370548 matches found
CVE-2026-13951
CVE-2026-13951 concerns Google Chrome where insufficient policy enforcement in USB handling within the renderer can enable a sandbox escape via a crafted HTML page if the renderer is compromised. Affected product: Chrome/Chromium ecosystem; vulnerable component is the USB policy enforcement in th...
CVE-2026-13952
CVE-2026-13952 describes an inappropriate implementation in Chrome's PerformanceAPIs prior to 150.0.7871.47, allowing a remote attacker to leak cross-origin data through a crafted HTML page. The issue affects Google Chrome (Chromium-based). The vulnerability’s root cause is an insecure data expos...
CVE-2026-13948
CVE-2026-13948 : Concrete details in connected records show an insufficient policy enforcement in Google Chrome extensions prior to 150.0.7871.47, enabling a user-assisted UI spoofing attack if a user is convinced to install a malicious Chrome Extension. Root cause: policy enforcement weakness in...
CVE-2026-13949
Technical details about CVE-2026-13949 are not publicly available in the provided documents. The records reference the vulnerability in Chrome on Android, but no concrete impact, affected versions, exploits, or remediation steps are included. Monitor for updates.
CVE-2026-13950
CVE-2026-13950 affects Google Chrome (GPU component) with an uninitialized use in GPU that could allow a remote attacker who already compromised the renderer process to read potentially sensitive data from process memory via a crafted HTML page. Affected version range is Chrome before 150.0.7871....
CVE-2026-13945
CVE-2026-13945 concerns Google Chrome on Linux where insufficient policy enforcement in Extensions allows UI spoofing via a crafted extension. Affected: Chrome on Linux prior to version 150.0.7871.47. Impact is described as user interaction required for exploitation, enabling UI spoofing without ...
CVE-2026-13947
CVE-2026-13947 concerns Google Chrome’s XR handling. The vulnerability is described as an uninitialized use in XR that affects Chrome prior to version 150.0.7871.47 . A remote attacker who had already compromised the renderer process could potentially read sensitive information from the process m...
CVE-2026-13946
CVE-2026-13946 concerns Google Chrome on iOS. The issue is an inappropriate implementation in ScriptInjections , allowing a remote attacker to leak cross-origin data via a crafted HTML page. Affected product: Google Chrome on iOS prior to version 150.0.7871.47. Impact is cross-origin data leakage...
CVE-2026-13942
CVE-2026-13942 affects Google Chrome on ChromeOS prior to 150.0.7871.47, where an inappropriate implementation in the Video Capture component allows a local attacker to perform UI spoofing through a crafted HTML page. The issue is explicitly described across multiple sources as a local vulnerabil...
CVE-2026-13944
CVE-2026-13944 concerns Google Chrome on macOS where an inappropriate DataTransfer implementation allows a remote attacker to leak cross-origin data via a crafted HTML page, given user-initiated UI gestures. The issue is tied to the DataTransfer handling in Chrome before version 150.0.7871.47. Im...
CVE-2026-13943
CVE-2026-13943 affects Google Chrome on Android and is caused by uninitialized use in CSS. A crafted HTML page can allow a remote attacker to read potentially sensitive information from process memory. Affected version range is Chrome on Android prior to 150.0.7871.47; the issue is mitigated by u...
CVE-2026-13941
CVE-2026-13941 affects Google Chrome on Android. The vulnerability arises from an inappropriate SiteSettings implementation that enables UI spoofing via a crafted HTML page. Affected version is Chrome for Android before 150.0.7871.47. Impact is UI spoofing (no confidentiality, no data loss per th...
CVE-2026-13940
Technical details (affected product/version, root cause, exploitability) are not publicly available in the provided documents. Monitor for updates.
CVE-2026-13938
CVE-2026-13938 affects Google Chrome fonts handling prior to 150.0.7871.47. The underlying issue is an integer overflow in the Fonts component that enables a remote attacker to induce an out-of-bounds memory write via a crafted HTML page. The vulnerability is described with a Chromium-derived sev...
CVE-2026-13939
CVE-2026-13939 concerns Google Chrome on Android. The issue arises from insufficient validation of untrusted input in WebShare, allowing a remote attacker who has compromised the renderer process to perform UI spoofing via a crafted HTML page. Affected version range is Chrome on Android prior to ...
CVE-2026-13935
Summary: CVE-2026-13935 affects Google Chrome/Chromium ComputePressure. A side-channel information leakage allowed a remote attacker to exfiltrate cross-origin data via a crafted HTML page. The description specifies the affected platform as Google Chrome (Chromium) and notes the issue exists prio...
CVE-2026-13936
Technical details are not publicly available in the provided documents. Monitor for updates on CVE-2026-13936 for new information, and potential remediation guidance.
CVE-2026-13937
CVE-2026-13937 concerns Google Chrome where insufficient policy enforcement in passwords handling within the Chromium-based renderer allowed a remote attacker who had already compromised the renderer to leak cross-origin data via a crafted HTML page. The vulnerability is described in multiple sou...
CVE-2026-13932
The set of connected documents confirms CVE-2026-13932 affects Google Chrome on Android, due to an inappropriate implementation in Sharing that allowed a remote attacker with renderer access to leak cross-origin data via a crafted HTML page. Affected version range is prior to 150.0.7871.47; the i...
CVE-2026-13934
Affected software: Google Chrome (Android) with Dawn. Vulnerability: insufficient validation of untrusted input in Dawn could allow a renderer-compromised attacker to escape the sandbox via a crafted HTML page. Impact: potential sandbox escape, high/critical implications per CVSS (base 9.6). Affe...