VIR Vulnerability Intelligence Relay

Search

Found 2,172 results in 199ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-9893 high 8.3 8.3 FIX debian debian google 6d ago Use after free in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Ch…
CVE-2026-9892 high 8.3 8.3 FIX debian debian google 6d ago Inappropriate implementation in Skia in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via…
CVE-2026-9891 critical 9.0 9.0 FIX debian debianmacos macos linux-kernel google 6d ago Use after free in Extensions in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted Chrome E…
CVE-2026-9890 high 8.3 8.3 FIX debian debian google 6d ago Use after free in XR in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML …
CVE-2026-9889 high 8.3 8.3 FIX debian debian google 6d ago Out of bounds read and write in Dawn in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security …
CVE-2026-9888 high 8.3 8.3 FIX debian debian google 6d ago Use after free in WebView in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted …
CVE-2026-9887 high 8.8 8.8 FIX debian debianmacos macos linux-kernel google 6d ago Use after free in Proxy in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted PAC script. (Chromium security severity: Critical)
CVE-2026-9886 critical 9.6 9.6 FIX debian debianmacos macos google 6d ago Use after free in Base in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
CVE-2026-9885 high 8.3 8.3 FIX debian debianmacos macos google 6d ago Insufficient validation of untrusted input in UI in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox es…
CVE-2026-9884 high 8.8 8.8 FIX debian debianmacos macos google 6d ago Use after free in Browser in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
CVE-2026-9883 high 8.8 8.8 FIX debian debianmacos macos linux-kernel google 6d ago Use after free in Base in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
CVE-2026-9882 medium 6.5 6.5 FIX debian debianmacos macos linux-kernel google 6d ago Integer overflow in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Critical)
CVE-2026-9881 critical 9.0 9.0 FIX debian debianmacos macos google 6d ago Use after free in Bluetooth in Google Chrome on Mac prior to 148.0.7778.216 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a cra…
CVE-2026-9880 high 8.3 8.3 FIX debian debianmacos macos linux-kernel google 6d ago Insufficient validation of untrusted input in WebGL in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape…
CVE-2026-9879 high 8.8 8.8 FIX debian debianmacos macos linux-kernel google 6d ago Out of bounds write in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
CVE-2026-9878 high 8.8 8.8 FIX debian debianmacos macos linux-kernel google 6d ago Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Critical)
CVE-2026-9877 high 8.3 8.3 FIX debian debianmacos macos linux-kernel google 6d ago Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (C…
CVE-2026-9876 critical 9.6 9.6 FIX debian debian google 6d ago Use after free in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Cri…
CVE-2026-9875 critical 9.6 9.6 FIX debian debian google 6d ago Out of bounds read in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity:…
CVE-2026-9874 critical 9.6 9.6 FIX debian debianmacos macos linux-kernel google 6d ago Use after free in Dawn in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
CVE-2026-9873 high 8.8 8.8 FIX debian debianmacos macos linux-kernel google 6d ago Use after free in Network in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Critical)
CVE-2026-9872 critical 9.6 9.6 FIX debian debian google 6d ago Out of bounds write in GPU in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: …
CVE-2026-10022 high 8.8 8.8 FIX debian debianmacos macos linux-kernel google 6d ago Type Confusion in V8 in Google Chrome prior to 148.0.7778.216 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code inside a sandbox via a crafted Chrome…
CVE-2026-10021 high 8.8 8.8 FIX debian debianmacos macos linux-kernel google 6d ago Insufficient validation of untrusted input in USB in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Me…
CVE-2026-10020 high 8.3 8.3 FIX debian debian google 6d ago Insufficient validation of untrusted input in Skia in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sand…
CVE-2026-10019 high 8.8 8.8 FIX debian debianmacos macos linux-kernel google 6d ago Integer overflow in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-10018 medium 6.5 6.5 FIX debian debianmacos macos linux-kernel google 6d ago Integer overflow in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium securit…
CVE-2026-10017 high 8.3 8.3 FIX debian debian google 6d ago Out of bounds read in Headless in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML p…
CVE-2026-10016 high 8.8 8.8 FIX debian debianmacos macos linux-kernel google 6d ago Use after free in DOM in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVE-2026-10015 high 8.8 8.8 FIX debian debianmacos macos linux-kernel google 6d ago Integer overflow in WTF in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVE-2026-10014 high 8.3 8.3 FIX debian debian google 6d ago Use after free in WebMIDI in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted …
CVE-2026-10013 high 8.8 8.8 FIX debian debianmacos macos linux-kernel google 6d ago Use after free in WebCodecs in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVE-2026-10012 high 8.3 8.3 FIX debian debianmacos macos linux-kernel google 6d ago Use after free in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Ch…
CVE-2026-10010 medium 5.0 5.0 FIX debian debian google 6d ago Inappropriate implementation in Input in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTM…
CVE-2026-10009 high 7.5 7.5 FIX debian debianmacos macos linux-kernel google 6d ago Integer overflow in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page…
CVE-2026-10008 medium 6.5 6.5 FIX debian debian google 6d ago Uninitialized Use in GPU in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromi…
CVE-2026-10007 high 8.8 8.8 FIX debian debianmacos macos linux-kernel google 6d ago Use after free in SVG in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVE-2026-10006 high 7.5 7.5 FIX debian debianmacos macos linux-kernel google 6d ago Race in WebAudio in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVE-2026-10005 high 7.5 7.5 FIX debian debianmacos macos google 6d ago Use after free in WebAppInstalls in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a craft…
CVE-2026-10004 medium 6.5 6.5 FIX debian debianmacos macos linux-kernel google 6d ago Insufficient validation of untrusted input in Passwords in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity:…
CVE-2026-10003 high 7.5 7.5 FIX debian debianmacos macos linux-kernel google 6d ago Use after free in Views in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (C…
CVE-2026-10002 high 8.8 8.8 FIX debian debianmacos macos linux-kernel google 6d ago Use after free in PDFium in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)
CVE-2026-10000 high 8.3 8.3 FIX debian debian google 6d ago Use after free in Passwords in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafte…
CVE-2026-4438 medium 5.5 FIX rheldebian debian sles google 9d ago Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS host…
CVE-2026-4437 medium 5.5 FIX rheldebian debian sles google 9d ago Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from…
CVE-2026-4046 medium 5.5 FIX rheldebian debian sles google 9d ago RHSA-2026:20587: glibc security update (Moderate)
CVE-2026-9126 high 8.8 8.8 FIX debian debianmacos macos linux-kernel google 14d ago Use after free in DOM in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-9124 medium 5.3 5.3 FIX debian debianmacos macos linux-kernel google 14d ago Insufficient validation of untrusted input in Input in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a craf…
CVE-2026-9123 high 7.5 7.5 FIX debian debian linux-kernelwindows windows google 14d ago Heap buffer overflow in Chromecast in Google Chrome on Android, Linux, ChromeOS prior to 148.0.7778.179 allowed a local attacker to execute arbitrary code inside a sandbox via malicious network traff…
CVE-2026-9122 medium 6.5 6.5 FIX debian debianmacos macoswindows windows google 14d ago Out of bounds read in GPU in Google Chrome on Mac prior to 148.0.7778.179 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium …
CVE-2026-9121 high 8.8 8.8 FIX debian debianmacos macos linux-kernel google 14d ago Out of bounds read in GPU in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-9120 high 8.8 8.8 FIX debian debianmacos macos linux-kernel google 14d ago Use after free in WebRTC in Google Chrome prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
CVE-2026-9119 high 8.8 8.8 FIX debian debianmacos macos linux-kernel google 14d ago Heap buffer overflow in WebRTC in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: H…
CVE-2026-9118 high 8.8 8.8 FIX debian debianmacos macos linux-kernel google 14d ago Use after free in XR in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
CVE-2026-9117 high 7.5 7.5 FIX debian debian linux-kernelwindows windows google 14d ago Type Confusion in GFX in Google Chrome on Linux, ChromeOS prior to 148.0.7778.179 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a craf…
CVE-2026-9116 medium 4.3 4.3 FIX debian debianmacos macos linux-kernel google 14d ago Insufficient policy enforcement in ServiceWorker in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: …
CVE-2026-9115 medium 4.3 4.3 FIX debian debianmacos macos linux-kernel google 14d ago Insufficient policy enforcement in Service Worker in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severi…
CVE-2026-9114 high 8.8 8.8 FIX debian debianmacos macos linux-kernel google 14d ago Use after free in QUIC in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via malicious network traffic. (Chromium security severity: Hig…
CVE-2026-9113 medium 4.3 4.3 FIX debian debianmacos macos linux-kernel google 14d ago Out of bounds read in GPU in Google Chrome on Mac prior to 148.0.7778.179 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
CVE-2026-9112 high 8.8 8.8 FIX debian debianmacos macos linux-kernel google 14d ago Use after free in GPU in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Hi…
CVE-2026-9111 high 8.8 8.8 FIX debian debianmacos macos linux-kernel google 14d ago Use after free in WebRTC in Google Chrome on Linux prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
CVE-2026-9110 medium 4.2 4.2 FIX debian debianmacos macos linux-kernel google 14d ago Inappropriate implementation in UI in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML pag…
CVE-2026-46333 high 7.1 7.1 FIX rhel slesdebian debian google 15d ago In the Linux kernel, the following vulnerability has been resolved: ptrace: slightly saner 'get_dumpable()' logic The 'dumpability' of a task is fundamentally about the memory image of the task - t…
CVE-2026-31532 high 7.8 7.8 FIX rhel slesdebian debian google 15d ago In the Linux kernel, the following vulnerability has been resolved: can: raw: fix ro->uniq use-after-free in raw_rcv() raw_release() unregisters raw CAN receive filters via can_rx_unregister(), but…
CVE-2026-23401 high 8.0 FIX rhel slesdebian debian google 15d ago In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE When installing an emulated MMIO SPTE, do so *after*…
CVE-2026-32281 high 8.0 FIX rheldebian debian sles google 16d ago Inefficient policy validation in crypto/x509
CVE-2026-31790 high 7.5 7.5 FIX rhel slesdebian debian opensslgoogle 16d ago Moderate: openssl security update
CVE-2026-31677 medium 5.5 5.5 FIX rhel slesdebian debian google 16d ago In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - limit RX SG extraction by receive buffer budget Make af_alg_get_rsgl() limit each RX scatterlist extraction to t…
CVE-2025-68121 critical 10.0 10.0 FIX rocky rheldebian debian golanggoogle 16d ago RHSA-2026:22714: osbuild-composer security update (Important)
CVE-2025-61726 high 8.0 FIX rocky rheldebian debian google 16d ago RHSA-2026:22714: osbuild-composer security update (Important)
CVE-2025-37980 medium 5.5 FIX rhel slesdebian debian google 16d ago In the Linux kernel, the following vulnerability has been resolved: block: fix resource leak in blk_register_queue() error path When registering a queue fails after blk_mq_sysfs_register() is succe…
CVE-2026-41316 high 8.1 8.1 FIX rhel slesdebian debian google 17d ago ERB has an @_init deserialization guard bypass via
CVE-2026-8587 high 8.8 8.8 FIX debian debianmacos macoswindows windows google 20d ago Use after free in Extensions in Google Chrome on Mac prior to 148.0.7778.168 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome E…
CVE-2026-8586 medium 5.5 5.5 FIX debian debianwindows windows google 20d ago Inappropriate implementation in Chromoting in Google Chrome prior to 148.0.7778.168 allowed a local attacker to bypass discretionary access control via a malicious file. (Chromium security severity: …
CVE-2026-8585 high 7.5 7.5 FIX debian debianmacos macoswindows windows google 20d ago Inappropriate implementation in Media in Google Chrome on iOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a …
CVE-2026-8584 medium 4.2 4.2 FIX debian debianmacos macoswindows windows google 20d ago Inappropriate implementation in Views in Google Chrome on iOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page…
CVE-2026-8583 medium 5.3 5.3 FIX debian debianwindows windows google 20d ago Insufficient policy enforcement in WebXR in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive informa…
CVE-2026-8582 medium 5.3 5.3 FIX debian debianwindows windows google 20d ago Object lifecycle issue in Dawn in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium se…
CVE-2026-8581 high 8.8 8.8 FIX debian debianwindows windows google 20d ago Use after free in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-8580 critical 9.6 9.6 FIX debian debianwindows windows google 20d ago Use after free in Mojo in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-8577 high 8.8 8.8 FIX debian debianwindows windows google 20d ago Integer overflow in Fonts in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-8576 medium 4.3 4.3 FIX debian debian linux-kernelwindows windows google 20d ago Inappropriate implementation in CORS in Google Chrome on Linux and ChromeOS prior to 148.0.7778.168 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security sev…
CVE-2026-8575 high 8.3 8.3 FIX debian debianwindows windows google 20d ago Use after free in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chro…
CVE-2026-8574 high 8.3 8.3 FIX debian debianwindows windows google 20d ago Use after free in Core in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTM…
CVE-2026-8573 high 8.3 8.3 FIX debian debianwindows windows google 20d ago Integer overflow in Codecs in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. (Chromium security severity:…
CVE-2026-8571 high 8.3 8.3 FIX debian debianwindows windows google 20d ago Insufficient policy enforcement in GPU in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape v…
CVE-2026-8570 medium 6.5 6.5 FIX debian debianwindows windows google 20d ago Type Confusion in V8 in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security sev…
CVE-2026-8569 high 8.3 8.3 FIX debian debianmacos macoswindows windows google 20d ago Out of bounds write in Codecs in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. (Chromium security severity: …
CVE-2026-8567 medium 4.3 4.3 FIX debian debianwindows windows google 20d ago Integer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: …
CVE-2026-8566 medium 4.3 4.3 FIX debian debianwindows windows google 20d ago Insufficient policy enforcement in Payments in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium sec…
CVE-2026-8565 medium 4.7 4.7 FIX debian debianmacos macoswindows windows google 20d ago Inappropriate implementation in Downloads in Google Chrome on Mac prior to 148.0.7778.168 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafte…
CVE-2026-8564 medium 4.2 4.2 FIX debian debianmacos macoswindows windows google 20d ago Incorrect security UI in Downloads in Google Chrome on Android and Mac prior to 148.0.7778.168 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: M…
CVE-2026-8563 medium 4.3 4.3 FIX debian debianwindows windows google 20d ago Insufficient policy enforcement in IFrame Sandbox in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium se…
CVE-2026-8562 medium 4.3 4.3 FIX debian debianmacos macos linux-kernel google 20d ago Side-channel information leakage in Navigation in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Mediu…
CVE-2026-8561 medium 5.4 5.4 FIX debian debianmacos macos linux-kernel google 20d ago Incorrect security UI in Fullscreen in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-8560 medium 4.3 4.3 FIX debian debianmacos macoswindows windows google 20d ago Heap buffer overflow in SwiftShader in Google Chrome on Mac and iOS prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium securi…
CVE-2026-8559 medium 4.3 4.3 FIX debian debianwindows windows google 20d ago Integer overflow in Internationalization in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium secu…
CVE-2026-8558 high 8.8 8.8 FIX debian debianwindows windows google 20d ago Out of bounds write in Fonts in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVE-2026-8557 high 7.5 7.5 FIX debian debianwindows windows google 20d ago Use after free in Accessibility in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (C…
CVE-2026-8555 high 8.8 8.8 FIX debian debianwindows windows google 20d ago Use after free in GTK in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)