370480 matches found
CVE-2026-13964
CVE-2026-13964 affects WebView in Google Chrome on Android. The vulnerability is due to insufficient policy enforcement that allowed bypassing navigation restrictions via a crafted HTML page. Impact is a medium severity remote issue. The documented fix is Chrome version 150.0.7871.47 or later; up...
CVE-2026-13963
In Chrome, CVE-2026-13963 involves an inappropriate DevTools implementation allowing a remote attacker to leak cross-origin data via a crafted HTML page when a user performs specific UI gestures. Affected product/area: Google Chrome DevTools. Vulnerable state: prior to version 150.0.7871.47. Root...
CVE-2026-13962
CVE-2026-13962 affects Google Chrome (Chromium-based) prior to 150.0.7871.47. The issue is insufficient data validation in PDF handling within the renderer process, allowing a remote attacker who has already compromised the renderer to bypass navigation restrictions via a crafted HTML page. The o...
CVE-2026-13961
The CVE-2026-13961 issue affects Google Chrome on Windows, specifically DevTools. It arises from insufficient validation of untrusted input, allowing a remote attacker who convinces a user to perform certain UI gestures to potentially read sensitive data from process memory via a crafted HTML pag...
CVE-2026-13960
Summary: CVE-2026-13960 describes an inappropriate implementation in Google Chrome’s Passwords feature prior to version 150.0.7871.47 that allows a remote attacker to perform UI spoofing through a crafted HTML page. The issue is tracked with a Medium severity (CVSS v3.1: 4.3) and involves network...
CVE-2026-13959
The CVE-2026-13959 entry describes an issue in Blink (Chrome) where insufficient validation of untrusted input allows a remote attacker to bypass the Same Origin policy via a crafted HTML page. Affected software is Google Chrome (Blink engine) with versions prior to 150.0.7871.47. The impact is a...
CVE-2026-13958
CVE-2026-13958 concerns Google Chrome on Windows prior to 150.0.7871.47 where an uninitialized use in the codecs component could allow a remote attacker to read potentially sensitive data from process memory via a crafted HTML page. This is the explicit vulnerability scenario described across mul...
CVE-2026-13956
CVE-2026-13956 affects Google Chrome’s PageInfo security UI, where an attacker could induce UI spoofing via a crafted HTML page. The issue is described as an incorrect security UI in PageInfo, allowing a remote attacker to exploit user interactions after luring a user to perform specific UI gestu...
CVE-2026-13957
Chrome extensions UXSS issue (CVE-2026-13957): Incorrect security UI in Extensions allowed a user-assisted attacker to inject arbitrary scripts/HTML via a crafted HTML page in Chrome before version 150.0.7871.47. Impact is partial and requires user interaction; update to Chrome 150.0.7871.47 or n...
CVE-2026-13954
The CVE-2026-13954 entry concerns Google Chrome on Android with an XML policy enforcement flaw. The issue is described as insufficient policy enforcement in XML that could allow a remote attacker to read potentially sensitive information from process memory via a crafted HTML page. Affected softw...
CVE-2026-13953
Summary: CVE-2026-13953 affects Google Chrome’s SplitView implementation in Chromium. An insecure/incorrect SplitView behavior allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. This is rated Medium (CVSSv3.1 base score 6....
CVE-2026-13955
Technical details are not publicly available in the provided documents. Monitor for updates on CVE-2026-13955.
CVE-2026-13951
CVE-2026-13951 concerns Google Chrome where insufficient policy enforcement in USB handling within the renderer can enable a sandbox escape via a crafted HTML page if the renderer is compromised. Affected product: Chrome/Chromium ecosystem; vulnerable component is the USB policy enforcement in th...
CVE-2026-13952
CVE-2026-13952 describes an inappropriate implementation in Chrome's PerformanceAPIs prior to 150.0.7871.47, allowing a remote attacker to leak cross-origin data through a crafted HTML page. The issue affects Google Chrome (Chromium-based). The vulnerability’s root cause is an insecure data expos...
CVE-2026-13948
CVE-2026-13948 : Concrete details in connected records show an insufficient policy enforcement in Google Chrome extensions prior to 150.0.7871.47, enabling a user-assisted UI spoofing attack if a user is convinced to install a malicious Chrome Extension. Root cause: policy enforcement weakness in...
CVE-2026-13949
Technical details about CVE-2026-13949 are not publicly available in the provided documents. The records reference the vulnerability in Chrome on Android, but no concrete impact, affected versions, exploits, or remediation steps are included. Monitor for updates.
CVE-2026-13950
CVE-2026-13950 affects Google Chrome (GPU component) with an uninitialized use in GPU that could allow a remote attacker who already compromised the renderer process to read potentially sensitive data from process memory via a crafted HTML page. Affected version range is Chrome before 150.0.7871....
CVE-2026-13946
CVE-2026-13946 concerns Google Chrome on iOS. The issue is an inappropriate implementation in ScriptInjections , allowing a remote attacker to leak cross-origin data via a crafted HTML page. Affected product: Google Chrome on iOS prior to version 150.0.7871.47. Impact is cross-origin data leakage...
CVE-2026-13945
CVE-2026-13945 concerns Google Chrome on Linux where insufficient policy enforcement in Extensions allows UI spoofing via a crafted extension. Affected: Chrome on Linux prior to version 150.0.7871.47. Impact is described as user interaction required for exploitation, enabling UI spoofing without ...
CVE-2026-13947
CVE-2026-13947 concerns Google Chrome’s XR handling. The vulnerability is described as an uninitialized use in XR that affects Chrome prior to version 150.0.7871.47 . A remote attacker who had already compromised the renderer process could potentially read sensitive information from the process m...