370276 matches found
CVE-2026-13920
CVE-2026-13920 describes insufficient validation of untrusted input in Chrome’s media handling on Windows before 150.0.7871.47, allowing a renderer-compromised attacker to potentially escape the sandbox via a crafted HTML page. Affected software: Google Chrome on Windows (renderer process). Root ...
CVE-2026-13918
CVE-2026-13918 concerns Chrome for iOS (iOS) prior to 150.0.7871.47, where a use-after-free vulnerability in the browser could allow a remote attacker to potentially trigger heap corruption via a crafted HTML page. The connected Debian/OSV and related entries corroborate the description and ident...
CVE-2026-13919
CVE-2026-13919 describes an insufficent policy enforcement in Chrome’s Extensions on Chromium-based builds, where a crafted HTML page could enable a remote attacker with renderer access to bypass site isolation. Affected software/component: Google Chrome (Extensions/Chromium core). Root cause: po...
CVE-2026-13917
Affected product: Chrome for iOS (Google Chrome on iOS). Vulnerable component: untrusted input validation in the iOS browser. Root cause: insufficient validation of untrusted input in a crafted HTML page that, with user engagement via specific UI gestures, lets an attacker bypass navigation restr...
CVE-2026-13915
CVE-2026-13915 affects Chrome for iOS (Google Chrome on iOS) prior to version 150.0.7871.47. The vulnerability is described as a use-after-free that could lead to heap corruption when a remote attacker convinces a user to perform specific UI gestures on a crafted HTML page. Impact details in the ...
CVE-2026-13916
Chrome for iOS prior to 150.0.7871.47 allows UI spoofing via a crafted HTML page due to an inappropriate implementation in Chrome for iOS. Affected: Google Chrome on iOS (Chromium-based). Impact: UI spoofing risk; Severity: Medium (CVSS v3.1 base 4.3). Root cause: inappropriate implementation as ...
CVE-2026-13913
CVE-2026-13913 affects Autofill in Google Chrome on iOS. The root cause is insufficient policy enforcement, allowing a remote attacker who entices a user to perform specific UI gestures to leak cross-origin data via a crafted HTML page. The vulnerability concerns Chrome/iOS versions prior to 150....
CVE-2026-13914
The CVE-2026-13914 entry concerns Google Chrome on macOS with an insecure implementation in Password handling that could allow a local attacker to read potentially sensitive data from process memory via a malicious file. Affected software is Chrome for macOS; the issue is tied to versions prior t...
CVE-2026-13910
Summary: CVE-2026-13910 affects Google Chrome on Android, where WebXR policy enforcement is insufficient. The vulnerability could allow a remote attacker to leak cross-origin data through a crafted HTML page. The issue is tied to Chrome/Android WebXR, with the described impact as per multiple sou...
CVE-2026-13911
CVE-2026-13911 concerns Google Chrome’s Spellcheck: insufficient policy enforcement could allow a renderer-compromised attacker to read potentially sensitive data from process memory via a crafted HTML page. Affected are Chrome builds prior to 150.0.7871.47; exploitation is described as remote, r...
CVE-2026-13912
The CVE-2026-13912 affects Google Chrome on iOS prior to 150.0.7871.47, due to an Inappropriate implementation in Safe Browsing. This design issue enables a remote attacker to perform UI spoofing by presenting a crafted HTML page. The vulnerability description and connected records consistently i...
CVE-2026-13909
CVE-2026-13909 refers to insufficient policy enforcement in Google Chrome DevTools, allowing a remote attacker who has compromised the renderer process to potentially escape the sandbox via a crafted HTML page in Chrome versions before 150.0.7871.47. The vulnerability is described across multiple...
CVE-2026-13908
CVE-2026-13908 : Insufficient validation of untrusted input in the Omnibox of Google Chrome on iOS (before 150.0.7871.47) could allow a remote attacker to bypass navigation restrictions when a user performs specific UI gestures, via malicious network traffic. The vulnerability is documented with ...
CVE-2026-13907
CVE-2026-13907 describes an inappropriate implementation in iOSWeb in Google Chrome on iOS (versions prior to 150.0.7871.47) that could allow UI spoofing when a user is guided to perform specific UI gestures on a crafted HTML page. Impact is described as Medium (CVSS 4.2); remediation or patch de...
CVE-2026-13906
CVE-2026-13906 describes an out-of-bounds read in Google Chrome’s Codecs, exploitable via a crafted HTML page to access potentially sensitive data from process memory. Affected: Chrome prior to 150.0.7871.47. Impact per document: Confidentiality (partial) with network access and required user int...
CVE-2026-13905
Chrome for iOS on Google Chrome (iOS) is affected by a race in versions prior to 150.0.7871.47, allowing a local attacker with physical access to potentially read confidential data from process memory. The issue is documented across CVE-2026-13905 and EUVD-2026-40591. Remediation is to upgrade to...
CVE-2026-13903
CVE-2026-13903 affects Google Chrome’s Bluetooth implementation. The connected records describe insufficient policy enforcement in Chrome prior to version 150.0.7871.47, enabling privilege escalation via a crafted HTML page. There is no explicit exploitation detail or confirmed in-the-wild use in...
CVE-2026-13904
CVE-2026-13904 describes an Inappropriate implementation in Safe Browsing for Google Chrome on iOS, where navigation restrictions could be bypassed by a remote attacker via a crafted HTML page. Affected product: Google Chrome on iOS. The root cause is an improper Safe Browsing implementation prio...
CVE-2026-13902
CVE-2026-13902 affects Chrome on iOS (Google Chrome on iOS) prior to version 150.0.7871.47 . The issue is described as an inappropriate implementation in Chrome for iOS that allows a remote attacker to perform UI spoofing via a crafted HTML page. The vulnerability is documented across multiple so...
CVE-2026-13900
CVE-2026-13900 concerns Chromecast in Google Chrome. A flawed implementation allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. Affected software is Chrome/Chromecast prior to version 150.0.7871.47. This could enable navig...