366550 matches found
CVE-2026-11028
Google Chrome on Linux and ChromeOS is affected by CVE-2026-11028 due to a use-after-free in the Media component, allowing a remote attacker who compromises the renderer to run arbitrary code in the sandbox via a crafted HTML page. The issue is instead mitigated in versions newer than 149.0.7827....
CVE-2026-11026
CVE-2026-11026 affects Google Chrome extensions. An inappropriate implementation in Chrome extensions prior to 149.0.7827.53 can let an attacker, by convincing a user to install a malicious extension, bypass navigation restrictions via a crafted Chrome Extension. This vulnerability is described w...
CVE-2026-11025
CVE-2026-11025 is a Chromium/Google Chrome (Android) vulnerability: insufficient policy enforcement in Navigation allows bypassing the Content Security Policy via a crafted HTML page. The issue affects Chrome versions prior to 149.0.7827.53; multiple connected advisories note fixes in 149.0.7827....
CVE-2026-11023
The CVE-2026-11023 issue affects Google Chrome prior to 149.0.7827.53 and is caused by an inappropriate implementation in the WebAppInstalls component. The vulnerability could allow a remote attacker who has compromised the renderer process to bypass the same-origin policy via a crafted HTML page...
CVE-2026-11022
CVE-2026-11022 affects Google Chrome/Chromium prior to 149.0.7827.53 with insufficient validation of untrusted input in DevTools, enabling a remote attacker who has compromised the renderer to bypass same-origin policy via a crafted HTML page. Debian advisories (DSA-6325) confirm fixes in chromiu...
CVE-2026-11024
CVE-2026-11024: A stack buffer overflow in Skia used by Google Chrome/Chromium prior to 149.0.7827.53 allows remote exploitation via a crafted HTML page, potentially causing stack corruption. Multiple connected sources confirm affected components and versions (Chromium/Skia, Chrome upstream), wit...
CVE-2026-11020
CVE-2026-11020 concerns Google Chrome (Chromium-based) extensions. The initial description and connected advisories confirm an inappropriate implementation in Extensions that could allow a remote attacker to leak cross-origin data via a crafted XML file. The vulnerability is tied to Chrome versio...
CVE-2026-11021
CVE-2026-11021 : Concrete details across connected docs show that in Google Chrome on Windows prior to 149.0.7827.53, the GPU component suffers from insufficient validation of untrusted input, potentially enabling a remote attacker who has compromised the renderer process to escape the sandbox vi...
CVE-2026-11019
CVE-2026-11019 affects Google Chrome on Android prior to 149.0.7827.53, due to an inappropriate implementation in the Payments component that allowed domain spoofing when a renderer process is compromised. The Debian advisories confirm fixes in Chrome 149.0.7827.53 packages (e.g., 149.0.7827.53-1...
CVE-2026-11018
CVE-2026-11018 affects Google Chrome (Chromium-based). The issue is described as insufficient policy enforcement in the Actor component, enabling a remote attacker to bypass navigation restrictions via a crafted HTML page. Impact is described as allow bypass of navigation restrictions; no other e...
CVE-2026-11016
CVE-2026-11016: Insufficient validation of untrusted input in Network in Google Chrome (Chromium-based) prior to 149.0.7827.53 allows a renderer-compromised attacker to bypass the same-origin policy via a crafted HTML page. Publicly referenced disclosures include Debian/openSUSE advisories and Ch...
CVE-2026-11015
CVE-2026-11015 is an out-of-bounds read in WebGPU in Google Chrome/Chromium prior to 149.0.7827.53. Debian and openSUSE advisories show that Chromium/Chrome 149.0.7827.53 fixes this and related issues (CVE-2026-10881…11015 family) with patches to chromium, Chrome stable, and backports. The issue ...
CVE-2026-11017
CVE-2026-11017 affects Google Chrome/Chromium: Inappropriate implementation in Link Preview allows a renderer-compromised remote attacker to bypass navigation restrictions with a crafted HTML page. Debian/Chromium advisories fix the issue in Chromium/Chrome to 149.0.7827.53 (e.g., Debian: 149.0.7...
CVE-2026-11014
CVE-2026-11014 is a Chromium/Google Chrome issue described across connected advisories as: Insufficient policy enforcement in Extensions that could let an attacker bypass site isolation when a user is convinced to install a malicious extension. Affected products/versions referenced in the documen...
CVE-2026-11013
CVE-2026-11013 involves an insufficient validation of untrusted input in the Chromium network component, affecting Google Chrome/Chromium prior to 149.0.7827.53. The Debian/OpenSUSE advisories confirm the issue affects Chromium and list fixed versions: 149.0.7827.53-1~deb12u1, 149.0.7827.53-1~deb...
CVE-2026-11012
CVE-2026-11012 : In Google Chrome on Android, a use-after-free in Serial (prior to version 149.0.7827.53) could allow a renderer-compromised remote attacker to potentially escape the sandbox via a crafted HTML page. Impact described as sandbox escape with high/severe implications; remediation is ...
CVE-2026-11011
CVE-2026-11011 affects Google Chrome Password Manager. The vulnerability is described as insufficient policy enforcement in Password Manager, allowing a remote attacker who has compromised the renderer process to bypass site isolation via a crafted HTML page. Public advisories (Debian DSA-6325-1 ...
CVE-2026-11008
CVE-2026-11008 affects Google Chrome/Chromium WebAppInstalls, with root cause Insufficient validation of untrusted input in WebAppInstalls. The vulnerability enables a remote attacker, who already compromised the renderer, to leak cross-origin data via a crafted HTML page. Affected product is Chr...
CVE-2026-11010
CVE-2026-11010 affects Google Chrome on Android (WebShare) with a use-after-free in WebShare that can be triggered by a crafted HTML page when the renderer is compromised, potentially enabling a sandbox escape. The issue is described as MEDIUM severity and is tied to Chrome versions prior to 149....
CVE-2026-11009
CVE-2026-11009 is a use-after-free vulnerability in Chrome’s USB handling on Windows prior to 149.0.7827.53 that could allow a remote attacker to escape the sandbox via a crafted HTML page. The issue is reported for Chromium-based Chrome (severity: Medium) and is treated as a high-severity, high-...
CVE-2026-11006
This CVE (CVE-2026-11006) affects Google Chrome prior to 149.0.7827.53, specifically the Dawn component. The root cause is an out-of-bounds read in Dawn, exploitable via a crafted HTML page by a remote attacker. The vulnerability impacts Chrome on desktop environments and is addressed by the Chro...
CVE-2026-11007
CVE-2026-11007 describes a vulnerability in WebView for Google Chrome on Android, where insufficient validation of untrusted input in WebView prior to 149.0.7827.53 enabled a renderer-compromised attacker to leak cross-origin data via a crafted HTML page. The connected Debian/OpenSUSE advisories ...
CVE-2026-11004
CVE-2026-11004 refers to an out-of-bounds read in ANGLE used by Google Chrome prior to 149.0.7827.53. A remote attacker who has compromised the renderer could obtain potentially sensitive information from process memory via a crafted HTML page. The issue is addressed in Chrome 149.0.7827.53 (and ...
CVE-2026-11005
CVE-2026-11005 is an out-of-bounds read vulnerability in ANGLE affecting Google Chrome/Chromium. The OpenSUSE advisories (QA for Chromium 149.0.7827.53) list CVE-2026-11005 among multiple ANGLE-related issues, indicating a fix shipped with Chrome 149.0.7827.53. The issue is tied to ANGLE in the W...
CVE-2026-11003
Chrome WebRTC use-after-free vulnerability (CVE-2026-11003) in Google Chrome prior to 149.0.7827.53 allows remote code execution in a sandbox via a crafted HTML page. Root cause: a use-after-free in WebRTC components. Impact per sources: attacker could execute arbitrary code. Mitigation: update t...
CVE-2026-11002
CVE-2026-11002 : Use-after-free in Chrome Autofill (Chromium) prior to 149.0.7827.53 when a renderer process is compromised, potentially enabling a sandbox escape via a crafted HTML page. Affected: Chromium-based Chrome. Impact: remote code execution with sandbox break. Remediation: upgrade to Ch...
CVE-2026-11001
CVE-2026-11001 affects Google Chrome (Chromium-based) in the Payments UI. The issue is described as an incorrect security UI implementation prior to version 149.0.7827.53, enabling a remote attacker to induce a user to perform specific UI gestures via a crafted HTML page to achieve UI spoofing. M...
CVE-2026-11000
Summary : CVE-2026-11000 affects Google Chrome on Linux. The vulnerable component is the Fonts code in Chromium, with the underlying issue described as a use-after-free. This leads to the possibility of remote code execution inside the browser sandbox via a crafted HTML page. Public references in...
CVE-2026-10999
An identified vulnerability CVE-2026-10999 affects ANGLE in Google Chrome on Windows prior to 149.0.7827.53. The root cause is an integer overflow in ANGLE, allowing a remote attacker who has already compromised the renderer process to read potentially sensitive data from process memory via a cra...
CVE-2026-10998
CVE-2026-10998 corresponds to an out-of-bounds read in Media in Google Chrome, exploitable by an attacker on the local network via crafted traffic. Affected product: Google Chrome (Media component). Root cause: out-of-bounds memory read triggered by processing network data before the browser upda...
CVE-2026-10997
CVE-2026-10997 affects Google Chrome extensions due to insufficient policy enforcement in Extensions, allowing a user to be persuaded to install a crafted malicious extension to bypass discretionary access control. Affected software is Chrome (Chromium-based) with the specific fix in version 149....
CVE-2026-10996
CVE-2026-10996 describes an inappropriate implementation in Workers in Google Chrome prior to 149.0.7827.53 that allowed a remote attacker to bypass the same-origin policy via a crafted HTML page. The vulnerability affects Google Chrome (Chromium-based) and is addressed by updating to Chrome 149....
CVE-2026-10995
Summary: CVE-2026-10995 is a heap buffer overflow in the TabStrip component of Google Chrome, exploitable via crafted HTML pages after convincing user to perform specific UI gestures. The flaw occurs in Chrome versions older than 149.0.7827.53. Affected product/area: Google Chrome (Chromium-deriv...
CVE-2026-10994
CVE-2026-10994 affects Google Chrome (ANGLE) with an uninitialized use in ANGLE. A remote attacker could read potentially sensitive data from process memory via a crafted HTML page. Exploitation context is web content; impact is confidential data exposure. The issue has been addressed in Chrome r...
CVE-2026-10993
CVE-2026-10993 is a heap buffer overflow in Skia used by Google Chrome (Chromium-based). Affects Chrome before 149.0.7827.53; a crafted HTML page can allow a remote attacker to read potentially sensitive information from the process memory. Microsoft Edge (Chromium-based) ingests Chromium, which ...
CVE-2026-10992
CVE-2026-10992 affects Google Chrome (Chromium-based) prior to 149.0.7827.53, where insufficient data validation in the Animation component may allow a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. The vulnerability is linked to the Chrom...
CVE-2026-10991
CVE-2026-10991 is a use-after-free in V8 affecting Google Chrome prior to 149.0.7827.53. The vulnerability could allow a remote attacker to execute arbitrary code inside the browser sandbox if a user is tricked into performing specific UI gestures on a crafted HTML page. This is tied to the V8 en...
CVE-2026-10989
CVE-2026-10989 affects Google Chrome’s V8 engine prior to version 149.0.7827.53 . The weakness stems from an inappropriate implementation in V8 , allowing a remote attacker to potentially exploit a heap corruption vulnerability via a crafted HTML page after convincing a user to perform specific U...
CVE-2026-10990
CVE-2026-10990 affects Google Chrome (Chromium-based) prior to 149.0.7827.53. A use-after-free in the Glic component from the renderer process could allow a remote attacker to escape the Chrome sandbox via a crafted HTML page. The issue is documented across NVD/EUVD/NV... and is addressed by Chro...
CVE-2026-10987
Summary: A vulnerability in Google Chrome’s V8 engine allows remote code execution via a crafted HTML page, caused by an integer overflow. This affects Chrome versions prior to 149.0.7827.53. The issue enables sandbox-exploiting code execution without demonstrated exploitation details in the prov...
CVE-2026-10988
Technical details are not publicly available in the provided documents for CVE-2026-10988. The reports describe a use-after-free in Chrome Views affecting versions before 149.0.7827.53 with sandbox escape potential; monitor for updates.
CVE-2026-10984
Summary: CVE-2026-10984 affects Google Chrome on Android due to an inappropriate Accessibility implementation, enabling UI spoofing via a crafted HTML page. The issue lies in older Android builds before 149.0.7827.53; upgrading to 149.0.7827.53 or later mitigates the vulnerability. The vulnerabil...
CVE-2026-10986
This CVE affects Google Chrome’s Media component, with an integer overflow in the Media path prior to version 149.0.7827.53. The underlying root cause is an integer overflow that could allow a remote attacker to execute arbitrary code inside Chromium’s sandbox when processing a malicious file. Th...
CVE-2026-10985
The CVE-2026-10985 entry describes an out-of-bounds read in Skia used by Google Chrome, prior to version 149.0.7827.53, that could allow a remote attacker to leak cross-origin data via a crafted HTML page. Root cause: Skia vulnerability leading to data exposure. Impact: cross-origin data leakage;...
CVE-2026-10982
CVE-2026-10982 : A use-after-free in WebXR within Google Chrome before 149.0.7827.53 allows remote code execution via a crafted HTML page in a sandbox. Affected component is WebXR in Chrome/Chromium; root cause is use-after-free. Impact is high (arbitrary code execution, sandbox break). No exploi...
CVE-2026-10983
CVE-2026-10983 affects Dawn in Google Chrome. The issue is insufficient validation of untrusted input, enabling a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Affected versions are prior to 149.0.7827.53. The provided documents do not specify exploitation statu...
CVE-2026-10981
CVE-2026-10981 affects Google Chrome (Codecs component). The root cause is insufficient validation of untrusted input in Codecs, prior to version 149.0.7827.53. An attacker who compromised the renderer process could leak cross-origin data via a crafted video file, per the provided descriptions. T...
CVE-2026-10980
CVE-2026-10980 : In Google Chrome, the DevTools component had insufficient validation of untrusted input, allowing a remote attacker who had compromised the renderer process to bypass the same-origin policy via a crafted HTML page. This stems from a Chromium-level input-validation issue and could...
CVE-2026-10979
CVE-2026-10979 describes an out-of-bounds read in ANGLE used by Google Chrome before 149.0.7827.53. The issue enables a remote attacker to potentially read sensitive data from a process’s memory via a crafted HTML page. The CVE is linked to Chromium components and Chrome update advisories (stable...
CVE-2026-10978
Summary of CVE-2026-10978 (Chromoting) : A use-after-free defect in Chromoting within Google Chrome on Windows allows a remote attacker to execute arbitrary code via crafted network traffic. Affected component is Chromoting/Chromium-based Chrome; vulnerable version range is Windows builds prior t...