370223 matches found
CVE-2026-14046
CVE-2026-14046 affects Google Chrome on Android through the CustomTabs implementation. An inappropriate implementation allows a remote attacker to bypass the same-origin policy via a crafted HTML page. The vulnerability is characterized by a Chromium-based Low severity, with a network attack vect...
CVE-2026-14045
CVE-2026-14045 affects Google Chrome (Chromium-based). The vulnerability is due to insufficient validation of untrusted input in the Network component, allowing a remote attacker who has compromised the renderer process to leak cross-origin data via a crafted HTML page. Impact is cross-origin dat...
CVE-2026-14043
The vulnerability CVE-2026-14043 affects Google Chrome components handling GetUserMedia. A use-after-free in GetUserMedia could allow a remote attacker with control of the renderer process to potentially escape the sandbox via a crafted HTML page. Affected software is Chrome before build 150.0.78...
CVE-2026-14044
CVE-2026-14044 affects Google Chrome (ANGLE component) with a use-after-free in ANGLE that can allow a remote attacker who has compromised the renderer to escape the sandbox via a crafted HTML page. Affected versions are before Chrome 150.0.7871.47. Root cause: use-after-free in ANGLE. Impact: sa...
CVE-2026-14042
CVE-2026-14042 concerns Google Chrome Isolated Web Apps. The issue is an inappropriate implementation that allows a remote attacker to perform UI spoofing via a crafted HTML page. It affects Chrome versions prior to 150.0.7871.47 and is described with a Chromium security severity of Low. The prac...
CVE-2026-14040
Summary (concrete details from provided sources): CVE-2026-14040 is a use-after-free in Chrome’s BrowserTag (prior to version 150.0.7871.47). A device exploited by convincing a user to install a malicious extension could trigger heap corruption via the crafted Chrome Extension. This affects Googl...
CVE-2026-14041
CVE-2026-14041 affects Google Chrome components handling Serial policies. The vulnerability stems from insufficient policy enforcement in Serial, allowing privilege escalation via a crafted HTML page. Affected versions are prior to 150.0.7871.47; Chromium notes a Low security severity but CVSS v3...
CVE-2026-14039
CVE-2026-14039 concerns Google Chrome’s GetUserMedia, where insufficient policy enforcement before version 150.0.7871.47 allowed a remote attacker to bypass the same-origin policy via a crafted HTML page. The vulnerability affects Chrome components related to media permissions and page-origin che...
CVE-2026-14037
CVE-2026-14037 affects Google Chrome (GPU component) due to insufficient policy enforcement in the GPU, enabling a sandbox escape if a renderer is compromised via a crafted HTML page. The vulnerability applies to Chrome versions prior to 150.0.7871.47 and is described with a low severity level bu...
CVE-2026-14038
CVE-2026-14038 affects Google Chrome’s New Tab Page. The root cause is insufficient validation of untrusted input, allowing a remote attacker who has compromised the renderer to potentially escape the sandbox via a crafted HTML page. The vulnerability is addressed in Chrome version 150.0.7871.47 ...
CVE-2026-14036
CVE-2026-14036 affects Google Chrome’s Bluetooth policy enforcement. The issue is described as insufficient policy enforcement in Bluetooth in Chrome prior to version 150.0.7871.47, enabling a remote attacker to escalate privileges via a crafted HTML page. Connected documents consistently referen...
CVE-2026-14033
CVE-2026-14033: Google Chrome on Windows has insufficient policy enforcement in Media, enabling a remote bypass of site isolation through a crafted HTML page. Affects Chrome versions prior to 150.0.7871.47; the issue is mitigated by upgrading to 150.0.7871.47 or later. Exploitation details are no...
CVE-2026-14034
CVE-2026-14034 describes an insecure WebXR implementation in Google Chrome on Android prior to version 150.0.7871.47 . A remote attacker could bypass navigation restrictions by presenting a crafted HTML page, due to an inappropriate handling in WebXR. The vulnerability has a low severity (per Chr...
CVE-2026-14035
Technical details for CVE-2026-14035 are not publicly available in the provided documents; monitor for updates from vendors and security advisories.
CVE-2026-14031
CVE-2026-14031 corresponds to an Inappropriate implementation in Google Chrome’s File Input component, allowing a remote attacker to perform UI spoofing through a crafted HTML page. Affected software: Google Chrome (and Chromium-based components) with versions prior to 150.0.7871.47. Root cause (...
CVE-2026-14032
This CVE affects Google Chrome on macOS, describing a Use-After-Free in Bluetooth that allows code execution when a user is tricked into installing a crafted Chrome Extension. The vulnerable condition is Chrome versions prior to 150.0.7871.47. Impact is arbitrary code execution with high severity...
CVE-2026-14027
CVE-2026-14027 describes a use-after-free in Google Chrome's SignIn path prior to version 150.0.7871.47. A remote attacker could lure a user into specific UI gestures to trigger heap corruption via a crafted HTML page. The vulnerability affects Chrome and is mitigated by updating to 150.0.7871.47...
CVE-2026-14030
Summary: CVE-2026-14030 affects Google Chrome on Linux prior to 150.0.7871.47. The issue is an improper implementation in SplitView that allowed a remote attacker who enticed a user to perform specific UI gestures to spoof the Omnibox (URL bar) via a crafted HTML page. Impact (as described): Spoo...
CVE-2026-14028
Affected software: Chrome for iOS. Vulnerability: UI spoofing due to incorrect security UI in Google Chrome on iOS prior to 150.0.7871.47. Exploitation requires that a user engages in specific UI gestures, via a crafted HTML page. Impact: potential UI spoofing with low severity per Chromium. Root...
CVE-2026-14024
CVE-2026-14024 : A use-after-free in Ozone within Google Chrome on Linux versions before 150.0.7871.47 allows a remote attacker who entices a user to perform specific UI gestures to potentially trigger heap corruption via a crafted HTML page. Impact is described as high for confidentiality, integ...