370256 matches found
CVE-2026-14041
CVE-2026-14041 affects Google Chrome components handling Serial policies. The vulnerability stems from insufficient policy enforcement in Serial, allowing privilege escalation via a crafted HTML page. Affected versions are prior to 150.0.7871.47; Chromium notes a Low security severity but CVSS v3...
CVE-2026-14036
CVE-2026-14036 affects Google Chrome’s Bluetooth policy enforcement. The issue is described as insufficient policy enforcement in Bluetooth in Chrome prior to version 150.0.7871.47, enabling a remote attacker to escalate privileges via a crafted HTML page. Connected documents consistently referen...
CVE-2026-14037
CVE-2026-14037 affects Google Chrome (GPU component) due to insufficient policy enforcement in the GPU, enabling a sandbox escape if a renderer is compromised via a crafted HTML page. The vulnerability applies to Chrome versions prior to 150.0.7871.47 and is described with a low severity level bu...
CVE-2026-14038
CVE-2026-14038 affects Google Chrome’s New Tab Page. The root cause is insufficient validation of untrusted input, allowing a remote attacker who has compromised the renderer to potentially escape the sandbox via a crafted HTML page. The vulnerability is addressed in Chrome version 150.0.7871.47 ...
CVE-2026-14033
CVE-2026-14033: Google Chrome on Windows has insufficient policy enforcement in Media, enabling a remote bypass of site isolation through a crafted HTML page. Affects Chrome versions prior to 150.0.7871.47; the issue is mitigated by upgrading to 150.0.7871.47 or later. Exploitation details are no...
CVE-2026-14034
CVE-2026-14034 describes an insecure WebXR implementation in Google Chrome on Android prior to version 150.0.7871.47 . A remote attacker could bypass navigation restrictions by presenting a crafted HTML page, due to an inappropriate handling in WebXR. The vulnerability has a low severity (per Chr...
CVE-2026-14035
Technical details for CVE-2026-14035 are not publicly available in the provided documents; monitor for updates from vendors and security advisories.
CVE-2026-14031
CVE-2026-14031 corresponds to an Inappropriate implementation in Google Chrome’s File Input component, allowing a remote attacker to perform UI spoofing through a crafted HTML page. Affected software: Google Chrome (and Chromium-based components) with versions prior to 150.0.7871.47. Root cause (...
CVE-2026-14032
This CVE affects Google Chrome on macOS, describing a Use-After-Free in Bluetooth that allows code execution when a user is tricked into installing a crafted Chrome Extension. The vulnerable condition is Chrome versions prior to 150.0.7871.47. Impact is arbitrary code execution with high severity...
CVE-2026-14030
Summary: CVE-2026-14030 affects Google Chrome on Linux prior to 150.0.7871.47. The issue is an improper implementation in SplitView that allowed a remote attacker who enticed a user to perform specific UI gestures to spoof the Omnibox (URL bar) via a crafted HTML page. Impact (as described): Spoo...
CVE-2026-14027
CVE-2026-14027 describes a use-after-free in Google Chrome's SignIn path prior to version 150.0.7871.47. A remote attacker could lure a user into specific UI gestures to trigger heap corruption via a crafted HTML page. The vulnerability affects Chrome and is mitigated by updating to 150.0.7871.47...
CVE-2026-14028
Affected software: Chrome for iOS. Vulnerability: UI spoofing due to incorrect security UI in Google Chrome on iOS prior to 150.0.7871.47. Exploitation requires that a user engages in specific UI gestures, via a crafted HTML page. Impact: potential UI spoofing with low severity per Chromium. Root...
CVE-2026-14024
CVE-2026-14024 : A use-after-free in Ozone within Google Chrome on Linux versions before 150.0.7871.47 allows a remote attacker who entices a user to perform specific UI gestures to potentially trigger heap corruption via a crafted HTML page. Impact is described as high for confidentiality, integ...
CVE-2026-14026
CVE-2026-14026 affects Google Chrome (SplitView) prior to 150.0.7871.47. A crafted HTML page can lure a user to perform specific UI gestures, causing UI spoofing due to an incorrect security UI in SplitView. The issue is reported with Chromium security severity: Low. Remediation: update to Chrome...
CVE-2026-14025
CVE-2026-14025 concerns a use-after-free in Chrome’s Views on macOS prior to version 150.0.7871.47, which can lead to heap corruption when a user is tricked into performing specific UI gestures on a crafted HTML page. Affected product: Google Chrome for macOS; vulnerable component: Views; root ca...
CVE-2026-14023
Google Chrome (Chromium) SanitizerAPI in affected builds is vulnerable due to insufficient validation of untrusted input, allowing a remote attacker to bypass the same-origin policy via a crafted HTML page. Affected version range is prior to 150.0.7871.47; vendor/chromium references indicate the ...
CVE-2026-14021
Affected software: Google Chrome (StorageAccessAPI in Chromium). Vulnerability: insufficient policy enforcement allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Versions: prior to 150.0.7871.47. Impact: cross-origin data leakage...
CVE-2026-14022
Affected software/area: Google Chrome (Chromium-based rendering pipeline), with the issue in the Network component due to insufficient validation of untrusted input. Vulnerability details: A remote attacker who has compromised the renderer process can cause leakage of cross-origin data via a craf...
CVE-2026-14018
CVE-2026-14018 describes a use-after-free in Chrome’s Updater on Windows prior to 150.0.7871.47, enabling a local attacker to escalate privileges via a malicious file. Affected software: Google Chrome (Windows). Root cause: use-after-free in the Updater component. Impact: OS-level privilege escal...
CVE-2026-14020
CVE-2026-14020 affects Google Chrome WebXR prior to 150.0.7871.47. The root cause is insufficient validation of untrusted input in WebXR, allowing a remote attacker who has compromised the renderer process to perform UI spoofing via a crafted HTML page. Impact is UI spoofing with medium severity ...