366554 matches found
CVE-2026-10929
Summary (CVE-2026-10929) : A heap buffer overflow in ANGLE used by Google Chrome on Android is exploitable prior to Chrome 149.0.7827.53. If a renderer process is compromised, a remote attacker could potentially escape the sandbox via a crafted HTML page, as described with Chromium severity: High...
CVE-2026-10931
Summary: CVE-2026-10931 is a use-after-free in Chrome’s FileSystem that could allow a remote sandbox escape via a crafted HTML page. Affected product/area: Google Chrome (Chromium-based) prior to version 149.0.7827.53. Impact: high severity with potential sandbox escape; attacker could trigger ne...
CVE-2026-10930
CVE-2026-10930 describes an out-of-bounds read in ANGLE used by Google Chrome on macOS, exploitable via a crafted HTML page. The issue affects Chrome on Mac prior to version 149.0.7827.53, with the underlying cause being an out-of-bounds memory read in ANGLE. The vulnerability is rated high sever...
CVE-2026-10927
The vulnerability CVE-2026-10927 affects Google Chrome’s Dawn component in the renderer process, with an out-of-bounds read that could enable a sandbox escape via a crafted HTML page. The issue is tied to Chrome versions prior to 149.0.7827.53. An attacker who already has renderer access could po...
CVE-2026-10928
CVE-2026-10928 affects Google Chrome in headless mode prior to 149.0.7827.53. The issue is described as a script injection via a crafted HTML page that could allow remote code execution. Affected component is the headless browser environment within Chrome/Chromium; root cause is a script-injectio...
CVE-2026-10926
The CVE-2026-10926 entry describes a use-after-free in Cast in Google Chrome prior to 149.0.7827.53, enabling an attacker on the local network segment to execute arbitrary code via crafted network traffic. Affected component: Cast in Chrome (Chromium-derived). Impact is high (per Chromium advisor...
CVE-2026-10925
CVE-2026-10925 : Affected product is Google Chrome on macOS using Skia. The vulnerability is an out-of-bounds write in Skia prior to version 149.0.7827.53, which could let a remote attacker who has already compromised the renderer process perform a sandbox escape via a crafted HTML page. The issu...
CVE-2026-10924
Summary of CVE-2026-10924 (CVE list entry): Integer overflow in the Chromecast component of Google Chrome before 149.0.7827.53 allowed a remote attacker who had already compromised the renderer process to potentially escape the sandbox via a crafted HTML page. This affects Chrome/Chromecast imple...
CVE-2026-10923
CVE-2026-10923 describes a use-after-free vulnerability in the WebAppInstalls component of Google Chrome on Android, affecting versions prior to 149.0.7827.53. The flaw allows a local attacker to execute arbitrary code by interacting with a malicious file, representing a memory corruption issue w...
CVE-2026-10922
CVE-2026-10922 affects Google Chrome’s DevTools prior to 149.0.7827.53. The issue is caused by insufficient validation of untrusted input, allowing a remote attacker to bypass the same-origin policy when a user is induced to perform specific UI gestures in the context of malicious network traffic...
CVE-2026-10920
CVE-2026-10920 affects Google Chrome on macOS. Insufficient validation of untrusted input in the WebShare component could allow a remote attacker who has compromised the renderer process to perform a sandbox escape via a crafted HTML page. According to the connected sources, this is a Chromium/We...
CVE-2026-10921
This CVE affects Google Chrome (Dawn component) prior to version 149.0.7827.53. An integer overflow in the Dawn renderer could allow a remote attacker who already gained renderer access to escape the sandbox via a crafted HTML page. The documented impact is a high-severity sandbox escape with lik...
CVE-2026-10919
The CVE-2026-10919 entry is for a Use-after-Free vulnerability in ANGLE that affects Google Chrome prior to version 149.0.7827.53. The issue could allow a remote attacker who has already compromised the renderer process to potentially escape the Chrome sandbox via a crafted HTML page, as reported...
CVE-2026-10918
CVE-2026-10918 describes a use-after-free in Viz for Google Chrome that could let a renderer-compromised attacker perform a sandbox escape via a crafted HTML page before Chrome 149.0.7827.53. Affected product/version: Google Chrome (Viz), prior to 149.0.7827.53. Root cause: use-after-free in Viz ...
CVE-2026-10916
This CVE affects Google Chrome DevTools: insufficient validation of untrusted input in DevTools allowed UXSS via a crafted HTML page on renderer-compromised contexts, prior to Chrome 149.0.7827.53. The vulnerability, caused by inadequate input validation in DevTools, could enable a remote attacke...
CVE-2026-10917
CVE-2026-10917 affects Google Chrome (Media component) prior to version 149.0.7827.53. The root cause is insufficient validation of untrusted input in Media, which could allow a remote attacker who has compromised the renderer process to attempt a sandbox escape via a crafted HTML page. The linke...
CVE-2026-10914
The CVE-2026-10914 entry affects ANGLE in Google Chrome on Windows. The issue is a Use-after-Free in ANGLE that could allow a remote attacker to execute arbitrary code inside the Chrome sandbox via a crafted HTML page. Affected software is Google Chrome with ANGLE enabled, prior to version 149.0....
CVE-2026-10913
CVE-2026-10913 : Use-after-free in ANGLE (Google Chrome on Windows) prior to 149.0.7827.53. An attacker could trigger arbitrary code execution in the sandbox via a crafted HTML page. The Chrome 149 stable update (Windows/macOS/Linux) includes fixes for this and other ANGLE-related issues, with CV...
CVE-2026-10915
CVE-2026-10915 – Use-after-free in Core of Google Chrome for iOS (pre-149.0.7827.53) allows a remote attacker who has compromised the renderer to potentially perform a sandbox escape via a crafted HTML page. This is confirmed by multiple sources (NVD entry and ENISA EUVD-2026-34364) and is catego...
CVE-2026-10911
CVE-2026-10911 affects Google Chrome's Media handling. The connected EUVD entry and NVD/NVD-derived records describe insufficient validation of untrusted input in Media, enabling a remote attacker who has compromised the renderer process to potentially escape the Chrome sandbox via a crafted HTML...
CVE-2026-10912
CVE-2026-10912 affects Google Chrome extensions. The issue is caused by insufficient validation of untrusted input in Extensions, allowing a remote attacker who has compromised the renderer process to bypass the same-origin policy via a crafted HTML page. The vulnerability is tied to Chrome versi...
CVE-2026-10910
CVE-2026-10910 refers to a Type Confusion in V8 that affected Google Chrome’s sandboxed JavaScript engine prior to Chrome 149.0.7827.53. The issue could allow a remote attacker to execute arbitrary code through a crafted HTML page, with exploitation possible without user privileges but requiring ...
CVE-2026-10908
CVE-2026-10908 affects Google Chrome on Windows. It is a Use-after-Free in FullScreen handling that, if a renderer process is compromised, could allow a sandbox escape via a crafted HTML page. Google Chrome 149.0.7827.53 (and later) includes fixes. The EUVD/NVD entries corroborate the same vector...
CVE-2026-10909
The connected sources confirm CVE-2026-10909 is a use-after-free vulnerability in Dawn within Google Chrome, fixed by Chrome 149.0.7827.53. A remote attacker who has compromised the renderer could potentially perform a sandbox escape via a crafted HTML page. Affected component/file: Dawn in Chrom...
CVE-2026-10906
CVE-2026-10906 : Use-after-free in WebAuthentication of Google Chrome before 149.0.7827.53 allows a remote attacker, user must engage in specific UI gestures, potentially leading to heap corruption via a crafted HTML page. Affected component: WebAuthentication in Chrome/Chromium stack. Root cause...
CVE-2026-10907
CVE-2026-10907 is an out-of-bounds write in ANGLE used by Google Chrome, affecting Chrome versions prior to 149.0.7827.53. The issue allows a remote attacker to potentially cause heap corruption via a crafted HTML page. The connected documents confirm ANGLE as the vulnerable component and Chrome ...
CVE-2026-10904
CVE-2026-10904 : In Google Chrome, an inappropriate implementation in the V8 engine prior to version 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside the sandbox via a crafted HTML page. The issue is listed with a Chromium severity of High and is mitigated by upgrading to ...
CVE-2026-10905
CVE-2026-10905 affects Google Chrome (desktop) and describes a use-after-free in Network within the Chromium rendering process. A remote attacker who gains control of the renderer could potentially escape the sandbox via a crafted HTML page, because the vulnerability resides in the network path u...
CVE-2026-10901
CVE-2026-10901 is a use-after-free vulnerability in Passwords for Google Chrome on macOS, exploitable when a user is lured into specific UI gestures and visits a crafted HTML page. Affected: Chrome on macOS prior to 149.0.7827.53. Impact: remote code execution via a crafted page; Chromium indicat...
CVE-2026-10902
CVE-2026-10902 describes a Use-after-Free in Ozone for Google Chrome, affecting Chrome builds prior to 149.0.7827.53. The vulnerability could allow a remote attacker to execute arbitrary code via a crafted HTML page, with a Chromium/Chrome security severity marked as Critical. The public referenc...
CVE-2026-10903
This CVE (CVE-2026-10903) concerns a use-after-free in WebRTC within Google Chrome before version 149.0.7827.53, enabling a remote attacker to run arbitrary code in the sandbox via a crafted HTML page. The issue affects WebRTC in Chrome/Chromium; the public description confirms the root cause is ...
CVE-2026-10899
CVE-2026-10899 is a real issue described as a use-after-free in the Ozone component of Google Chrome on Linux, before Chrome 149.0.7827.53. The vulnerability stems from heap corruption potentially exploitable via a crafted HTML page after a user interacts with specific UI gestures. Connected sour...
CVE-2026-10900
CVE-2026-10900 : Use-after-free in Passwords for Google Chrome on macOS, affecting builds prior to 149.0.7827.53. Root cause described as heap corruption via crafted HTML page triggered by user interaction with specific UI gestures. Severity: Critical. The Chrome stable update 149 (149.0.7827.53)...
CVE-2026-10898
CVE-2026-10898 : Stack buffer overflow in the GPU component of Google Chrome before 149.0.7827.53 allows a remote attacker who has compromised the renderer process to potentially escape the sandbox via a crafted HTML page. The issue affects Chrome versions prior to the fixed 149.0.7827.53; Chrome...
CVE-2026-10897
CVE-2026-10897 affects Google Chrome (GPU component) with the root cause described as an inappropriate implementation in the GPU. This could allow a remote attacker to escape the Chrome sandbox via a crafted HTML page. The vulnerability is addressed in the Chrome 149.0.7827.53 stable release (Lin...
CVE-2026-10895
CVE-2026-10895 is a Use-After-Free in Ozone (Chrome) prior to 149.0.7827.53, allowing a remote attacker to execute arbitrary code via a crafted HTML page. Affected product: Google Chrome (Ozone component). Root cause: use-after-free in Ozone path. Impact: remote code execution with high/critical ...
CVE-2026-10896
CVE-2026-10896 affects Chrome for iOS (Google Chrome on iOS) prior to 149.0.7827.53. The vulnerability is a use-after-free in handling crafted HTML pages, enabling a remote attacker to execute arbitrary code. The Google Chrome 149 stable release (Chrome 149.0.7827.53 for Linux/Windows/macOS; iOS ...
CVE-2026-10894
CVE-2026-10894 (Chrome on Linux): Use-after-free in Printing component allows sandbox escape when a renderer is compromised via a crafted HTML page. Affected: Google Chrome for Linux prior to 149.0.7827.53. Impact as stated: remote attacker could potentially escape the sandbox. Root cause per des...
CVE-2026-10893
CVE-2026-10893 : Use-after-free in Chromoting within Google Chrome before 149.0.7827.53 allows remote code execution via malicious network traffic. The issue is in the Chromoting component; impact is described as remote code execution with Chromium security severity: Critical. The public records ...
CVE-2026-10892
CVE-2026-10892 is an out-of-bounds write in the GPU component of Google Chrome on Android, before version 149.0.7827.53, allowing a remote attacker to potentially escape the sandbox via a crafted HTML page. The issue affects Chrome for Android and is categorized as Critical. Public references sho...
CVE-2026-10891
CVE-2026-10891 details : A use-after-free in GFX within Google Chrome on Linux allows a remote attacker to potentially cause heap corruption via a crafted HTML page. The vulnerability is tied to Chrome/Chromium code paths, with a high-severity impact (CVSS v3.1: 8.8, Critical). Affected product: ...
CVE-2026-10890
CVE-2026-10890 is a Use after Free in Cast in Google Chrome prior to 149.0.7827.53, enabling heap corruption via malicious network traffic on a local network segment. Affected feature: Cast in Chrome; root cause: use-after-free. Impact: potential heap corruption with high severity (CRITICAL). Goo...
CVE-2026-10889
CVE-2026-10889 : Out-of-bounds read in ANGLE used by Google Chrome before 149.0.7827.53 allowed a remote attacker who had compromised the renderer to potentially sandbox-escape via a crafted HTML page. Affected component: ANGLE in Chrome. Impact: sandbox escape with high/critical severity as stat...
CVE-2026-10887
CVE-2026-10887 is a use-after-free in Chromoting within Google Chrome on macOS, leading to remote arbitrary code execution via malicious network traffic. The connected Chrome release note confirms a fix in Chrome 149.0.7827.53 (and related stability updates) for macOS, addressing the vulnerabilit...
CVE-2026-10888
CVE-2026-10888 affects Cast Streaming in Google Chrome, prior to version 149.0.7827.53. Description: use-after-free in Cast Streaming could be triggered by malicious network traffic on the local network segment, enabling arbitrary code execution. Severity: Critical; attack vector: adjacent (local...
CVE-2026-10885
Use after free in Chrome for iOS: Google Chrome on iOS prior to 149.0.7827.53 allows remote code execution via a crafted HTML page. The issue in Chrome for iOS is confirmed in multiple sources (CVE-2026-10885). The Chrome 149 stability release includes this fix (149.0.7827.53) across desktop and ...
CVE-2026-10886
CVE-2026-10886: In Google Chrome, a use-after-free in the FileSystem component can allow a remote attacker to perform a sandbox escape via a crafted HTML page. The vulnerability affects Chrome builds prior to 149.0.7827.53. The Chrome Stable update 149.0.7827.53 (Linux/Windows/macOS) includes fix...
CVE-2026-10882
CVE-2026-10882 affects Google Chrome (Chromium-derived) prior to version 149.0.7827.53. The issue is a use-after-free in the Network component, enabling a remote attacker to execute arbitrary code via a crafted HTML page (Chrome security severity: Critical). The most relevant public detail is tha...
CVE-2026-10884
The connected sources confirm a use-after-free in Chromecast within Google Chrome before version 149.0.7827.53. If a renderer process is compromised, an attacker could potentially escape the sandbox via a crafted HTML page. The issue is labeled as Critical in Chromium’s security notes, and the Ch...
CVE-2026-10883
CVE-2026-10883 refers to a type confusion in ANGLE used by Google Chrome up to version 149.0.7827.53, which could allow a remote attacker to cause heap corruption via a crafted HTML page. Connected sources confirm the affected component is ANGLE within Chrome, and that the issue manifests as an o...