370314 matches found
CVE-2026-13897
Summary: CVE-2026-13897 affects Chromecast-in-Chrome functionality in Google Chrome, with the root cause described as insufficient policy enforcement. The vulnerability permits a remote attacker to escalate privileges via a crafted HTML page, under the condition that the target is on a Chrome ver...
CVE-2026-13898
CVE-2026-13898 affects Google Chrome’s Cast Receiver. A use-after-free flaw in the Cast Receiver component can be triggered by a crafted HTML page, enabling a remote attacker to execute arbitrary code inside the sandbox. Affected are Chrome versions prior to 150.0.7871.47; exploitation requires n...
CVE-2026-13895
CVE-2026-13895 concerns an inappropriate implementation in Google Chrome’s Autofill component (Chromium) prior to version 150.0.7871.47. A remote attacker could trigger UI spoofing by persuading a user to perform specific UI gestures on a crafted HTML page. The documented impact is limited to UI ...
CVE-2026-13894
Affected software: Google Chrome (Chromium-based). The issue is described as insufficient policy enforcement in the Network component prior to version 150.0.7871.47, allowing an attacker with a privileged network position to bypass navigation restrictions via a crafted HTML page. Severity is rate...
CVE-2026-13896
The connected sources confirm CVE-2026-13896 affects Google Chrome (Chromium-based) with insufficient policy enforcement in “Glic” prior to version 150.0.7871.47, enabling a remote attacker to bypass navigation restrictions via a crafted HTML page. The impact is described as medium. The vulnerabi...
CVE-2026-13892
CVE-2026-13892 concerns Chrome for iOS before version 150.0.7871.47, where an inappropriate implementation allowed a remote attacker who lured a user into specific UI gestures to leak cross-origin data via a crafted HTML page. The issue affects Chrome on iOS (Chromium-based) and has a Medium seve...
CVE-2026-13891
Vulnerability summary (CVE-2026-13891): Insufficient validation of untrusted input in the Extensions component of Google Chrome up to version 150.0.7871.47 allows a remote attacker who has already compromised the renderer process to escalate privileges by loading a crafted HTML page. The issue is...
CVE-2026-13893
CVE-2026-13893 affects Google Chrome (WebUI) with insufficient validation of untrusted input in WebUI, allowing a remote attacker to leak cross-origin data via malicious network traffic. Affected component: Chrome/WebUI; root cause: insufficient input validation in WebUI before version 150.0.7871...
CVE-2026-13890
CVE-2026-13890 describes an out-of-bounds read in Chromecast within Google Chrome before version 150.0.7871.47. An attacker who already compromised the renderer process could exploit a crafted HTML page to read potentially sensitive information from process memory. The impact is data leakage of m...
CVE-2026-13889
Consolidated analysis for CVE-2026-13889: A side-channel information leakage in WebAuthentication on Google Chrome for iOS (Chromium-based) affects the WebAuthentication component. The vulnerability allows a remote attacker to leak cross-origin data through a crafted HTML page. Affected product/a...
CVE-2026-13888
The CVE-2026-13888 entry concerns a use-after-free in Chrome’s Extensions component affecting Chrome builds prior to 150.0.7871.47. The vulnerability allows a remote attacker to execute arbitrary code inside the Chrome sandbox via a crafted HTML page. Affected software: Google Chrome (Extensions ...
CVE-2026-13887
The CVE-2026-13887 entry relates to Google Chrome for Android, where an inappropriate NFC implementation before version 150.0.7871.47 allowed a remote attacker who had already compromised the renderer process to leak cross-origin data via a crafted HTML page. This is triggered by a renderer compr...
CVE-2026-13886
Affected software: Google Chrome Isolated Web Apps. Vulnerability: insufficient policy enforcement that allows a remote attacker to bypass Content Security Policy via a crafted HTML page. Root cause (as described across connected sources): policy enforcement gaps in Isolated Web Apps prior to ver...
CVE-2026-13884
CVE-2026-13884 affects Chromecast in Google Chrome prior to 150.0.7871.47, where an integer overflow could allow a local attacker to execute arbitrary code via malicious network traffic. The issue is documented across multiple feeds (NVD, Debian, EUVD, CVE listing, etc.). The base impact is high ...
CVE-2026-13883
CVE-2026-13883 describes a Type Confusion in ANGLE used by Google Chrome prior to 150.0.7871.47 that can potentially allow a remote attacker to perform a sandbox escape via a crafted HTML page. The vulnerability impact is described as high/critical (CVSS v3.1 base score 9.6) with network attack v...
CVE-2026-13885
Summary: CVE-2026-13885 is a use-after-free in Skia used by Google Chrome on Android, allowing remote code execution via a crafted HTML page. Affected product/component: Skia within Chrome on Android; Root cause: use-after-free in Skia rendering path. Impact: arbitrary code execution inside the b...
CVE-2026-13881
CVE-2026-13881 details (concrete): In Google Chrome (Chromium WebAppInstalls) before version 150.0.7871.47, an inappropriate implementation allows a remote attacker to bypass the same-origin policy via a crafted HTML page. This is a network-exploitable issue with user interaction required and pot...
CVE-2026-13880
Google Chrome for macOS prior to 150.0.7871.47 is affected by CVE-2026-13880 due to a use-after-free in USB handling that could allow a remote attacker who has compromised the renderer process to escape the sandbox via a crafted HTML page. The issue affects Chrome on Mac, with the mitigation bein...
CVE-2026-13882
CVE-2026-13882 describes a race in USB handling in Google Chrome before 150.0.7871.47 that could allow a remote attacker who has compromised the renderer process to escape the sandbox via a crafted HTML page. The issue is documented across NVD, Debian, EUVD, and other feeds with a consistent desc...
CVE-2026-13878
CVE-2026-13878: A use-after-free in Bluetooth in Google Chrome on macOS (before 150.0.7871.47) could allow a remote attacker who has compromised the renderer process to potentially escape the sandbox via a crafted HTML page. Affected product: Google Chrome on macOS; root cause: use-after-free in ...