370204 matches found
CVE-2026-14106
This CVE affects Google Chrome on Android, where insufficient validation of untrusted input in Text in the renderer can allow a sandbox escape via a crafted HTML page. Affected versions are before 150.0.7871.47; remediation is to update to 150.0.7871.47 or newer. The issue arises from the rendere...
CVE-2026-14107
CVE-2026-14107 describes a use-after-free in Chrome’s Scheduling component, exploitable via a crafted HTML page to achieve remote code execution inside the sandbox. Affected software: Google Chrome, versions before 150.0.7871.47. Root cause: use-after-free in scheduling logic (Chromium). Impact: ...
CVE-2026-14103
According to the connected documents, CVE-2026-14103 is a use-after-free bug in SSL handling on Google Chrome running on ChromeOS, prior to version 150.0.7871.47. The vulnerability could allow a remote attacker to obtain potentially sensitive data from process memory via a crafted HTML page. The ...
CVE-2026-14105
Affected product: Google Chrome (Chromium-based). Version range: prior to 150.0.7871.47. Vulnerability: Insufficient policy enforcement in the Speech component allows a remote attacker to bypass the Same Origin Policy via a crafted HTML page. Impact: potential cross-origin access and data exposur...
CVE-2026-14104
CVE-2026-14104 affects WebAppInstalls in Google Chrome prior to 150.0.7871.47. The vulnerability arises from insufficient validation of untrusted input, allowing a remote attacker to execute arbitrary code inside the browser sandbox via a crafted HTML page. The issue is documented across multiple...
CVE-2026-14102
CVE-2026-14102: Use-after-free in Passwords in Google Chrome before 150.0.7871.47 may allow remote heap corruption via a crafted HTML page. Affected: Google Chrome/Chromium Passwords component. Root cause: use-after-free leading to heap corruption. Impact, per CVSS: HIGH for confidentiality, inte...
CVE-2026-14101
CVE-2026-14101 affects Google Chrome on macOS before 150.0.7871.47, due to insufficient policy enforcement in the Sandbox component, enabling a renderer-compromised attacker to potentially escape the sandbox via a crafted HTML page. The issue is described across multiple sources (NVD/DEBIAN/RH/EU...
CVE-2026-14100
CVE-2026-14100 affects Google Chrome’s NetworkCache. Affected component: NetworkCache in Chrome (before version 150.0.7871.47). Root cause: insufficient data validation that enables a remote attacker to leak cross-origin data via a crafted HTML page. Impact: cross-origin data leakage with network...
CVE-2026-14099
CVE-2026-14099 affects Chrome for iOS (Google Chrome on iOS) prior to version 150.0.7871.47. The issue is a use-after-free in the browser, potentially allowing heap corruption when a user is induced to perform specific UI gestures via a crafted HTML page. The problem is rooted in Chrome/Chromium ...
CVE-2026-14097
CVE-2026-14097 describes an inappropriate implementation in WebAppInstalls for Google Chrome on macOS, prior to version 150.0.7871.47. The underlying issue allows a remote attacker who has already compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Th...
CVE-2026-14098
CVE-2026-14098 affects Google Chrome and other Chromium-based browsers due to an inappropriate CSS implementation that allows a remote attacker to leak cross-origin data via a crafted HTML page. Affected version range is Chrome prior to 150.0.7871.47. Impact is cross-origin data leakage; exploita...
CVE-2026-14096
Affects Google Chrome for Android. The issue is an inappropriate implementation in Input that, when the renderer process is compromised, enables a remote attacker to leak cross-origin data via a crafted HTML page. Versions prior to 150.0.7871.47 are affected; update to 150.0.7871.47 or later to m...
CVE-2026-14095
CVE-2026-14095 affects Google Chrome before 150.0.7871.47. The issue is insufficient policy enforcement in the Browser component, which could allow a remote attacker who has compromised the renderer process to escape the sandbox via a crafted HTML page. The connected sources indicate the impact a...
CVE-2026-14092
CVE-2026-14092 affects Google Chrome (Chromium-based privacy policy enforcement). It describes insufficient policy enforcement in Privacy in Chrome prior to 150.0.7871.47, enabling an attacker in a privileged network position to leak cross-origin data via malicious network traffic. The CVSS base ...
CVE-2026-14093
Summary: A use-after-free in the Cast component of Google Chrome, affecting versions prior to 150.0.7871.47, can allow a compromised renderer process to potentially escape the sandbox via a crafted HTML page. Affected software: Google Chrome (Cast component) on all platforms where the vulnerable ...
CVE-2026-14094
Summary (CVE-2026-14094) : A use-after-free flaw in the Chrome Windows Installer component allows a local attacker to escalate to OS-level privileges by loading a malicious file. Affected software: Google Chrome on Windows (prior to version 150.0.7871.47). Root cause: use-after-free in the Instal...
CVE-2026-14089
CVE-2026-14089 affects Google Chrome’s PopupBlocker: insufficient validation of untrusted input before version 150.0.7871.47 enables a remote attacker who already compromised the renderer process to perform UI spoofing via a crafted HTML page. The CVE’s metrics indicate a CVSS v3.1 base score of ...
CVE-2026-14090
Affected software: Google Chrome on ChromeOS. Vulnerable component: CameraCapture. Root cause: insufficient validation of untrusted input leading to an out-of-bounds memory read via a crafted HTML page. Impact: remote attacker could exploit this to read memory. The issue applies to ChromeOS build...
CVE-2026-14091
The CVE-2026-14091 entry documents a use-after-free in Chrome’s DevTools before version 150.0.7871.47. The underlying issue is in DevTools handling, allowing a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Affected software is Google Chrome (DevTools componen...
CVE-2026-14088
CVE-2026-14088 concerns an uninitialized-use vulnerability in Canvas within Google Chrome on Android . The issue allows a remote attacker to potentially read sensitive information from the process memory through a crafted HTML page, with the impact described as confidential data exposure and the ...