370261 matches found
CVE-2026-13922
Summary of CVE-2026-13922 : A side-channel information leak in Chrome’s Paint component allows a remote attacker to exfiltrate cross-origin data via a crafted HTML page. Affected product/version: Google Chrome (Paint functionality) up to version 150.0.7871.47. Root cause: described as a side-chan...
CVE-2026-13921
The set of connected records confirms CVE-2026-13921 affects Google Chrome (Chromium-based) via the DeviceBoundSessionCredentials component where insufficient validation of untrusted input enables a remote bypass of the same-origin policy through a crafted HTML page. The vulnerability is describe...
CVE-2026-13923
CVE-2026-13923 : The connected documents specify that Google Chrome on Android is affected by an uninitialized GPU use vulnerability that can allow a remote attacker to read potentially sensitive data from a process memory via a crafted HTML page. Root cause: uninitialized use in the GPU componen...
CVE-2026-13920
CVE-2026-13920 describes insufficient validation of untrusted input in Chrome’s media handling on Windows before 150.0.7871.47, allowing a renderer-compromised attacker to potentially escape the sandbox via a crafted HTML page. Affected software: Google Chrome on Windows (renderer process). Root ...
CVE-2026-13918
CVE-2026-13918 concerns Chrome for iOS (iOS) prior to 150.0.7871.47, where a use-after-free vulnerability in the browser could allow a remote attacker to potentially trigger heap corruption via a crafted HTML page. The connected Debian/OSV and related entries corroborate the description and ident...
CVE-2026-13919
CVE-2026-13919 describes an insufficent policy enforcement in Chrome’s Extensions on Chromium-based builds, where a crafted HTML page could enable a remote attacker with renderer access to bypass site isolation. Affected software/component: Google Chrome (Extensions/Chromium core). Root cause: po...
CVE-2026-13917
Affected product: Chrome for iOS (Google Chrome on iOS). Vulnerable component: untrusted input validation in the iOS browser. Root cause: insufficient validation of untrusted input in a crafted HTML page that, with user engagement via specific UI gestures, lets an attacker bypass navigation restr...
CVE-2026-13915
CVE-2026-13915 affects Chrome for iOS (Google Chrome on iOS) prior to version 150.0.7871.47. The vulnerability is described as a use-after-free that could lead to heap corruption when a remote attacker convinces a user to perform specific UI gestures on a crafted HTML page. Impact details in the ...
CVE-2026-13916
Chrome for iOS prior to 150.0.7871.47 allows UI spoofing via a crafted HTML page due to an inappropriate implementation in Chrome for iOS. Affected: Google Chrome on iOS (Chromium-based). Impact: UI spoofing risk; Severity: Medium (CVSS v3.1 base 4.3). Root cause: inappropriate implementation as ...
CVE-2026-13913
CVE-2026-13913 affects Autofill in Google Chrome on iOS. The root cause is insufficient policy enforcement, allowing a remote attacker who entices a user to perform specific UI gestures to leak cross-origin data via a crafted HTML page. The vulnerability concerns Chrome/iOS versions prior to 150....
CVE-2026-13914
The CVE-2026-13914 entry concerns Google Chrome on macOS with an insecure implementation in Password handling that could allow a local attacker to read potentially sensitive data from process memory via a malicious file. Affected software is Chrome for macOS; the issue is tied to versions prior t...
CVE-2026-13910
Summary: CVE-2026-13910 affects Google Chrome on Android, where WebXR policy enforcement is insufficient. The vulnerability could allow a remote attacker to leak cross-origin data through a crafted HTML page. The issue is tied to Chrome/Android WebXR, with the described impact as per multiple sou...
CVE-2026-13911
CVE-2026-13911 concerns Google Chrome’s Spellcheck: insufficient policy enforcement could allow a renderer-compromised attacker to read potentially sensitive data from process memory via a crafted HTML page. Affected are Chrome builds prior to 150.0.7871.47; exploitation is described as remote, r...
CVE-2026-13912
The CVE-2026-13912 affects Google Chrome on iOS prior to 150.0.7871.47, due to an Inappropriate implementation in Safe Browsing. This design issue enables a remote attacker to perform UI spoofing by presenting a crafted HTML page. The vulnerability description and connected records consistently i...
CVE-2026-13909
CVE-2026-13909 refers to insufficient policy enforcement in Google Chrome DevTools, allowing a remote attacker who has compromised the renderer process to potentially escape the sandbox via a crafted HTML page in Chrome versions before 150.0.7871.47. The vulnerability is described across multiple...
CVE-2026-13908
CVE-2026-13908 : Insufficient validation of untrusted input in the Omnibox of Google Chrome on iOS (before 150.0.7871.47) could allow a remote attacker to bypass navigation restrictions when a user performs specific UI gestures, via malicious network traffic. The vulnerability is documented with ...
CVE-2026-13907
CVE-2026-13907 describes an inappropriate implementation in iOSWeb in Google Chrome on iOS (versions prior to 150.0.7871.47) that could allow UI spoofing when a user is guided to perform specific UI gestures on a crafted HTML page. Impact is described as Medium (CVSS 4.2); remediation or patch de...
CVE-2026-13906
CVE-2026-13906 describes an out-of-bounds read in Google Chrome’s Codecs, exploitable via a crafted HTML page to access potentially sensitive data from process memory. Affected: Chrome prior to 150.0.7871.47. Impact per document: Confidentiality (partial) with network access and required user int...
CVE-2026-13905
Chrome for iOS on Google Chrome (iOS) is affected by a race in versions prior to 150.0.7871.47, allowing a local attacker with physical access to potentially read confidential data from process memory. The issue is documented across CVE-2026-13905 and EUVD-2026-40591. Remediation is to upgrade to...
CVE-2026-13903
CVE-2026-13903 affects Google Chrome’s Bluetooth implementation. The connected records describe insufficient policy enforcement in Chrome prior to version 150.0.7871.47, enabling privilege escalation via a crafted HTML page. There is no explicit exploitation detail or confirmed in-the-wild use in...