370256 matches found
CVE-2026-13980
CVE-2026-13980 affects Chrome for iOS (Google Chrome on iOS). The vulnerability stems from an inappropriate implementation in Chrome for iOS prior to version 150.0.7871.47, enabling a remote attacker to perform UI spoofing via a crafted HTML page. Documents consistently describe the issue as a UI...
CVE-2026-13976
CVE-2026-13976 : In Google Chrome, insufficient data validation in Storage prior to 150.0.7871.47 could allow a remote attacker who has compromised a renderer process to potentially perform a sandbox escape via a crafted HTML page. This vulnerability has a Medium severity (CVSS 3.1: AV:N/AC:H/PR:...
CVE-2026-13977
CVE-2026-13977 describes an insecure implementation in HTMLParser in Google Chrome/Chromium, enabling UXSS by injecting scripts/HTML through a crafted HTML page. The vulnerability affects Chrome/Chromium builds prior to 150.0.7871.47, with a CVSS v3.1 base score of 5.4 (Medium). The provided docu...
CVE-2026-13975
CVE-2026-13975 affects ANGLE in Google Chrome on macOS. The vulnerability is an out-of-bounds read in ANGLE that could allow a remote attacker who has compromised the renderer process to read potentially sensitive data from process memory via a crafted HTML page. The issue arises in Chrome prior ...
CVE-2026-13973
CVE-2026-13973 affects Google Chrome UI handling: an inappropriate UI implementation prior to version 150.0.7871.47 allows a remote attacker to spoof UI via a crafted HTML page when a user is guided to perform specific UI gestures. The vulnerability is described across NVD/ENISA/CVE records with ...
CVE-2026-13974
Google Chrome on macOS Safe Browsing contains an integer overflow that lets a remote attacker bypass navigation restrictions via a malicious file. This affects Chrome on Mac prior to 150.0.7871.47. Impact aligns with the description (Chromium security severity: Medium); exploitation details are n...
CVE-2026-13972
CVE-2026-13972 affects Google Chrome (Paint) prior to version 150.0.7871.47. Root cause: Inappropriate implementation in Paint allowing a remote attacker to trigger UI spoofing through a crafted HTML page. Impact is UI spoofing with no data disclosure or other impacts stated; impact categories in...
CVE-2026-13970
CVE-2026-13970 : In Google Chrome, an uninitialized-use vulnerability in the Media component allows a remote attacker who has compromised the renderer process to read potentially sensitive data from process memory via a crafted HTML page. Affected versions are before 150.0.7871.47. Impact is info...
CVE-2026-13971
CVE-2026-13971 refers to an uninitialized use in Skia used by Google Chrome prior to 150.0.7871.47. This could allow a remote attacker who already compromised the renderer process to read potentially sensitive data from process memory via a crafted HTML page. Affected software: Google Chrome (Ski...
CVE-2026-13968
The vulnerability CVE-2026-13968 affects Google Chrome DevTools prior to 150.0.7871.47. It arises from insufficient validation of untrusted input, enabling a remote attacker who entices a user to perform specific UI gestures to execute arbitrary code inside a sandbox via a malicious file. The con...
CVE-2026-13967
The CVE-2026-13967 entry concerns a heap buffer overflow in V8 (Chrome) prior to version 150.0.7871.47. A crafted HTML page could allow a remote attacker to execute arbitrary code inside the browser sandbox. The issue is reported with a Chromium severity of Medium and a CVSS base score of 8.8 (Hi...
CVE-2026-13969
CVE-2026-13969 affects Google Chrome on Android: an uninitialized UI state in the renderer allows reading potentially sensitive memory via a crafted HTML page when the renderer is compromised. Exploitation involves a network attack with user interaction required; impact is confidentiality (high)....
CVE-2026-13966
CVE-2026-13966 affects Google Chrome/history UI, where an inappropriate implementation in History prior to 150.0.7871.47 allows a remote attacker to perform UI spoofing via a crafted HTML page. The NVD/ENISA/OSV entries consistently cite this Chrome history UI spoofing issue with a CVSSv3.1 base ...
CVE-2026-13964
CVE-2026-13964 affects WebView in Google Chrome on Android. The vulnerability is due to insufficient policy enforcement that allowed bypassing navigation restrictions via a crafted HTML page. Impact is a medium severity remote issue. The documented fix is Chrome version 150.0.7871.47 or later; up...
CVE-2026-13965
CVE-2026-13965: Use-after-free in Oilpan within Google Chrome (Chromium) before 150.0.7871.47 allows a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Impact: high (arbitrary code in sandbox); attack vector: network, user interaction required. Affected product:...
CVE-2026-13963
In Chrome, CVE-2026-13963 involves an inappropriate DevTools implementation allowing a remote attacker to leak cross-origin data via a crafted HTML page when a user performs specific UI gestures. Affected product/area: Google Chrome DevTools. Vulnerable state: prior to version 150.0.7871.47. Root...
CVE-2026-13962
CVE-2026-13962 affects Google Chrome (Chromium-based) prior to 150.0.7871.47. The issue is insufficient data validation in PDF handling within the renderer process, allowing a remote attacker who has already compromised the renderer to bypass navigation restrictions via a crafted HTML page. The o...
CVE-2026-13961
The CVE-2026-13961 issue affects Google Chrome on Windows, specifically DevTools. It arises from insufficient validation of untrusted input, allowing a remote attacker who convinces a user to perform certain UI gestures to potentially read sensitive data from process memory via a crafted HTML pag...
CVE-2026-13959
The CVE-2026-13959 entry describes an issue in Blink (Chrome) where insufficient validation of untrusted input allows a remote attacker to bypass the Same Origin policy via a crafted HTML page. Affected software is Google Chrome (Blink engine) with versions prior to 150.0.7871.47. The impact is a...
CVE-2026-13960
Summary: CVE-2026-13960 describes an inappropriate implementation in Google Chrome’s Passwords feature prior to version 150.0.7871.47 that allows a remote attacker to perform UI spoofing through a crafted HTML page. The issue is tracked with a Medium severity (CVSS v3.1: 4.3) and involves network...