370254 matches found
CVE-2026-14017
CVE-2026-14017 concerns Google Chrome’s Navigation logic. Affected component: Chrome prior to build 150.0.7871.47; root cause: inappropriate navigation implementation allowed a remote attacker who had already compromised the renderer process to potentially escape the Chrome sandbox via a crafted ...
CVE-2026-14015
Summary: CVE-2026-14015 describes a race condition in WebRTC within Google Chrome on Windows before version 150.0.7871.47. The bug could allow a remote attacker to leak cross-origin data via a crafted HTML page. What’s affected: Google Chrome on Windows; vulnerable component is the WebRTC impleme...
CVE-2026-14013
CVE-2026-14013 affects Google Chrome before version 150.0.7871.47, due to an inappropriate SVG implementation that enables UI spoofing via a crafted HTML page. The issue is documented across multiple feeds (NVD, Debian OSV, EUVD) with a Medium severity. The connected references indicate a patch/r...
CVE-2026-14014
CVE-2026-14014 corresponds to an insufficiently robust Paint implementation in Google Chrome that allows UI spoofing via a crafted HTML page. Affected product: Google Chrome (Paint component); root cause: inappropriate implementation in Paint prior to version 150.0.7871.47. Impact is UI spoofing ...
CVE-2026-14011
The affected component is Google Chrome (SurfaceCapture) with an out-of-bounds read vulnerability in versions prior to 150.0.7871.47. The issue could allow a remote attacker to read memory via a crafted HTML page. Severity is described as Medium by Chromium, with CVSS-driven impact: Confidentiali...
CVE-2026-14010
Google Chrome on Windows is affected by CVE-2026-14010 due to an uninitialized use in codecs prior to version 150.0.7871.47. A remote attacker could read potentially sensitive data from process memory via a crafted HTML page. This affects Chrome on Windows; the vulnerability is categorized as Med...
CVE-2026-14012
This CVE describes a side-channel information leakage in CSS within Google Chrome (Chromium) prior to version 150.0.7871.47. The vulnerability allows a remote attacker to exfiltrate potentially sensitive data from process memory via a crafted HTML page. The affected component is the CSS handling ...
CVE-2026-14008
CVE-2026-14008 describes an uninitialized-use flaw in WebXR within Google Chrome on Android (pre-150.0.7871.47). A crafted HTML page could cause the Chrome process to disclose potentially sensitive memory contents to remote attackers. The impact is information disclosure with a Medium severity pe...
CVE-2026-14009
The vulnerability CVE-2026-14009 affects Google Chrome (Passwords component) due to an inappropriate implementation, enabling remote exploitation to potentially cause heap corruption via a crafted HTML page. Affected builds are prior to 150.0.7871.47; the issue is described with a Chromium severi...
CVE-2026-14007
CVE-2026-14007 affects Google Chrome prior to 150.0.7871.47. The root cause is insufficient policy enforcement in PermissionsPolicy, allowing a remote attacker to bypass navigation restrictions via a crafted HTML page. Exploitation status is not described in the provided documents. The vulnerabil...
CVE-2026-14005
Google Chrome for Android is affected by a use-after-free in Omnibox leading to potential heap corruption via a crafted HTML page. This vulnerability requires user interaction (UI gestures) and can impact confidentiality, integrity, and availability as per CVSS. Affected component: Chrome Android...
CVE-2026-14006
CVE-2026-14006 affects Google Chrome prior to 150.0.7871.47 due to a use-after-free in Navigation, allowing remote code execution. Vulnerable component: Navigation in Chrome (Chromium). Impact: arbitrary code execution; severity shown as High (CVSS 3.1 base 8.8). Remediation: update Chrome to 150...
CVE-2026-14003
Affected software/scope: Google Chrome extensions mechanism. Vulnerability: Insufficient policy enforcement in Chrome Extensions prior to 150.0.7871.47 allows a user-assisted attacker to leak cross-origin data when a malicious extension is installed. Underlying issue: policy enforcement weakness ...
CVE-2026-14004
The CVE-2026-14004 entry corresponds to Google Chrome’s CSS handling, where an inappropriate implementation in CSS allowed a remote attacker to leak cross-origin data via a crafted HTML page. Affected product: Chrome/Chromium before 150.0.7871.47. Root cause: faulty CSS implementation enabling cr...
CVE-2026-14001
CVE-2026-14001 corresponds to an UXSS vulnerability in Google Chrome. The issue is an inappropriate implementation in the network stack that affects Chrome prior to 150.0.7871.47, enabling a remote attacker to inject arbitrary scripts or HTML via a crafted HTML page. The vulnerability is describe...
CVE-2026-14002
CVE-2026-14002 affects Google Chrome Geolocation in Chromium, prior to 150.0.7871.47. Root cause is an inappropriate Geolocation implementation that lets a remote attacker who has compromised the renderer process perform UI spoofing via a crafted HTML page. Impact is UI spoofing with possible hig...
CVE-2026-14000
CVE-2026-14000 affects Google Chrome prior to 150.0.7871.47 due to an inappropriate XML implementation, enabling a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. The issue is documented across multiple sources (NVD, Debian OSV, CVE lists) with the same descrip...
CVE-2026-13999
CVE-2026-13999 affects Google Chrome where insufficient validation of untrusted input in Extensions can enable UI spoofing via a crafted Chrome Extension. The vulnerability is triggered when a user is convinced to install a malicious extension, allowing spoofed UI elements as described in multipl...
CVE-2026-13997
The CVE-2026-13997 entry concerns Google Chrome on Android before 150.0.7871.47, where an incorrect security UI in Extensions could allow UI spoofing via a crafted HTML page if a user performed specific UI gestures after being convinced to engage them. The core issue is a flawed UI trust boundary...
CVE-2026-13998
Impact: Affected software is Google Chrome on macOS. The vulnerability stems from an incorrect security UI in the File Input component, enabling UI spoofing when a user is induced to perform specific UI gestures via a crafted HTML page. Root cause: flawed security UI handling in Chrome/Chromium’s...