CVE-2026-10977

CVE-2026-10977 affects Google Chrome on all platforms through versions prior to 149.0.7827.53. The root cause is an uninitialized use in Skia, which, if a rendererProcess is compromised, allows a remote attacker to leak cross-origin data via a crafted HTML page. According to the provided sources,...

CVE-2026-10976

CVE-2026-10976 concerns uninitialized use in Dawn within Google Chrome prior to 149.0.7827.53, enabling a remote attacker to potentially read sensitive data from process memory through a crafted HTML page. The vulnerability affects Chrome/Dawn components; the root cause is described as uninitiali...

CVE-2026-10975

CVE-2026-10975 describes a use-after-free in Chrome's WebRTC prior to build 149.0.7827.53, enabling a remote attacker to execute arbitrary code inside Chrome’s sandbox via a crafted HTML page. The vulnerability is labeled High severity with a network attack vector, requiring user interaction. Aff...

CVE-2026-10973

CVE-2026-10973 describes an uninitialized use in Dawn within Google Chrome, affecting Chrome builds prior to 149.0.7827.53. This vulnerability could allow a remote attacker to leak cross-origin data via a crafted HTML page. The description attributes impact to data leakage with network-exposed at...

CVE-2026-10974

Summary : CVE-2026-10974 affects ANGLE in Google Chrome prior to 149.0.7827.53. The issue is insufficient validation of untrusted input in ANGLE, which could allow a remote attacker to perform a sandbox escape via a crafted HTML page. The known severity is high (NVD and EUVD references list a bas...

CVE-2026-10972

Use-after-free in Ozone within Google Chrome on Linux, fixed by patch to 149.0.7827.53 or newer. The flaw could allow a remote attacker to escape the sandbox via a crafted HTML page. Affected component: Ozone in Chrome; root cause: use-after-free. Impact: high (sandbox escape, remote code executi...

CVE-2026-10970

Google Chrome is affected by CVE-2026-10970 due to insufficient validation of untrusted input in the InterestGroups feature. The issue allows a remote attacker who has already compromised the renderer process to potentially escape the browser sandbox via a crafted HTML page. The vulnerability is ...

CVE-2026-10971

CVE-2026-10971 : In Google Chrome on Windows, printing input is insufficiently validated, enabling a remote attacker who compromised the renderer process to escape the sandbox via a crafted HTML page. Affected: Windows builds before 149.0.7827.53. Remediation: update to 149.0.7827.53 or later. Re...

CVE-2026-10968

CVE-2026-10968 affects Google Chrome on Windows, specifically Dawn, with insufficient validation of untrusted input. The underlying issue allows a remote attacker who has compromised theRenderer process to leak cross-origin data through a crafted HTML page. Affected version range is before Chrome...

CVE-2026-10969

CVE-2026-10969 describes insufficient input validation in Google Chrome extensions, allowing a remote attacker who has compromised the renderer process to escalate privileges via a crafted HTML page. Affected software: Google Chrome extensions (pre-149.0.7827.53). Root cause: untrusted input not ...

CVE-2026-10967

CVE-2026-10967 affects Google Chrome on Android and is due to a use-after-free in SurfaceCapture. A remote attacker who has compromised the renderer process could potentially perform a sandbox escape via a crafted HTML page. The issue is triggered in Chrome versions prior to 149.0.7827.53; the fi...

CVE-2026-10966

CVE-2026-10966 affects Google Chrome’s Codecs implementation. The vulnerability allows a remote attacker to potentially perform a sandbox escape via a crafted video file on Chrome versions prior to 149.0.7827.53. The issue is described as an inappropriate implementation in Codecs, with a high sev...

CVE-2026-10965

CVE-2026-10965 is an integer overflow in Google Chrome’s DevTools prior to 149.0.7827.53. The issue allows a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Affected software: Chrome (DevTools). Root cause: integer overflow in DevTools as described in multiple ...

CVE-2026-10963

CVE-2026-10963 : Integer overflow in V8 (Chromium) affects Google Chrome before 149.0.7827.53. A crafted HTML page could allow a remote attacker to execute arbitrary code inside the browser sandbox. Affected component: V8 in Chrome; root cause: integer overflow. Impact: high, including potential ...

CVE-2026-10964

CVE-2026-10964 concerns Google Chrome’s V8 engine, where an integer overflow vulnerability existed in versions prior to 149.0.7827.53. The issue could allow a remote attacker to execute arbitrary code inside the browser sandbox via a crafted HTML page. Affected component: V8 in Chrome/Chromium. R...

CVE-2026-10962

CVE-2026-10962 describes a Type Confusion in Media in Google Chrome prior to 149.0.7827.53 that could allow a remote attacker to execute arbitrary code inside the sandbox via a crafted HTML page. Affected: Google Chrome (Chromium-based). Root cause: media type confusion as stated. Impact: high. R...

CVE-2026-10961

The CVE-2026-10961 issue affects Chrome for iOS (Google Chrome on iOS), where a use-after-free in the renderer allows a remote attacker who has compromised the renderer process to potentially escape the sandbox via a crafted HTML page. Impact is a sandbox escape with high severity; exploitation s...

CVE-2026-10960

CVE-2026-10960 affects Google Chrome on all platforms where the Codecs component handles uninitialized state. The connected documents specify that prior to version 149.0.7827.53, an uninitialized use in Codecs allowed a remote attacker who had compromised the renderer process to potentially escap...

CVE-2026-10959

The connected documents confirm CVE-2026-10959 affects Google Chrome on Android (before version 149.0.7827.53). The underlying issue is a use-after-free in Input, enabling a remote attacker to execute arbitrary code inside Chrome’s sandbox via a crafted HTML page. Impact is a high-severity remote...

CVE-2026-10957

The CVE-2026-10957 entry describes a use-after-free in Glic in Google Chrome before 149.0.7827.53, allowing a remote attacker to execute arbitrary code in a sandbox via a crafted HTML page. Affected software: Google Chrome (Chromium-based) prior to 149.0.7827.53. Underlying cause: use-after-free ...

CVE-2026-10958

CVE-2026-10958 is a use-after-free vulnerability in Chrome for iOS (Google Chrome on iOS) prior to version 149.0.7827.53 . A remote attacker could trick a user into performing specific UI gestures to cause arbitrary code execution via a crafted HTML page. The root cause is a use-after-free in the...

CVE-2026-10956

Summary of CVE-2026-10956 Affected software: Google Chrome (MimeHandlerView component). Vulnerability: Use-after-free in MimeHandlerView leading to potential remote code execution via a crafted HTML page. This could allow arbitrary code execution within the Chrome sandbox. Impact: High severity p...

CVE-2026-10955

Summary (CVE-2026-10955): Type Confusion in ANGLE affecting Google Chrome on Windows, prior to version 149.0.7827.53. The vulnerability could allow a remote attacker to perform out-of-bounds memory access via a crafted HTML page. The issue is documented across multiple sources (NVD, EUVD, CIRCL, ...

CVE-2026-10953

CVE-2026-10953 involves a use-after-free in Chrome’s Core on Android, allowing a remote attacker who has already compromised a renderer process to potentially escape the Chrome sandbox via a crafted HTML page. Affected software is Google Chrome on Android, with the vulnerability present prior to ...

CVE-2026-10954

CVE-2026-10954 describes a use-after-free in Chrome’s Actor component, leading to remote code execution inside the sandbox when processing a crafted HTML page. Affected product: Google Chrome. Vulnerable version range: prior to 149.0.7827.53; remediation guidance in the description suggests updat...

CVE-2026-10952

Chrome for iOS is affected by a use-after-free causing heap corruption via a crafted HTML page. Affected product/version: Google Chrome on iOS prior to 149.0.7827.53. Impact: remote attacker could potentially exploit the heap corruption. Severity: High (CVSS 3.1 base 8.8). Mitigation: update to v...

CVE-2026-10950

CVE-2026-10950 affects Google Chrome on iOS (Autofill) where insufficient policy enforcement allowed a remote attacker to exfiltrate cross-origin data via a crafted HTML page. The issue is tied to Autofill handling in Chrome for iOS before version 149.0.7827.53. A patch is expected in 149.0.7827....

CVE-2026-10951

CVE-2026-10951 refers to a use-after-free in Autofill for Google Chrome on iOS. The underlying issue causes heap corruption via a crafted HTML page when a user is guided to perform specific UI gestures, with remote attack potential. Affected product: Google Chrome on iOS; vulnerable component: Au...

CVE-2026-10949

Summary of CVE-2026-10949 : A heap buffer overflow in Chrome’s Video component allows a remote attacker who has already compromised the renderer process to potentially escape the sandbox via a crafted HTML page. Affected product is Google Chrome (before build 149.0.7827.53). The vulnerability is ...

CVE-2026-10947

Affected software: Google Chrome (WebRTC component). Vulnerability: use-after-free in WebRTC leading to remote arbitrary code execution within the sandbox via a crafted HTML page. Scope: Chrome prior to version 149.0.7827.53 is impacted; patch level implied by the fixed version in the description...

CVE-2026-10948

CVE-2026-10948 describes a use-after-free in WebRTC affecting Google Chrome up to 149.0.7827.53 . The vulnerability allows a remote attacker to execute arbitrary code inside Chrome’s sandbox via a crafted HTML page. The impact is described as high severity with possible full compromise of the san...

CVE-2026-10946

CVE-2026-10946 is a heap-buffer-overflow in Chrome's Media stack, fixed in Chrome 149.0.7827.53. The vulnerability could allow remote code execution inside a sandbox when a user is convinced to perform specific UI gestures on a crafted HTML page. Affected product: Google Chrome (pre-149.0.7827.53...

CVE-2026-10945

Summary: CVE-2026-10945 is a use-after-free in Google Chrome’s PDF handling prior to 149.0.7827.53. A remote attacker could lure a user into specific UI gestures to trigger execution of arbitrary code inside the browser sandbox via a crafted PDF file. The impact is high (arbitrary code execution ...

CVE-2026-10944

The CVE-2026-10944 entry concerns Google Chrome on iOS where the Autofill policy enforcement is insufficient prior to version 149.0.7827.53. Root cause: inadequate controls in Autofill that allow cross-origin data leakage via a crafted HTML page. Impact: potential exposure of cross-origin data (h...

CVE-2026-10943

CVE-2026-10943 describes a use-after-free in WebRTC within Google Chrome prior to 149.0.7827.53, enabling a remote attacker to execute arbitrary code inside Chrome’s sandbox via a crafted HTML page. Affected software is Google Chrome (Chromium WebRTC component). The underlying root cause is a use...

CVE-2026-10941

CVE-2026-10941: Out-of-bounds memory access in Skia used by Google Chrome before version 149.0.7827.53 enables a remote attacker to execute arbitrary code inside the sandbox via a crafted HTML page. Severity: High. Affected software: Google Chrome (Skia component). Root cause: memory access outsi...

CVE-2026-10942

Summary: CVE-2026-10942 affects Google Chrome on Windows prior to version 149.0.7827.53 due to an incorrect UI implementation, enabling a local attacker to escalate privileges via a malicious file. The vulnerability is described as high severity. What is affected: Google Chrome (Windows) before 1...

CVE-2026-10940

CVE-2026-10940 describes a race in the Codecs component of Google Chrome on Windows, prior to version 149.0.7827.53. A remote attacker who compromises the renderer could potentially escape the sandbox via a crafted HTML page. Affected product: Chrome/Chromium codecs subsystem; Root cause: race co...

CVE-2026-10939

Chrome WebRTC use-after-free vulnerability (CVE-2026-10939) allows remote code execution in sandbox via a crafted HTML page on Chrome versions prior to 149.0.7827.53. The issue is caused by a use-after-free in WebRTC. A fix is available in Chrome 149.0.7827.53 and later; users should update to th...

CVE-2026-10937

The CVE-2026-10937 entry describes an issue in Google Chrome related to the Passwords component. Root cause: an inappropriate implementation in Passwords in Chrome prior to 149.0.7827.53 that allowed a remote attacker to bypass the same-origin policy via a crafted HTML page. Impact: enables SOP b...

CVE-2026-10936

This CVE describes a Type Confusion in V8 within Google Chrome prior to 149.0.7827.53 that allows a remote attacker to execute arbitrary code inside the browser sandbox via a crafted HTML page. Affected component: the V8 engine used by Chrome. Root cause: a type confusion in V8 handling, leading ...

CVE-2026-10938

CVE-2026-10938 affects Google Chrome before version 149.0.7827.53, where an inappropriate implementation in the Input handling of the renderer process allows a remote attacker who has compromised the renderer to bypass site isolation via a crafted HTML page. The impact is described as high (I/H) ...

CVE-2026-10935

CVE-2026-10935: Type Confusion in Google Chrome’s V8 engine (Chromium) prior to 149.0.7827.53. A crafted HTML page enables a remote attacker to execute arbitrary code inside the sandbox. Affected product: Google Chrome/Chromium with V8. Root cause: type confusion in V8. Impact: remote code execut...

CVE-2026-10934

The CVE-2026-10934 entry concerns a use-after-free in Autofill for Google Chrome on Android, prior to version 149.0.7827.53. The underlying issue in the Autofill component could allow a remote attacker who already compromised the renderer process to trigger a sandbox escape via a crafted HTML pag...

CVE-2026-10932

Use-after-free in the Chrome Android UI (pre-149.0.7827.53) allows a remote attacker to potentially trigger heap corruption via a crafted HTML page. Affected: Google Chrome for Android; root cause: UI use-after-free. Impact: high (confidentiality, integrity, availability). Remediation: update to ...

CVE-2026-10933

CVE-2026-10933 is a use-after-free in Audio in Google Chrome on Windows. The vulnerability could allow a compromised renderer process to escape the sandbox via a crafted HTML page. Affected software is Google Chrome on Windows; the issue is tied to the Audio component and is described as high sev...

CVE-2026-10929

Summary (CVE-2026-10929) : A heap buffer overflow in ANGLE used by Google Chrome on Android is exploitable prior to Chrome 149.0.7827.53. If a renderer process is compromised, a remote attacker could potentially escape the sandbox via a crafted HTML page, as described with Chromium severity: High...

CVE-2026-10931

Summary: CVE-2026-10931 is a use-after-free in Chrome’s FileSystem that could allow a remote sandbox escape via a crafted HTML page. Affected product/area: Google Chrome (Chromium-based) prior to version 149.0.7827.53. Impact: high severity with potential sandbox escape; attacker could trigger ne...

CVE-2026-10930

CVE-2026-10930 describes an out-of-bounds read in ANGLE used by Google Chrome on macOS, exploitable via a crafted HTML page. The issue affects Chrome on Mac prior to version 149.0.7827.53, with the underlying cause being an out-of-bounds memory read in ANGLE. The vulnerability is rated high sever...

CVE-2026-10927

The vulnerability CVE-2026-10927 affects Google Chrome’s Dawn component in the renderer process, with an out-of-bounds read that could enable a sandbox escape via a crafted HTML page. The issue is tied to Chrome versions prior to 149.0.7827.53. An attacker who already has renderer access could po...