368880 matches found
CVE-2026-14389
The provided sources describe a vulnerability in Google Chrome’s Skia: an integer overflow in Skia, prior to Chrome 150.0.7871.46, could allow a remote attacker who has compromised the renderer process to potentially escape the sandbox via a crafted HTML page. Affected component: Skia inside Chro...
CVE-2026-14387
Summary (CVE-2026-14387) : An integer overflow in Skia used by Google Chrome prior to 150.0.7871.46 could allow a remote attacker to potentially perform a sandbox escape via a crafted HTML page. The description appears consistently across NVD, CVE list, EUVD, and related feeds. The connected sour...
CVE-2026-14391
The CVE-2026-14391 entry concerns an integer overflow in ANGLE used by Google Chrome on Windows, prior to version 150.0.7871.46. The vulnerability allows a remote attacker who has already compromised the renderer process to potentially read sensitive data from process memory via a crafted HTML pa...
CVE-2026-14429
CVE-2026-14429 affects Google Chrome and its Skia rendering library. Insufficient validation of untrusted input in Skia before Chrome 150.0.7871.46 can allow a remote attacker who has compromised the renderer process to potentially escape the sandbox via a crafted HTML page. Impact is described a...
CVE-2026-14414
CVE-2026-14414 — Insufficient validation of untrusted input in Skia within Google Chrome prior to 150.0.7871.46 allows a remote attacker who has already compromised the renderer process to exfiltrate potentially sensitive data from process memory via a crafted HTML page. The issue is tied to Skia...
CVE-2026-14428
The CVE-2026-14428 entry covers Google Chrome on Android (Dawn) with insufficient validation of untrusted input, allowing a remote attacker who has already compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Affected software is Chrome on Android, spe...
CVE-2026-14412
The CVE-2026-14412 entry concerns ANGLE in Google Chrome with insufficient validation of untrusted input. Attack vector involves a remote attacker who has already compromised the renderer process and could potentially escape the sandbox through a crafted HTML page. Affected product context is Goo...
CVE-2026-14382
CVE-2026-14382 affects Chrome’s ANGLE component. The issue is insufficient validation of untrusted input in ANGLE, enabling a remote sandbox-escape via a crafted HTML page. Product/versions: Google Chrome prior to 150.0.7871.46. Impact: sandbox escape potential with high severity (per Chromium ad...
CVE-2026-14411
CVE-2026-14411 describes insufficient validation of untrusted input in ANGLE used by Google Chrome, prior to build 150.0.7871.46. The issue may allow a remote attacker to cause a sandbox escape via a crafted HTML page. Documented impact is a high-severity, likely remote threat affecting ANGLE int...
CVE-2026-14401
CVE-2026-14401 affects Google Chrome on Android through ANGLE, where insufficient validation of untrusted input in ANGLE prior to 150.0.7871.46 enables a renderer-Process-compromised remote attacker to potentially escape the sandbox via a crafted HTML page. The vulnerability is described as high ...
CVE-2026-14415
In Chrome, CVE-2026-14415 concerns an inappropriate implementation in V8 that affects Google Chrome before version 150.0.7871.46. A remote attacker could exploit the issue by persuading a user to perform specific UI gestures, potentially triggering heap corruption through a crafted HTML page. The...
CVE-2026-14381
CVE-2026-14381 affects Google Chrome’s WebAppInstalls UI. A crafted HTML page can trigger UI spoofing due to an incorrect security UI in WebAppInstalls prior to Chrome 150.0.7871.46. Impact: remote attacker could spoof UI. Mitigation: update to Chrome 150.0.7871.46 or later (Chromium-based). Refe...
CVE-2026-14407
CVE-2026-14407: In Google Chrome, an inappropriate implementation in the V8 engine prior to 150.0.7871.46 allows a remote attacker to execute arbitrary code inside the browser sandbox via a crafted HTML page. Affects the V8 implementation in Chrome; details indicate a sandbox escape/vector leadin...
CVE-2026-14409
CVE-2026-14409 affects the Chrome V8 engine prior to 150.0.7871.46. Affected component: V8 in Google Chrome. Root cause: inappropriate implementation allowing a remote attacker to execute arbitrary code inside a sandbox when a user is tricked into performing specific UI gestures on a crafted HTML...
CVE-2026-14383
The CVE-2026-14383 entry concerns Google Chrome’s V8 engine. Affected component: V8 in Chrome prior to version 150.0.7871.46. Description from multiple sources indicates an inappropriate implementation allowed remote attackers to execute arbitrary code inside the browser sandbox via a crafted HTM...
CVE-2026-14404
CVE-2026-14404 affects Google Chrome via an incorrect implementation in PDFium, enabling a remote attacker to achieve UI spoofing through a crafted PDF file. The vulnerability is tied to Chrome versions before 150.0.7871.46 (Chromium security severity: Medium). The underlying root cause is an ina...
CVE-2026-14410
CVE-2026-14410 affects Google Chrome’s Skia rendering pipeline. The issue arises from an inappropriate implementation in Skia that, if a renderer process is compromised, enables UI spoofing via a crafted HTML page. Impact is limited to remote UI spoofing with no broader exploit chain described; b...
CVE-2026-14427
CVE-2026-14427 : Heap buffer overflow in Skia used by Google Chrome prior to 150.0.7871.46. A remote attacker who already compromised the renderer could potentially escape the sandbox via a crafted HTML page. Affected: Chrome/Skia stack (Chrome 150 pre-release fix applies). Root cause: heap buffe...
CVE-2026-14385
CVE-2026-14385 : Heap buffer overflow in ANGLE within Google Chrome on macOS prior to 150.0.7871.46 allows a remote attacker to trigger out-of-bounds memory access via a crafted HTML page. The issue affects ANGLE in Chrome and is tied to the macOS build; CVSS v3.1 base score: 8.8 (High). Remediat...
CVE-2026-50283
Craft CMS versions 5.0.0-RC1–5.9.20 and 4.0.0-RC1–4.17.13 contain an authorization issue in AssetsController::actionReplaceFile that can delete a source asset without source delete permission when both assetId and sourceAssetId are supplied. The runtime loads assetId ($assetToReplace) and sourceA...