370480 matches found
CVE-2026-13985
The CVE-2026-13985 issue affects Google Chrome (Chromium-based) where an inappropriate implementation in MediaCapture allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Impact is UI spoofing with no confidentiality or availability lo...
CVE-2026-13984
The CVE-2026-13984 entry covers Google Chrome’s TabStrip UI security flaw. Affects Chrome versions before 150.0.7871.47, allowing a remote attacker to perform UI spoofing via a crafted HTML page. The vulnerability is due to incorrect security UI behavior in the TabStrip, as described across multi...
CVE-2026-13981
CVE-2026-13981: In Chrome for iOS, Google Chrome on iOS contains an inappropriate implementation that enables UI spoofing via a crafted HTML page. Affected product is Chrome for iOS; root cause is an implementation flaw in the iOS build. Impact stated: remote attacker could perform UI spoofing. R...
CVE-2026-13982
Concretely, CVE-2026-13982 affects Google Chrome (Chromium-based) Passwords UI, where incorrect security UI allowed a remote attacker who compromised the renderer process to perform UI spoofing via a crafted HTML page. The vulnerability is tied to rendering context abuse and is exploitable withou...
CVE-2026-13978
CVE-2026-13978 affects Google Chrome; Insufficient policy enforcement in PageInfo allows UI spoofing via a crafted HTML page in versions prior to 150.0.7871.47. The issue has a CVSS 3.1 base score of 4.3 (Medium) with network attack vector, no confidentiality or availability impact, and user inte...
CVE-2026-13980
CVE-2026-13980 affects Chrome for iOS (Google Chrome on iOS). The vulnerability stems from an inappropriate implementation in Chrome for iOS prior to version 150.0.7871.47, enabling a remote attacker to perform UI spoofing via a crafted HTML page. Documents consistently describe the issue as a UI...
CVE-2026-13979
The CVE-2026-13979 entry refers to an Inappropriate implementation in Paint in Google Chrome prior to 150.0.7871.47 that allows a remote attacker to perform UI spoofing via a crafted HTML page. Affected software is Google Chrome (Paint component) with the underlying issue described as a UI spoofi...
CVE-2026-13975
CVE-2026-13975 affects ANGLE in Google Chrome on macOS. The vulnerability is an out-of-bounds read in ANGLE that could allow a remote attacker who has compromised the renderer process to read potentially sensitive data from process memory via a crafted HTML page. The issue arises in Chrome prior ...
CVE-2026-13976
CVE-2026-13976 : In Google Chrome, insufficient data validation in Storage prior to 150.0.7871.47 could allow a remote attacker who has compromised a renderer process to potentially perform a sandbox escape via a crafted HTML page. This vulnerability has a Medium severity (CVSS 3.1: AV:N/AC:H/PR:...
CVE-2026-13977
CVE-2026-13977 describes an insecure implementation in HTMLParser in Google Chrome/Chromium, enabling UXSS by injecting scripts/HTML through a crafted HTML page. The vulnerability affects Chrome/Chromium builds prior to 150.0.7871.47, with a CVSS v3.1 base score of 5.4 (Medium). The provided docu...
CVE-2026-13973
CVE-2026-13973 affects Google Chrome UI handling: an inappropriate UI implementation prior to version 150.0.7871.47 allows a remote attacker to spoof UI via a crafted HTML page when a user is guided to perform specific UI gestures. The vulnerability is described across NVD/ENISA/CVE records with ...
CVE-2026-13974
Google Chrome on macOS Safe Browsing contains an integer overflow that lets a remote attacker bypass navigation restrictions via a malicious file. This affects Chrome on Mac prior to 150.0.7871.47. Impact aligns with the description (Chromium security severity: Medium); exploitation details are n...
CVE-2026-13971
CVE-2026-13971 refers to an uninitialized use in Skia used by Google Chrome prior to 150.0.7871.47. This could allow a remote attacker who already compromised the renderer process to read potentially sensitive data from process memory via a crafted HTML page. Affected software: Google Chrome (Ski...
CVE-2026-13970
CVE-2026-13970 : In Google Chrome, an uninitialized-use vulnerability in the Media component allows a remote attacker who has compromised the renderer process to read potentially sensitive data from process memory via a crafted HTML page. Affected versions are before 150.0.7871.47. Impact is info...
CVE-2026-13972
CVE-2026-13972 affects Google Chrome (Paint) prior to version 150.0.7871.47. Root cause: Inappropriate implementation in Paint allowing a remote attacker to trigger UI spoofing through a crafted HTML page. Impact is UI spoofing with no data disclosure or other impacts stated; impact categories in...
CVE-2026-13969
CVE-2026-13969 affects Google Chrome on Android: an uninitialized UI state in the renderer allows reading potentially sensitive memory via a crafted HTML page when the renderer is compromised. Exploitation involves a network attack with user interaction required; impact is confidentiality (high)....
CVE-2026-13967
The CVE-2026-13967 entry concerns a heap buffer overflow in V8 (Chrome) prior to version 150.0.7871.47. A crafted HTML page could allow a remote attacker to execute arbitrary code inside the browser sandbox. The issue is reported with a Chromium severity of Medium and a CVSS base score of 8.8 (Hi...
CVE-2026-13968
The vulnerability CVE-2026-13968 affects Google Chrome DevTools prior to 150.0.7871.47. It arises from insufficient validation of untrusted input, enabling a remote attacker who entices a user to perform specific UI gestures to execute arbitrary code inside a sandbox via a malicious file. The con...
CVE-2026-13965
CVE-2026-13965: Use-after-free in Oilpan within Google Chrome (Chromium) before 150.0.7871.47 allows a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Impact: high (arbitrary code in sandbox); attack vector: network, user interaction required. Affected product:...
CVE-2026-13966
CVE-2026-13966 affects Google Chrome/history UI, where an inappropriate implementation in History prior to 150.0.7871.47 allows a remote attacker to perform UI spoofing via a crafted HTML page. The NVD/ENISA/OSV entries consistently cite this Chrome history UI spoofing issue with a CVSSv3.1 base ...