a sandbox escape via a crafted HTML page. Affected software is Google Chrome/Chromium with ANGLE integration; the underlying issue is type...
CVE-2026-11062
CVE-2026-11062 affects Google Chrome extensions: insufficient policy enforcement in Extensions allows an attacker to inject scripts/HTML into a privileged page when a user installs a crafted malicious extension. Impact is partial integrity compromise of privileged pages; exploit not confirmed in ...
CVE-2026-11059
The vulnerability CVE-2026-11059 affects Google Chrome’s Blink engine, with a use-after-free in Blink that could allow remote code execution inside the sandbox via a crafted HTML page. Affected are Chrome builds prior to 149.0.7827.53; remediation is to update to 149.0.7827.53 or newer (per Chrom...
CVE-2026-11058
Technical details for CVE-2026-11058 are not publicly available in the provided documents; monitor for updates.
CVE-2026-11057
Technical details are not publicly available in the provided documents. No specifics on affected components, versions beyond Chrome prior to 149.0.7827.53, or remediation are included. Monitor for updates from official advisories.
CVE-2026-11056
CVE-2026-11056 affects Google Chrome on Windows, in the Site Isolation feature. The vulnerability stems from insufficient validation of untrusted input, allowing a renderer-compromised attacker to potentially escape the sandbox via a crafted HTML page. The issue is linked to Chrome versions prior...
CVE-2026-11054
The CVE-2026-11054 entry covers a Use-After-Free in WebRTC for Google Chrome, prior to version 149.0.7827.53. The vulnerability could allow a remote attacker to execute arbitrary code inside Chrome’s sandbox via a crafted HTML page, with impact on confidentiality, integrity, and availability (hig...
CVE-2026-11055
CVE-2026-11055 concerns Google Chrome on Windows, where a use-after-free in ANGLE can be triggered by a crafted HTML page. The vulnerability allows a remote attacker to execute arbitrary code within the browser sandbox. Affected versions are Chrome prior to 149.0.7827.53 . There is no explicit ex...
CVE-2026-11052
Type Confusion in GPU in Google Chrome on Windows prior to 149.0.7827.53 allows a renderer-compromised attacker to potentially escape the sandbox via a crafted HTML page. Affected: Chrome on Windows; component: GPU/renderer pathway; root cause: type confusion in GPU handling. Impact is sandbox es...
CVE-2026-11051
CVE-2026-11051 describes an out-of-bounds read in ANGLE used by Google Chrome on Linux, enabling a remote attacker to potentially read sensitive process memory via a crafted HTML page. Affected component: ANGLE within Chrome. Underlying cause: out-of-bounds access in ANGLE handling of HTML conten...
CVE-2026-11049
The CVE-2026-11049 entry concerns a use-after-free in Google Chrome’s Password Manager (Chromium-based) prior to 149.0.7827.53, allowing a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Affected component: Password Manager; root cause: use-after-free. Impact: ...
CVE-2026-11050
CVE-2026-11050 describes a use-after-free in Google Chrome’s V8 engine, affecting versions prior to 149.0.7827.53. According to connected records, this allows a remote attacker to execute arbitrary code inside the Chrome sandbox via a crafted HTML page. Impact is stated as high for confidentialit...
CVE-2026-11048
CVE-2026-11048 affects Google Chrome extensions; root cause is an inappropriate implementation in Chrome’s Extensions that allows bypassing the same-origin policy via a crafted extension. Impact is partial (I) as per CVSS, with no confidentiality loss and high integrity impact. Affected component...
CVE-2026-11047
Google Chrome on Windows is affected by CVE-2026-11047 due to an inappropriate implementation in the Base component that could allow a sandbox escape if a renderer process is compromised. The issue affects Chrome versions prior to 149.0.7827.53. Impact is that a remote attacker could escape the s...
CVE-2026-11046
CVE-2026-11046: In Google Chrome, insufficient validation of untrusted input in the Media component allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside the sandbox via a crafted HTML page. Affected version range is before 149.0.7827.53; the issue is...
CVE-2026-11045
CVE-2026-11045 describes an vulnerability in Google Chrome's GPU pathway where there is insufficient validation of untrusted input in the GPU stack. A remote attacker who already compromised the renderer process could read potentially sensitive data from process memory by presenting a crafted HTM...
CVE-2026-11044
This CVE (CVE-2026-11044) affects ANGLE in Google Chrome on macOS, where an integer overflow in ANGLE allowed a remote attacker to read potentially sensitive data from process memory via a crafted HTML page. Affected software: Google Chrome on macOS with vulnerable ANGLE before version 149.0.7827...
CVE-2026-11043
CVE-2026-11043: Out-of-bounds write in ANGLE affecting Google Chrome on macOS prior to 149.0.7827.53. Likely allows a remote attacker who compromises the renderer to escape the sandbox via a crafted HTML page. Root cause: ANGLE out-of-bounds write. Remediation: update to Chrome 149.0.7827.53 or n...
CVE-2026-11042
CVE-2026-11042 is a use-after-free in Chrome’s Views component (Chromium) that could allow heap corruption. A crafted HTML page and user interaction (specific UI gestures) may trigger exploitation before Chrome build 149.0.7827.53. The issue affects Google Chrome (Views subsystem) and is tied to ...
CVE-2026-11040
Summary : CVE-2026-11040 describes a use-after-free in ANGLE used by Google Chrome/Chromium prior to 149.0.7827.53. If a renderer process is compromised, an attacker could potentially escape the sandbox by loading a crafted HTML page. The vulnerability is categorized with a Chromium security seve...
CVE-2026-11041
CVE-2026-11041 affects Google Chrome on Windows and involves insufficient validation of untrusted input in Media, allowing a sandbox escape if a renderer process is compromised. A crafted HTML page could trigger the escape. The vulnerability is tied to Chrome versions prior to 149.0.7827.53; the ...
CVE-2026-11039
CVE-2026-11039 describes an uninitialized use in Skia affecting Google Chrome prior to 149.0.7827.53, enabling a remote attacker to leak cross-origin data via a crafted HTML page. The vulnerability is tied to the Skia component within Chromium-based Chrome and is documented with a Medium severity...
CVE-2026-11037
CVE-2026-11037 describes an out-of-bounds write in Chrome’s Codecs component, affecting Google Chrome before version 149.0.7827.53. The issue could allow a remote attacker to potentially achieve a sandbox escape via a crafted video file. Chromium/Chrome lists the vulnerability with a Chromium sec...
CVE-2026-11038
CVE-2026-11038 affects Google Chrome’s Subresource Integrity policy enforcement. The vulnerability allows a remote attacker to bypass content security policy via malicious network traffic in Chrome versions prior to 149.0.7827.53. Affected component is Subresource Integrity enforcement within Chr...
CVE-2026-11034
The CVE-2026-11034 entry affects Google Chrome on Android, specifically the Tab Group Sync feature. The issue is insufficient validation of untrusted input, allowing a remote attacker to inject arbitrary scripts or HTML (UXSS) via malicious network traffic. Affects Chrome versions before 149.0.78...
CVE-2026-11036
CVE-2026-11036 affects Google Chrome before 149.0.7827.53 due to an inappropriate implementation in the DOM, enabling a remote attacker to bypass the same-origin policy via a crafted HTML page. The vulnerability is described across multiple sources (NVD/EUVD/CIRCL sighting) with the same core det...
CVE-2026-11035
CVE-2026-11035 describes an inappropriate implementation in Google Chrome for Android’s Custom Tabs prior to version 149.0.7827.53, enabling a local attacker to escalate privileges via a crafted XML file. The underlying issue is in the Custom Tabs integration, leading to total impact on confident...
CVE-2026-11033
CVE-2026-11033 affects Google Chrome on macOS due to an uninitialized use in WebML. The issue allows a remote attacker to potentially read sensitive data from process memory via a crafted HTML page. Affected software is Chrome on Mac, with the vulnerability described as occurring before Chrome ve...
CVE-2026-11032
CVE-2026-11032 affects Google Chrome's Password Manager. The issue stems from an inappropriate implementation in the Password Manager prior to Chrome 149.0.7827.53, allowing a remote attacker to leak cross-origin data via a crafted HTML page. The documented impact is cross-origin data exposure (C...
CVE-2026-11030
Mode C: Affects Google Chrome networking stack; Use-after-Free in Network component leads to heap corruption via crafted network traffic. Vulnerable before version 149.0.7827.53; exploitation depends on remote network input with user interaction. Patch is to update to Chrome 149.0.7827.53 or newe...
CVE-2026-11031
CVE-2026-11031 affects Google Chrome’s Password Manager. The issue is insufficient validation of untrusted input, enabling a remote attacker to trigger UI spoofing via malicious network traffic. Affects Chrome versions prior to 149.0.7827.53 (Chromium security severity: Medium). CVSS v3.1: Base s...
CVE-2026-11029
CVE-2026-11029 affects Google Chrome for Android prior to 149.0.7827.53. The issue is caused by insufficient validation of untrusted input in the Drag and Drop path, which could allow a renderer process that’s already been compromised to potentially escape the browser sandbox via a crafted HTML p...
CVE-2026-11027
Affected product: Google Chrome (Chromium-based renderer). Vulnerable component: Glic in the renderer process. Root cause: insufficient validation of untrusted input. Impact: remote attacker who already compromised the renderer can leak cross-origin data via a crafted HTML page (Medium severity; ...
CVE-2026-11028
Google Chrome on Linux and ChromeOS is affected by CVE-2026-11028 due to a use-after-free in the Media component, allowing a remote attacker who compromises the renderer to run arbitrary code in the sandbox via a crafted HTML page. The issue is instead mitigated in versions newer than 149.0.7827....