370289 matches found
CVE-2026-13914
The CVE-2026-13914 entry concerns Google Chrome on macOS with an insecure implementation in Password handling that could allow a local attacker to read potentially sensitive data from process memory via a malicious file. Affected software is Chrome for macOS; the issue is tied to versions prior t...
CVE-2026-13910
Summary: CVE-2026-13910 affects Google Chrome on Android, where WebXR policy enforcement is insufficient. The vulnerability could allow a remote attacker to leak cross-origin data through a crafted HTML page. The issue is tied to Chrome/Android WebXR, with the described impact as per multiple sou...
CVE-2026-13911
CVE-2026-13911 concerns Google Chrome’s Spellcheck: insufficient policy enforcement could allow a renderer-compromised attacker to read potentially sensitive data from process memory via a crafted HTML page. Affected are Chrome builds prior to 150.0.7871.47; exploitation is described as remote, r...
CVE-2026-13912
The CVE-2026-13912 affects Google Chrome on iOS prior to 150.0.7871.47, due to an Inappropriate implementation in Safe Browsing. This design issue enables a remote attacker to perform UI spoofing by presenting a crafted HTML page. The vulnerability description and connected records consistently i...
CVE-2026-13909
CVE-2026-13909 refers to insufficient policy enforcement in Google Chrome DevTools, allowing a remote attacker who has compromised the renderer process to potentially escape the sandbox via a crafted HTML page in Chrome versions before 150.0.7871.47. The vulnerability is described across multiple...
CVE-2026-13908
CVE-2026-13908 : Insufficient validation of untrusted input in the Omnibox of Google Chrome on iOS (before 150.0.7871.47) could allow a remote attacker to bypass navigation restrictions when a user performs specific UI gestures, via malicious network traffic. The vulnerability is documented with ...
CVE-2026-13907
CVE-2026-13907 describes an inappropriate implementation in iOSWeb in Google Chrome on iOS (versions prior to 150.0.7871.47) that could allow UI spoofing when a user is guided to perform specific UI gestures on a crafted HTML page. Impact is described as Medium (CVSS 4.2); remediation or patch de...
CVE-2026-13906
CVE-2026-13906 describes an out-of-bounds read in Google Chrome’s Codecs, exploitable via a crafted HTML page to access potentially sensitive data from process memory. Affected: Chrome prior to 150.0.7871.47. Impact per document: Confidentiality (partial) with network access and required user int...
CVE-2026-13905
Chrome for iOS on Google Chrome (iOS) is affected by a race in versions prior to 150.0.7871.47, allowing a local attacker with physical access to potentially read confidential data from process memory. The issue is documented across CVE-2026-13905 and EUVD-2026-40591. Remediation is to upgrade to...
CVE-2026-13903
CVE-2026-13903 affects Google Chrome’s Bluetooth implementation. The connected records describe insufficient policy enforcement in Chrome prior to version 150.0.7871.47, enabling privilege escalation via a crafted HTML page. There is no explicit exploitation detail or confirmed in-the-wild use in...
CVE-2026-13904
CVE-2026-13904 describes an Inappropriate implementation in Safe Browsing for Google Chrome on iOS, where navigation restrictions could be bypassed by a remote attacker via a crafted HTML page. Affected product: Google Chrome on iOS. The root cause is an improper Safe Browsing implementation prio...
CVE-2026-13902
CVE-2026-13902 affects Chrome on iOS (Google Chrome on iOS) prior to version 150.0.7871.47 . The issue is described as an inappropriate implementation in Chrome for iOS that allows a remote attacker to perform UI spoofing via a crafted HTML page. The vulnerability is documented across multiple so...
CVE-2026-13900
CVE-2026-13900 concerns Chromecast in Google Chrome. A flawed implementation allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. Affected software is Chrome/Chromecast prior to version 150.0.7871.47. This could enable navig...
CVE-2026-13899
CVE-2026-13899 affects Google Chrome (Chromium) prior to 150.0.7871.47, with a use-after-free in HTML that allows a remote attacker to execute arbitrary code inside the sandbox via a crafted HTML page. Impact is rated high (C/H/I/A: High). The vulnerability is addressed by updating to Chrome 150....
CVE-2026-13901
The connected advisories identify CVE-2026-13901 as a Chrome/Chromium issue where insufficient policy enforcement in the Serial sandbox allowed a renderer-compromised page to potentially escape the sandbox via a crafted HTML page. Affected product: Google Chrome (Chromium-based) with versions pri...
CVE-2026-13897
Summary: CVE-2026-13897 affects Chromecast-in-Chrome functionality in Google Chrome, with the root cause described as insufficient policy enforcement. The vulnerability permits a remote attacker to escalate privileges via a crafted HTML page, under the condition that the target is on a Chrome ver...
CVE-2026-13898
CVE-2026-13898 affects Google Chrome’s Cast Receiver. A use-after-free flaw in the Cast Receiver component can be triggered by a crafted HTML page, enabling a remote attacker to execute arbitrary code inside the sandbox. Affected are Chrome versions prior to 150.0.7871.47; exploitation requires n...
CVE-2026-13894
Affected software: Google Chrome (Chromium-based). The issue is described as insufficient policy enforcement in the Network component prior to version 150.0.7871.47, allowing an attacker with a privileged network position to bypass navigation restrictions via a crafted HTML page. Severity is rate...
CVE-2026-13895
CVE-2026-13895 concerns an inappropriate implementation in Google Chrome’s Autofill component (Chromium) prior to version 150.0.7871.47. A remote attacker could trigger UI spoofing by persuading a user to perform specific UI gestures on a crafted HTML page. The documented impact is limited to UI ...
CVE-2026-13896
The connected sources confirm CVE-2026-13896 affects Google Chrome (Chromium-based) with insufficient policy enforcement in “Glic” prior to version 150.0.7871.47, enabling a remote attacker to bypass navigation restrictions via a crafted HTML page. The impact is described as medium. The vulnerabi...