370596 matches found
CVE-2026-13902
CVE-2026-13902 affects Chrome on iOS (Google Chrome on iOS) prior to version 150.0.7871.47 . The issue is described as an inappropriate implementation in Chrome for iOS that allows a remote attacker to perform UI spoofing via a crafted HTML page. The vulnerability is documented across multiple so...
CVE-2026-13899
CVE-2026-13899 affects Google Chrome (Chromium) prior to 150.0.7871.47, with a use-after-free in HTML that allows a remote attacker to execute arbitrary code inside the sandbox via a crafted HTML page. Impact is rated high (C/H/I/A: High). The vulnerability is addressed by updating to Chrome 150....
CVE-2026-13900
CVE-2026-13900 concerns Chromecast in Google Chrome. A flawed implementation allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. Affected software is Chrome/Chromecast prior to version 150.0.7871.47. This could enable navig...
CVE-2026-13901
The connected advisories identify CVE-2026-13901 as a Chrome/Chromium issue where insufficient policy enforcement in the Serial sandbox allowed a renderer-compromised page to potentially escape the sandbox via a crafted HTML page. Affected product: Google Chrome (Chromium-based) with versions pri...
CVE-2026-13897
Summary: CVE-2026-13897 affects Chromecast-in-Chrome functionality in Google Chrome, with the root cause described as insufficient policy enforcement. The vulnerability permits a remote attacker to escalate privileges via a crafted HTML page, under the condition that the target is on a Chrome ver...
CVE-2026-13898
CVE-2026-13898 affects Google Chrome’s Cast Receiver. A use-after-free flaw in the Cast Receiver component can be triggered by a crafted HTML page, enabling a remote attacker to execute arbitrary code inside the sandbox. Affected are Chrome versions prior to 150.0.7871.47; exploitation requires n...
CVE-2026-13894
Affected software: Google Chrome (Chromium-based). The issue is described as insufficient policy enforcement in the Network component prior to version 150.0.7871.47, allowing an attacker with a privileged network position to bypass navigation restrictions via a crafted HTML page. Severity is rate...
CVE-2026-13895
CVE-2026-13895 concerns an inappropriate implementation in Google Chrome’s Autofill component (Chromium) prior to version 150.0.7871.47. A remote attacker could trigger UI spoofing by persuading a user to perform specific UI gestures on a crafted HTML page. The documented impact is limited to UI ...
CVE-2026-13896
The connected sources confirm CVE-2026-13896 affects Google Chrome (Chromium-based) with insufficient policy enforcement in “Glic” prior to version 150.0.7871.47, enabling a remote attacker to bypass navigation restrictions via a crafted HTML page. The impact is described as medium. The vulnerabi...
CVE-2026-13893
CVE-2026-13893 affects Google Chrome (WebUI) with insufficient validation of untrusted input in WebUI, allowing a remote attacker to leak cross-origin data via malicious network traffic. Affected component: Chrome/WebUI; root cause: insufficient input validation in WebUI before version 150.0.7871...
CVE-2026-13891
Vulnerability summary (CVE-2026-13891): Insufficient validation of untrusted input in the Extensions component of Google Chrome up to version 150.0.7871.47 allows a remote attacker who has already compromised the renderer process to escalate privileges by loading a crafted HTML page. The issue is...
CVE-2026-13892
CVE-2026-13892 concerns Chrome for iOS before version 150.0.7871.47, where an inappropriate implementation allowed a remote attacker who lured a user into specific UI gestures to leak cross-origin data via a crafted HTML page. The issue affects Chrome on iOS (Chromium-based) and has a Medium seve...
CVE-2026-13890
CVE-2026-13890 describes an out-of-bounds read in Chromecast within Google Chrome before version 150.0.7871.47. An attacker who already compromised the renderer process could exploit a crafted HTML page to read potentially sensitive information from process memory. The impact is data leakage of m...
CVE-2026-13888
The CVE-2026-13888 entry concerns a use-after-free in Chrome’s Extensions component affecting Chrome builds prior to 150.0.7871.47. The vulnerability allows a remote attacker to execute arbitrary code inside the Chrome sandbox via a crafted HTML page. Affected software: Google Chrome (Extensions ...
CVE-2026-13889
Consolidated analysis for CVE-2026-13889: A side-channel information leakage in WebAuthentication on Google Chrome for iOS (Chromium-based) affects the WebAuthentication component. The vulnerability allows a remote attacker to leak cross-origin data through a crafted HTML page. Affected product/a...
CVE-2026-13886
Affected software: Google Chrome Isolated Web Apps. Vulnerability: insufficient policy enforcement that allows a remote attacker to bypass Content Security Policy via a crafted HTML page. Root cause (as described across connected sources): policy enforcement gaps in Isolated Web Apps prior to ver...
CVE-2026-13887
The CVE-2026-13887 entry relates to Google Chrome for Android, where an inappropriate NFC implementation before version 150.0.7871.47 allowed a remote attacker who had already compromised the renderer process to leak cross-origin data via a crafted HTML page. This is triggered by a renderer compr...
CVE-2026-13883
CVE-2026-13883 describes a Type Confusion in ANGLE used by Google Chrome prior to 150.0.7871.47 that can potentially allow a remote attacker to perform a sandbox escape via a crafted HTML page. The vulnerability impact is described as high/critical (CVSS v3.1 base score 9.6) with network attack v...
CVE-2026-13884
CVE-2026-13884 affects Chromecast in Google Chrome prior to 150.0.7871.47, where an integer overflow could allow a local attacker to execute arbitrary code via malicious network traffic. The issue is documented across multiple feeds (NVD, Debian, EUVD, CVE listing, etc.). The base impact is high ...
CVE-2026-13885
Summary: CVE-2026-13885 is a use-after-free in Skia used by Google Chrome on Android, allowing remote code execution via a crafted HTML page. Affected product/component: Skia within Chrome on Android; Root cause: use-after-free in Skia rendering path. Impact: arbitrary code execution inside the b...