370214 matches found
CVE-2026-14097
CVE-2026-14097 describes an inappropriate implementation in WebAppInstalls for Google Chrome on macOS, prior to version 150.0.7871.47. The underlying issue allows a remote attacker who has already compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Th...
CVE-2026-14095
CVE-2026-14095 affects Google Chrome before 150.0.7871.47. The issue is insufficient policy enforcement in the Browser component, which could allow a remote attacker who has compromised the renderer process to escape the sandbox via a crafted HTML page. The connected sources indicate the impact a...
CVE-2026-14096
Affects Google Chrome for Android. The issue is an inappropriate implementation in Input that, when the renderer process is compromised, enables a remote attacker to leak cross-origin data via a crafted HTML page. Versions prior to 150.0.7871.47 are affected; update to 150.0.7871.47 or later to m...
CVE-2026-14094
Summary (CVE-2026-14094) : A use-after-free flaw in the Chrome Windows Installer component allows a local attacker to escalate to OS-level privileges by loading a malicious file. Affected software: Google Chrome on Windows (prior to version 150.0.7871.47). Root cause: use-after-free in the Instal...
CVE-2026-14093
Summary: A use-after-free in the Cast component of Google Chrome, affecting versions prior to 150.0.7871.47, can allow a compromised renderer process to potentially escape the sandbox via a crafted HTML page. Affected software: Google Chrome (Cast component) on all platforms where the vulnerable ...
CVE-2026-14092
CVE-2026-14092 affects Google Chrome (Chromium-based privacy policy enforcement). It describes insufficient policy enforcement in Privacy in Chrome prior to 150.0.7871.47, enabling an attacker in a privileged network position to leak cross-origin data via malicious network traffic. The CVSS base ...
CVE-2026-14090
Affected software: Google Chrome on ChromeOS. Vulnerable component: CameraCapture. Root cause: insufficient validation of untrusted input leading to an out-of-bounds memory read via a crafted HTML page. Impact: remote attacker could exploit this to read memory. The issue applies to ChromeOS build...
CVE-2026-14089
CVE-2026-14089 affects Google Chrome’s PopupBlocker: insufficient validation of untrusted input before version 150.0.7871.47 enables a remote attacker who already compromised the renderer process to perform UI spoofing via a crafted HTML page. The CVE’s metrics indicate a CVSS v3.1 base score of ...
CVE-2026-14091
The CVE-2026-14091 entry documents a use-after-free in Chrome’s DevTools before version 150.0.7871.47. The underlying issue is in DevTools handling, allowing a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Affected software is Google Chrome (DevTools componen...
CVE-2026-14087
Affected software: Google Chrome on Windows. Vulnerable component: WebNN. Issue: heap buffer overflow leading to potential heap corruption. Root cause: heap overflow in WebNN path as described in multiple sources for CVE-2026-14087 (prior to version 150.0.7871.47). Impact: remote attacker who has...
CVE-2026-14086
The CVE-2026-14086 entry describes a vulnerability in Google Chrome's HID policy enforcement. Affected component: Chrome/Chromium browser handling of HID policy checks. Root cause: insufficient policy enforcement in HID logic allows a remote attacker to run arbitrary code via a crafted HTML page....
CVE-2026-14088
CVE-2026-14088 concerns an uninitialized-use vulnerability in Canvas within Google Chrome on Android . The issue allows a remote attacker to potentially read sensitive information from the process memory through a crafted HTML page, with the impact described as confidential data exposure and the ...
CVE-2026-14084
CVE-2026-14084 affects Chromoting in Google Chrome, with the vulnerability present in Chromium components prior to 150.0.7871.47. The issue is described as insufficient validation of untrusted input, allowing a remote attacker to potentially trigger heap corruption via malicious network traffic. ...
CVE-2026-14085
CVE-2026-14085: A side‑channel information leakage in CSS in Google Chrome (Chromium) before 150.0.7871.47 allows a remote attacker to leak cross-origin data via a crafted HTML page. Affected software: Google Chrome (CSS rendering path). Root cause: side‑channel exposure in CSS handling; impact i...
CVE-2026-14082
This CVE (CVE-2026-14082) concerns a Race in Storage in Google Chrome, affecting Chrome versions prior to 150.0.7871.47. The vulnerability allows a remote attacker to leak cross-origin data via a crafted HTML page. According to the connected documents, this issue is described with a Chromium-base...
CVE-2026-14081
CVE-2026-14081 affects Google Chrome DevTools prior to version 150.0.7871.47. The issue is insufficient policy enforcement, enabling an attacker who persuades a user to install a malicious Chrome extension to access potentially sensitive information from process memory via the crafted extension. ...
CVE-2026-14083
CVE-2026-14083 affects Google Chrome and relates to insufficient validation of untrusted input in HTML, enabling UXSS via a crafted HTML page. Affected component is the browser’s HTML handling (Chromium-based). The description (and linked records) indicate the issue could allow a remote attacker ...
CVE-2026-14080
Affected software: Google Chrome on Android. Vulnerable component: TabSwitcher. Root cause: insufficient validation of untrusted input. Impact: enables a remote attacker to bypass navigation restrictions via malicious network traffic (Chromium security severity: Low). Version constraint: vulnerab...
CVE-2026-14078
CVE-2026-14078 : Insufficient validation of untrusted input in WebRTC within Google Chrome (Chromium) before 150.0.7871.47 allows a remote attacker to escalate privileges via a crafted HTML page. Affects Chrome/Chromium WebRTC components; impact described as high for confidentiality, integrity, a...
CVE-2026-14079
CVE-2026-14079 affects Google Chrome (Chromium) due to insufficient policy enforcement in Network handling, allowing a crafted HTML page to bypass the same-origin policy before version 150.0.7871.47. Affected: Chrome/Chromium network policy enforcement; Root cause: insufficient policy enforcement...