VIR Vulnerability Intelligence Relay

Search

Found 23,828 results in 1946ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-41642 high 7.5 7.5 FIX debian debian osrg 1mo ago GoBGP is an open source Border Gateway Protocol (BGP) implementation in the Go Programming Language. In version 4.3.0, a remote Denial of Service (DoS) vulnerability exists in GoBGP due to a nil poin…
CVE-2026-42010 high 7.1 7.1 FIX debian debian sles rhel gnuredhat 1mo ago RHSA-2026:20612: gnutls security update (Important)
CVE-2026-4430 high 7.8 7.8 FIX debian debian sles libreoffice 1mo ago Out-of-bounds write vulnerability in The Document Foundation LibreOffice via crafted OOXML documents with mismatched encryption salt parameters. This issue affects LibreOffice: from 26.2 before 26.2…
CVE-2026-44602 high 7.5 7.5 FIX debian debian torproject 1mo ago Tor before 0.4.9.7 has a NULL pointer dereference when a CERT cell is received out of order, aka TROVE-2026-006.
CVE-2026-44601 high 7.5 7.5 FIX debian debian torproject 1mo ago Tor before 0.4.9.7, when circuit queue memory pressure exists, can experience a client crash because of a double close of a circuit, aka TROVE-2026-009.
CVE-2026-41675 high 8.0 FIX slesdebian debianwindows windows 1mo ago xmldom has XML node injection through unvalidated processing instruction serialization
CVE-2026-41674 high 8.0 FIX slesdebian debianwindows windows 1mo ago xmldom has XML injection through unvalidated DocumentType serialization
CVE-2026-41673 high 8.0 FIX slesdebian debianwindows windows 1mo ago xmldom: Uncontrolled recursion in XML serialization leads to DoS
CVE-2026-41672 high 8.0 FIX slesdebian debianwindows windows 1mo ago xmldom has XML node injection through unvalidated comment serialization
CVE-2026-41142 high 8.8 8.8 slesdebian debian openexr 1mo ago OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3…
CVE-2026-44600 medium 5.3 5.3 FIX debian debian torproject 1mo ago Tor before 0.4.9.7 mishandles accounting of the conflux out-of-order queue during the clearing of a queue, aka TROVE-2026-010.
CVE-2026-44599 medium 5.3 5.3 FIX debian debian torproject 1mo ago Tor before 0.4.9.7 can attempt or accept BEGIN_DIR via conflux legs, aka TROVE-2026-008.
CVE-2026-44312 medium 5.8 5.8 FIX debian debian 1mo ago CSS Parser: Improper Certificate Validation allows MITM injection of remote CSS content
CVE-2026-33636 high 8.0 FIX rheldebian debian sles 1mo ago Important: thunderbird security update
CVE-2026-33554 high 7.5 7.5 FIX rheldebian debian sles 1mo ago ipmi-oem in FreeIPMI before 1.6.17 has exploitable buffer overflows on response messages. The Intelligent Platform Management Interface (IPMI) specification defines a set of interfaces for platform m…
CVE-2026-0897 high 8.0 debian debian 1mo ago Allocation of Resources Without Limits or Throttling in the HDF5 weight loading component in Google Keras 3.0.0 through 3.13.0 on all platforms allows a remote attacker to cause a Denial of Service (…
CVE-2026-41417 medium 5.3 5.3 slesdebian debian netty 1mo ago Netty: Start-Line Injection in DefaultHttpRequest.setUri() Allows HTTP Request Smuggling and RTSP Request Injection
CVE-2026-44307 high 8.0 FIX debian debianwindows windows 1mo ago Mako vulnerable to path traversal via backslash URI on Windows in TemplateLookup
CVE-2026-40251 medium 6.5 6.5 FIX debian debian linuxcontainers 1mo ago Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage volume import logic allows an authenticated user with access to the storage …
CVE-2026-40243 medium 4.8 4.8 FIX debian debian linuxcontainers 1mo ago Incus is a system container and virtual machine manager. In versions before 7.0.0, broken TLS validation logic in the OVN database connection logic can allow connections to an attacker's OVN database…
CVE-2026-40197 medium 6.5 6.5 FIX debian debian linuxcontainers 1mo ago Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage volume import logic allows an authenticated user with access to the storage …
CVE-2026-40195 medium 6.5 6.5 FIX debian debian linuxcontainers 1mo ago Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage bucket import logic allows an authenticated user with access to the storage …
CVE-2026-40171 high 8.0 debian debian 1mo ago In Jupyter Notebook versions 7.0.0 through 7.5.5, JupyterLab versions 4.5.6 and earlier, and the corresponding @jupyter-notebook/help-extension and @jupyterlab/help-extension packages before 7.5.6 an…
CVE-2026-44243 high 7.1 7.1 FIX slesdebian debian gitpython_project 1mo ago GitPython reference APIs has a path traversal vulnerability that allows arbitrary file write and delete outside the repository
CVE-2026-8022 low 3.1 3.1 FIX debian debian linux-kernelmacos macos google 1mo ago Inappropriate implementation in MHTML in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted …
CVE-2026-8021 medium 4.2 4.2 FIX debian debian linux-kernelmacos macos google 1mo ago Script injection in UI in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (UXSS) via a crafte…
CVE-2026-8020 medium 5.3 5.3 FIX debian debianwindows windows google 1mo ago Uninitialized Use in GPU in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process…
CVE-2026-8019 medium 5.4 5.4 FIX debian debian linux-kernelmacos macos google 1mo ago Insufficient policy enforcement in WebApp in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-8018 high 8.1 8.1 FIX debian debian linux-kernelmacos macos google 1mo ago Insufficient policy enforcement in DevTools in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to potentially perform a sandbox escape via malicious network traffic. (Chromium security…
CVE-2026-8017 low 3.1 3.1 FIX debian debian linux-kernelmacos macos google 1mo ago Side-channel information leakage in Media in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-8016 high 8.8 8.8 FIX debian debian linux-kernelmacos macos google 1mo ago Use after free in WebRTC in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-8015 medium 5.4 5.4 FIX debian debian linux-kernelmacos macos google 1mo ago Inappropriate implementation in Media in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-8014 medium 4.3 4.3 FIX debian debian linux-kernelmacos macos google 1mo ago Inappropriate implementation in Preload in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-8013 medium 4.3 4.3 FIX debian debian linux-kernelmacos macos google 1mo ago Insufficient validation of untrusted input in FedCM in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: L…
CVE-2026-8012 medium 5.4 5.4 FIX debian debian linux-kernelmacos macos google 1mo ago Inappropriate implementation in MHTML in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to inject arbitrary scripts or HTML (UXSS) via a craft…
CVE-2026-8011 medium 4.3 4.3 FIX debian debian linux-kernelmacos macos google 1mo ago Insufficient policy enforcement in Search in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-8010 medium 6.3 6.3 FIX debian debian linux-kernelmacos macos google 1mo ago Insufficient validation of untrusted input in SiteIsolation in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a c…
CVE-2026-8009 medium 5.0 5.0 FIX debian debian linux-kernelmacos macos google 1mo ago Inappropriate implementation in Cast in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML pa…
CVE-2026-8008 medium 5.4 5.4 FIX debian debian linux-kernelmacos macos google 1mo ago Inappropriate implementation in DevTools in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome …
CVE-2026-8007 high 7.5 7.5 FIX debian debian linux-kernelmacos macos google 1mo ago Insufficient validation of untrusted input in Cast in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a cra…
CVE-2026-8006 medium 5.4 5.4 FIX debian debian linux-kernelmacos macos google 1mo ago Insufficient policy enforcement in DevTools in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chro…
CVE-2026-8005 medium 4.3 4.3 FIX debian debian linux-kernelmacos macos google 1mo ago Insufficient validation of untrusted input in Cast in Google Chrome prior to 148.0.7778.96 allowed an attacker on the local network segment to bypass same origin policy via malicious network traffic.…
CVE-2026-8004 medium 4.3 4.3 FIX debian debian linux-kernelmacos macos google 1mo ago Insufficient policy enforcement in DevTools in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted C…
CVE-2026-8003 medium 5.4 5.4 FIX debian debian linux-kernelmacos macos google 1mo ago Insufficient validation of untrusted input in TabGroups in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via malicious network traffic. (Chromium security seve…
CVE-2026-8002 high 8.8 8.8 FIX debian debian linux-kernelmacos macos google 1mo ago Use after free in Audio in Google Chrome on Mac prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-8001 high 8.3 8.3 FIX debian debian linux-kernelmacos macos google 1mo ago Use After Free in Printing in Google Chrome on Linux, Mac, ChromeOS prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape v…
CVE-2026-8000 high 8.8 8.8 FIX debian debian linux-kernelmacos macos google 1mo ago Insufficient validation of untrusted input in ChromeDriver in Google Chrome on Windows prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium se…
CVE-2026-7999 medium 4.3 4.3 FIX debian debian linux-kernelmacos macos google 1mo ago Inappropriate implementation in V8 in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium…
CVE-2026-7998 medium 5.4 5.4 FIX debian debian linux-kernelmacos macos google 1mo ago Insufficient validation of untrusted input in Dialog in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HT…
CVE-2026-7997 high 7.8 7.8 FIX debian debianmacos macoswindows windows google 1mo ago Insufficient validation of untrusted input in Updater in Google Chrome on Mac prior to 148.0.7778.96 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium …
CVE-2026-7996 medium 4.2 4.2 FIX debian debian linux-kernelmacos macos google 1mo ago Insufficient validation of untrusted input in SSL in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML …
CVE-2026-7995 high 8.8 8.8 FIX debian debian linux-kernelmacos macos google 1mo ago Out of bounds read in AdFilter in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Mediu…
CVE-2026-7994 high 7.8 7.8 FIX debian debianwindows windows google 1mo ago Inappropriate implementation in Chromoting in Google Chrome on Windows prior to 148.0.7778.96 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium securit…
CVE-2026-7993 medium 4.2 4.2 FIX debian debianwindows windows google 1mo ago Insufficient validation of untrusted input in Payments in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to spoof the contents of t…
CVE-2026-7992 high 8.8 8.8 FIX debian debian linux-kernelwindows windows google 1mo ago Insufficient validation of untrusted input in UI in Google Chrome on Linux, ChromeOS prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute…
CVE-2026-7991 high 8.8 8.8 FIX debian debian linux-kernelmacos macos google 1mo ago Use after free in UI in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Ch…
CVE-2026-7990 high 7.8 7.8 FIX debian debianwindows windows google 1mo ago Insufficient validation of untrusted input in Updater in Google Chrome on Windows prior to 148.0.7778.96 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chrom…
CVE-2026-7989 medium 4.2 4.2 FIX debian debian linux-kernelmacos macos google 1mo ago Insufficient data validation in DataTransfer in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a crafted H…
CVE-2026-7988 high 8.8 8.8 FIX debian debian linux-kernelmacos macos google 1mo ago Type Confusion in WebRTC in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-7987 high 8.8 8.8 FIX debian debian linux-kernelmacos macos google 1mo ago Use after free in WebRTC in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-7986 medium 4.3 4.3 FIX debian debian linux-kernelmacos macos google 1mo ago Insufficient policy enforcement in Autofill in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-7985 high 8.3 8.3 FIX debian debian linux-kernelmacos macos google 1mo ago Use after free in GPU in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chro…
CVE-2026-7984 high 8.8 8.8 FIX debian debian linux-kernelmacos macos google 1mo ago Use after free in ReadingMode in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML …
CVE-2026-7983 medium 4.3 4.3 FIX debian debian linux-kernelmacos macos google 1mo ago Out of bounds read in Dawn in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-7982 medium 6.5 6.5 FIX debian debian linux-kernelmacos macos google 1mo ago Uninitialized Use in WebCodecs in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium sec…
CVE-2026-7981 high 8.1 8.1 FIX debian debian linux-kernelmacos macos google 1mo ago Out of bounds read in Codecs in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to obtain potentially sensitive information from process memory via a malicious file. (Chromium security…
CVE-2026-7980 high 8.8 8.8 FIX debian debian linux-kernelmacos macos google 1mo ago Use after free in WebAudio in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-7979 medium 4.3 4.3 FIX debian debian linux-kernelmacos macos google 1mo ago Inappropriate implementation in Media in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-7978 high 8.1 8.1 FIX debian debianmacos macoswindows windows google 1mo ago Inappropriate implementation in Companion in Google Chrome on Mac prior to 148.0.7778.96 allowed a remote attacker to perform OS-level privilege escalation via malicious network traffic. (Chromium se…
CVE-2026-7977 medium 6.3 6.3 FIX debian debian linux-kernelmacos macos google 1mo ago Inappropriate implementation in Canvas in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-7976 high 7.5 7.5 FIX debian debian linux-kernelmacos macos google 1mo ago Use after free in Views in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Ch…
CVE-2026-7975 high 8.3 8.3 FIX debian debian linux-kernelmacos macos google 1mo ago Use after free in DevTools in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. …
CVE-2026-7974 high 8.8 8.8 FIX debian debian linux-kernelmacos macos google 1mo ago Use after free in Blink in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-7973 high 8.8 8.8 FIX debian debianwindows windows google 1mo ago Integer overflow in Dawn in Google Chrome on Windows prior to 148.0.7778.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Med…
CVE-2026-7972 medium 4.3 4.3 FIX debian debian linux-kernelmacos macos google 1mo ago Uninitialized Use in GPU in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium securi…
CVE-2026-7971 medium 6.3 6.3 FIX debian debian linux-kernelmacos macos google 1mo ago Inappropriate implementation in ORB in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-7970 high 8.3 8.3 FIX debian debian linux-kernelmacos macos google 1mo ago Use after free in TopChrome in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.…
CVE-2026-7969 medium 4.3 4.3 FIX debian debian linux-kernelmacos macos google 1mo ago Integer overflow in Network in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium …
CVE-2026-7968 low 3.1 3.1 FIX debian debian linux-kernelmacos macos google 1mo ago Insufficient validation of untrusted input in CORS in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafte…
CVE-2026-7967 high 8.3 8.3 FIX debian debian linux-kernelmacos macos google 1mo ago Insufficient validation of untrusted input in Navigation in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox es…
CVE-2026-7966 low 3.1 3.1 FIX debian debian linux-kernelmacos macos google 1mo ago Insufficient validation of untrusted input in SiteIsolation in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a c…
CVE-2026-7965 low 3.1 3.1 FIX debian debian linux-kernelmacos macos google 1mo ago Insufficient validation of untrusted input in DevTools in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a craft…
CVE-2026-7964 medium 4.2 4.2 FIX debian debian linux-kernelmacos macos google 1mo ago Insufficient validation of untrusted input in FileSystem in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via…
CVE-2026-7963 high 8.3 8.3 FIX debian debian linux-kernelmacos macos google 1mo ago Inappropriate implementation in ServiceWorker in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a …
CVE-2026-7962 medium 5.4 5.4 FIX debian debian linux-kernelmacos macos google 1mo ago Insufficient policy enforcement in DirectSockets in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform arbitrary read/write via a crafted Chrome Extension. (Chromium security s…
CVE-2026-7961 medium 4.3 4.3 FIX debian debian linux-kernelmacos macos google 1mo ago Insufficient validation of untrusted input in Permissions in Google Chrome prior to 148.0.7778.96 allowed an attacker on the local network segment to leak cross-origin data via malicious network traf…
CVE-2026-7960 medium 5.3 5.3 FIX debian debian linux-kernelmacos macos google 1mo ago Race in Speech in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted…
CVE-2026-7959 low 3.1 3.1 FIX debian debian linux-kernelmacos macos google 1mo ago Inappropriate implementation in Navigation in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.…
CVE-2026-7958 medium 5.4 5.4 FIX debian debian linux-kernelmacos macos google 1mo ago Inappropriate implementation in ServiceWorker in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts or HTML (UX…
CVE-2026-7957 high 8.8 8.8 FIX debian debianmacos macoswindows windows google 1mo ago Out of bounds write in Media in Google Chrome on Mac, iOS prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a cr…
CVE-2026-7956 high 8.3 8.3 FIX debian debian linux-kernelmacos macos google 1mo ago Use after free in Navigation in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page…
CVE-2026-7955 medium 5.3 5.3 FIX debian debian linux-kernelmacos macos google 1mo ago Uninitialized Use in GPU in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via…
CVE-2026-7954 low 3.1 3.1 FIX debian debian linux-kernelmacos macos google 1mo ago Race in Shared Storage in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security…
CVE-2026-7953 medium 6.1 6.1 FIX debian debian linux-kernelmacos macos google 1mo ago Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via malicious network traffic. (Chro…
CVE-2026-7952 medium 4.2 4.2 FIX debian debian linux-kernelmacos macos google 1mo ago Insufficient policy enforcement in Extensions in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass discretionary access control via a c…
CVE-2026-7951 high 8.8 8.8 FIX debian debian linux-kernelmacos macos google 1mo ago Out of bounds write in WebRTC in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-7950 medium 5.4 5.4 FIX debian debian linux-kernelmacos macos google 1mo ago Out of bounds read and write in GFX in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform arbitrary read/write via malicious network traffic. (Chromium security severity: Mediu…
CVE-2026-7949 low 3.1 3.1 FIX debian debian linux-kernelmacos macos google 1mo ago Out of bounds read in Skia in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted Chrome Extension. (Chromi…
CVE-2026-7948 high 7.5 7.5 FIX debian debianwindows windows google 1mo ago Race in Chromoting in Google Chrome on Windows prior to 148.0.7778.96 allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: Medium)
CVE-2026-7947 medium 4.2 4.2 FIX debian debian linux-kernelmacos macos google 1mo ago Insufficient validation of untrusted input in Network in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted H…