370642 matches found
CVE-2026-13868
Technical details (affected components, root cause, fixes) are not publicly available in the provided documents; monitor for updates from official advisories.
CVE-2026-13867
CVE-2026-13867 affects Google Chrome’s Geolocation implementation. The vulnerability arises from an inappropriate Geolocation implementation, enabling a remote attacker to spoof UI via a crafted HTML page. Impact is UI spoofing with no confirmed exploitation details beyond the description; affect...
CVE-2026-13865
CVE-2026-13865 : The connected records confirm an issue in Google Chrome/Chromium where insufficient validation of untrusted input in the browser UI allows a remote attacker to spoof the UI via a crafted HTML page. Affected component is the browser UI handling, with the root cause described as in...
CVE-2026-13866
CVE-2026-13866 affects Google Chrome on Android prior to 150.0.7871.47. The issue is an inappropriate implementation in Input that lets a remote attacker with renderer access bypass site isolation via a crafted HTML page. Impact is a site-isolation bypass with potential access to other origins; n...
CVE-2026-13864
CVE-2026-13864 affects Google Chrome WebHID. Prior to version 150.0.7871.47, insufficient policy enforcement allowed an attacker to escalate privileges by convincing a user to install a crafted Chrome Extension. Impact: local privilege escalation; exploitation requires user interaction (installin...
CVE-2026-13862
CVE-2026-13862 affects Google Chrome on iOS (prior to 150.0.7871.47). The issue is insufficient policy enforcement in Web Authentication (Passkeys & Security Keys), allowing a privileged-network attacker to exfiltrate cross-origin data via a crafted HTML page. The vulnerability is described acros...
CVE-2026-13861
CVE-2026-13861 : Use-after-free in Chrome’s Core component prior to 150.0.7871.47 allows a remote attacker who has compromised the renderer process to potentially escape the sandbox via a crafted HTML page. Exploitation details in the connected records indicate an impact across confidentiality, i...
CVE-2026-13863
The CVE-2026-13863 entry describes insufficient validation of untrusted input in CustomTabs for Google Chrome on Android, prior to version 150.0.7871.47, enabling a local privilege escalation via a malicious file. Affected component: Chrome’s CustomTabs on Android; root cause: inadequate input va...
CVE-2026-13859
The CVE-2026-13859 entry describes an issue in ANGLE used by Google Chrome, where an inappropriate ANGLE implementation prior to Chrome 150.0.7871.47 could allow a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Affected product/component: ANGLE in Chromium-based ...
CVE-2026-13858
CVE-2026-13858 involves an out-of-bounds read in FFmpeg when used by Google Chrome prior to version 150.0.7871.47. The vulnerability could allow a remote attacker to read process memory via a crafted video file, with the impact described as high confidentiality risk and no changes to integrity/av...
CVE-2026-13860
Google Chrome on Windows is affected by CVE-2026-13860 due to an Incorrect security UI in Autofill, allowing UI spoofing when a user is induced to perform specific UI gestures via a crafted HTML page. The issue affects Chrome versions prior to 150.0.7871.47; exploitation requires user interaction...
CVE-2026-13857
CVE-2026-13857 describes an insecure implementation in Chrome’s Geometry handling that permits a remote attacker to spoof UI via a crafted HTML page, requiring the user to perform specific UI gestures. The vulnerability affects Chrome versions prior to 150.0.7871.47 and can be triggered when a us...
CVE-2026-13855
CVE-2026-13855 involves a use-after-free in the Ozone component of Google Chrome on Linux, prior to version 150.0.7871.47. The vulnerability allows a remote attacker to trigger arbitrary code execution by persuading a user to perform specific UI gestures on a crafted HTML page. The issue is descr...
CVE-2026-13856
The CVE-2026-13856 entry concerns Google Chrome on Android, where insufficient validation of untrusted input in Speech enables privilege escalation. A renderer-compromised remote attacker could escalate via a crafted HTML page before version 150.0.7871.47. Affected component: Speech in Chrome’s A...
CVE-2026-13854
This CVE concerns a Use-After-Free in Ozone within Google Chrome on Linux, before version 150.0.7871.47. The underlying issue is a memory safety flaw that could allow a remote attacker, who already compromised the renderer process, to escape the Chrome sandbox via a crafted HTML page. Affected co...
CVE-2026-13853
CVE-2026-13853 — Use-after-free in Journeys of Google Chrome prior to 150.0.7871.47 could allow a renderer-compromised remote attacker to escape the sandbox via a crafted HTML page. Affected: Chrome (Journeys) with renderer process involvement; root cause: use-after-free in Journeys. Impact: pote...
CVE-2026-13851
The provided CVE-2026-13851 entry concerns Google Chrome on Android, where WebAppInstalls suffers from insufficient validation of untrusted input. A crafted HTML page can bypass discretionary access control due to this flaw, with the issue affecting Chrome versions prior to 150.0.7871.47. The con...
CVE-2026-13850
Affected product: Chrome for iOS (Google Chrome on iOS). Vulnerability: insufficient validation of untrusted input in Chrome for iOS prior to version 150.0.7871.47, allowing a local attacker to execute arbitrary code inside the browser sandbox via a malicious file. Root cause is input validation ...
CVE-2026-13852
Summary (CVE-2026-13852): Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android before 150.0.7871.47 allows a local attacker to bypass discretionary access control via a crafted HTML page. The issue is tracked across multiple sources (NVD, Debian, EUVD, CVE List...
CVE-2026-13847
Chrome for iOS (Google Chrome on iOS) is affected by CVE-2026-13847 due to insufficient validation of untrusted input, allowing a remote attacker to leak cross-origin data via a crafted HTML page. The vulnerability affects Chrome on iOS prior to version 150.0.7871.47. Impact is cross-origin data ...