VIR Vulnerability Intelligence Relay

Search

Found 1,398 results in 176ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-8572 low 3.1 3.1 FIX debian debianwindows windows google 22d ago Insufficient policy enforcement in Network in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a craft…
CVE-2026-8571 high 8.3 8.3 FIX debian debianwindows windows google 22d ago Insufficient policy enforcement in GPU in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape v…
CVE-2026-8569 high 8.3 8.3 FIX debian debianmacos macoswindows windows google 22d ago Out of bounds write in Codecs in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. (Chromium security severity: …
CVE-2026-8568 low 3.1 3.1 FIX debian debianwindows windows google 22d ago Insufficient policy enforcement in AI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to bypass Site Isolation via a crafted HTML page. (Ch…
CVE-2026-8558 high 8.8 8.8 FIX debian debianwindows windows google 22d ago Out of bounds write in Fonts in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVE-2026-8557 high 7.5 7.5 FIX debian debianwindows windows google 22d ago Use after free in Accessibility in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (C…
CVE-2026-8556 low 3.1 3.1 FIX debian debianwindows windows google 22d ago Inappropriate implementation in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HT…
CVE-2026-8555 high 8.8 8.8 FIX debian debianwindows windows google 22d ago Use after free in GTK in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
CVE-2026-8554 low 3.1 3.1 FIX debian debianwindows windows google 22d ago Type Confusion in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted H…
CVE-2026-8553 low 3.1 3.1 FIX debian debianwindows windows google 22d ago Use after free in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Ch…
CVE-2026-8551 high 8.8 8.8 FIX debian debianwindows windows google 22d ago Use after free in Downloads in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page…
CVE-2026-8549 high 8.8 8.8 FIX debian debianwindows windows google 22d ago Use after free in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVE-2026-8548 high 8.3 8.3 FIX debian debianwindows windows google 22d ago Out of bounds write in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML pag…
CVE-2026-8547 high 7.5 7.5 FIX debian debianwindows windows google 22d ago Insufficient policy enforcement in Passwords in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via…
CVE-2026-8545 low 3.1 3.1 FIX debian debianmacos macos linux-kernel google 22d ago Object corruption in Compositing in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromi…
CVE-2026-8544 high 8.8 8.8 FIX debian debianmacos macos linux-kernel google 22d ago Use after free in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVE-2026-8542 high 8.3 8.3 FIX debian debianwindows windows google 22d ago Use after free in Core in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTM…
CVE-2026-8540 high 8.8 8.8 FIX debian debianwindows windows google 22d ago Type Confusion in V8 in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVE-2026-8536 low 3.1 3.1 FIX debian debianmacos macoswindows windows google 22d ago Insufficient validation of untrusted input in ReadingMode in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to bypass site Isolation v…
CVE-2026-8534 high 8.3 8.3 FIX debian debian linux-kernelwindows windows google 22d ago Integer overflow in GPU in Google Chrome on Linux and ChromeOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a…
CVE-2026-8533 high 8.3 8.3 FIX debian debianwindows windows google 22d ago Use after free in Accessibility in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML …
CVE-2026-8532 high 8.8 8.8 FIX debian debianwindows windows google 22d ago Integer overflow in XML in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVE-2026-8531 high 8.8 8.8 FIX debian debianwindows windows google 22d ago Heap buffer overflow in WebML in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity…
CVE-2026-8530 high 8.3 8.3 FIX debian debianwindows windows google 22d ago Use after free in Network in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted …
CVE-2026-8529 high 8.8 8.8 FIX debian debianmacos macos linux-kernel google 22d ago Heap buffer overflow in Codecs in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted video file. (Chromium security severity: Hig…
CVE-2026-8527 high 8.8 8.8 FIX debian debianmacos macos linux-kernel google 22d ago Insufficient validation of untrusted input in Downloads in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severi…
CVE-2026-8526 high 8.8 8.8 FIX debian debianmacos macos linux-kernel google 22d ago Out of bounds write in WebRTC in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVE-2026-8525 high 8.3 8.3 FIX debian debianmacos macoswindows windows google 22d ago Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: H…
CVE-2026-8524 high 8.8 8.8 FIX debian debianmacos macos linux-kernel google 22d ago Out of bounds write in WebAudio in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Hig…
CVE-2026-8523 high 8.3 8.3 FIX debian debianmacos macos linux-kernel google 22d ago Use after free in Mojo in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Ch…
CVE-2026-8522 high 8.8 8.8 FIX debian debianmacos macoswindows windows google 22d ago Use after free in Downloads in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
CVE-2026-8521 high 7.5 7.5 FIX debian debianmacos macos linux-kernel google 22d ago Use after free in Tab Groups in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Critical)
CVE-2026-8520 high 8.3 8.3 FIX debian debianmacos macos linux-kernel google 22d ago Race in Payments in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
CVE-2026-8519 high 8.8 8.8 FIX debian debianwindows windows google 22d ago Integer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: …
CVE-2026-8518 high 8.8 8.8 FIX debian debianmacos macos linux-kernel google 22d ago Use after free in Blink in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Critical)
CVE-2026-8517 high 8.8 8.8 FIX debian debianmacos macoswindows windows google 22d ago Object lifecycle issue in WebShare in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a cra…
CVE-2026-8515 high 8.3 8.3 FIX debian debianmacos macos linux-kernel google 22d ago Use after free in HID in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted H…
CVE-2026-8514 high 8.3 8.3 FIX debian debianmacos macos linux-kernel google 22d ago Use after free in Aura in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Ch…
CVE-2026-8513 high 8.3 8.3 FIX debian debianwindows windows google 22d ago Use after free in Input in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HT…
CVE-2026-8512 high 8.3 8.3 FIX debian debianmacos macos linux-kernel google 22d ago Use after free in FileSystem in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a cr…
CVE-2026-8511 critical 9.6 9.6 FIX debian debianmacos macos linux-kernel google 22d ago Use after free in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
CVE-2026-8510 high 7.5 7.5 FIX debian debianwindows windows google 22d ago Integer overflow in Skia in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted …
CVE-2026-8509 high 8.8 8.8 FIX debian debianmacos macos linux-kernel google 22d ago Heap buffer overflow in WebML in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Criti…
CVE-2026-42587 high 7.5 7.5 slesdebian debian nettygoogle 23d ago Netty: HttpContentDecompressor maxAllocation bypass when Content-Encoding set to br/zstd/snappy leads to decompression bomb DoS
CVE-2026-43487 unknown FIX slesdebian debian google 23d ago In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: Disable LPM on ST1000DM010-2EP102 According to a user report, the ST1000DM010-2EP102 has problems with LPM, cau…
CVE-2026-43486 unknown FIX slesdebian debian google 23d ago In the Linux kernel, the following vulnerability has been resolved: arm64: contpte: fix set_access_flags() no-op check for SMMU/ATS faults contpte_ptep_set_access_flags() compared the gathered ptep…
CVE-2026-43482 unknown FIX slesdebian debian google 23d ago In the Linux kernel, the following vulnerability has been resolved: sched_ext: Disable preemption between scx_claim_exit() and kicking helper work scx_claim_exit() atomically sets exit_kind, which …
CVE-2026-6276 high 7.5 7.5 FIX debian debian sleswindows windows haxxgoogle 23d ago Using libcurl, when a custom `Host:` header is first set for an HTTP request and a second request is subsequently done using the same *easy handle* but without the custom `Host:` header set, the seco…
CVE-2026-5773 high 7.5 7.5 FIX debian debian sleswindows windows haxxgoogle 23d ago libcurl might in some circumstances reuse the wrong connection for SMB(S) transfers. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avo…
CVE-2026-43284 high 8.8 9.8 EXPFIX rhel slesdebian debian awsgoogle 25d ago Important: kernel security update
CVE-2026-43469 high 7.5 7.5 FIX slesdebian debian linux-kernel google 28d ago In the Linux kernel, the following vulnerability has been resolved: xprtrdma: Decrement re_receiving on the early exit paths In the event that rpcrdma_post_recvs() fails to create a work request (d…
CVE-2026-43466 high 8.2 8.2 FIX slesdebian debian linux-kernel google 28d ago In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix DMA FIFO desync on error CQE SQ recovery In case of a TX error CQE, a recovery flow is triggered, mlx5e_reset_txqs…
CVE-2026-43453 high 7.1 7.1 FIX slesdebian debian linux-kernel google 28d ago In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: fix stack out-of-bounds read in pipapo_drop() pipapo_drop() passes rulemap[i + 1].n to pipapo_unmap() …
CVE-2026-43452 high 8.2 8.2 FIX slesdebian debian linux-kernel google 28d ago In the Linux kernel, the following vulnerability has been resolved: netfilter: x_tables: guard option walkers against 1-byte tail reads When the last byte of options is a non-single-byte option kin…
CVE-2026-43450 high 7.1 7.1 FIX slesdebian debian linux-kernel google 28d ago In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_cthelper: fix OOB read in nfnl_cthelper_dump_table() nfnl_cthelper_dump_table() has a 'goto restart' that ju…
CVE-2026-43449 high 7.1 7.1 FIX slesdebian debian linux-kernel google 28d ago In the Linux kernel, the following vulnerability has been resolved: nvme-pci: Fix slab-out-of-bounds in nvme_dbbuf_set dev->online_queues is a count incremented in nvme_init_queue. Thus, valid indi…
CVE-2026-43441 high 7.5 7.5 FIX slesdebian debian linux-kernel google 28d ago In the Linux kernel, the following vulnerability has been resolved: net: bonding: Fix nd_tbl NULL dereference when IPv6 is disabled When booting with the 'ipv6.disable=1' parameter, the nd_tbl is n…
CVE-2026-43438 high 7.8 7.8 FIX slesdebian debian linux-kernel google 28d ago In the Linux kernel, the following vulnerability has been resolved: sched_ext: Remove redundant css_put() in scx_cgroup_init() The iterator css_for_each_descendant_pre() walks the cgroup hierarchy …
CVE-2026-43403 high 8.8 8.8 FIX slesdebian debian linux-kernel google 28d ago In the Linux kernel, the following vulnerability has been resolved: nsfs: tighten permission checks for ns iteration ioctls Even privileged services should not necessarily be able to see other priv…
CVE-2026-43383 critical 9.4 9.4 FIX slesdebian debian linux-kernel google 28d ago In the Linux kernel, the following vulnerability has been resolved: net/tcp-md5: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use th…
CVE-2026-43374 high 7.8 7.8 FIX slesdebian debian linux-kernel google 28d ago In the Linux kernel, the following vulnerability has been resolved: net: nexthop: fix percpu use-after-free in remove_nh_grp_entry When removing a nexthop from a group, remove_nh_grp_entry() publis…
CVE-2026-43366 high 7.8 7.8 FIX slesdebian debian linux-kernel google 28d ago In the Linux kernel, the following vulnerability has been resolved: io_uring/kbuf: check if target buffer list is still legacy on recycle There's a gap between when the buffer was grabbed and when …
CVE-2026-43365 high 8.2 8.2 FIX slesdebian debian linux-kernel google 28d ago In the Linux kernel, the following vulnerability has been resolved: xfs: fix undersized l_iclog_roundoff values If the superblock doesn't list a log stripe unit, we set the incore log roundoff valu…
CVE-2026-43362 high 8.1 8.1 FIX slesdebian debian linux-kernel google 28d ago In the Linux kernel, the following vulnerability has been resolved: smb: client: fix in-place encryption corruption in SMB2_write() SMB2_write() places write payload in iov[1..n] as part of rq_iov.…
CVE-2026-43350 high 7.6 7.6 FIX slesdebian debian linux-kernel google 28d ago In the Linux kernel, the following vulnerability has been resolved: smb: client: require a full NFS mode SID before reading mode bits parse_dacl() treats an ACE SID matching sid_unix_NFS_mode as an…
CVE-2026-43341 critical 9.8 9.8 FIX slesdebian debian linux-kernel google 28d ago In the Linux kernel, the following vulnerability has been resolved: net/ipv6: ioam6: prevent schema length wraparound in trace fill ioam6_fill_trace_data() stores the schema contribution to the tra…
CVE-2026-43339 high 7.8 7.8 FIX slesdebian debian linux-kernel google 28d ago In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent possible UaF in addrconf_permanent_addr() The mentioned helper try to warn the user about an exceptional condition,…
CVE-2026-43336 high 7.5 7.5 FIX slesdebian debian linux-kernel google 28d ago In the Linux kernel, the following vulnerability has been resolved: lib/crypto: chacha: Zeroize permuted_state before it leaves scope Since the ChaCha permutation is invertible, the local variable …
CVE-2026-43332 high 7.8 7.8 FIX slesdebian debian linux-kernel google 28d ago In the Linux kernel, the following vulnerability has been resolved: thermal: core: Fix thermal zone device registration error path If thermal_zone_device_register_with_trips() fails after registeri…
CVE-2026-43329 high 7.8 7.8 FIX slesdebian debian linux-kernel google 28d ago In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: strictly check for maximum number of actions The maximum number of flowtable hardware offload actions in IP…
CVE-2026-43303 high 7.8 7.8 FIX sles rheldebian debian google 28d ago In the Linux kernel, the following vulnerability has been resolved: mm/page_alloc: clear page->private in free_pages_prepare() Several subsystems (slub, shmem, ttm, etc.) use page->private but don'…
CVE-2026-42501 high 7.5 7.5 FIX debian debian sleswindows windows golanggoogle 29d ago A malicious module proxy can exploit a flaw in the go command's validation of module checksums to bypass checksum database validation. This vulnerability affects any user using an untrusted module pr…
CVE-2026-42499 high 7.5 7.5 FIX debian debian sleswindows windows golanggoogle 29d ago Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.
CVE-2026-39836 high 7.5 7.5 FIX debian debian sleswindows windows golanggoogle 29d ago The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).
CVE-2026-39820 high 7.5 7.5 FIX debian debian sleswindows windows golanggoogle 29d ago Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.
CVE-2026-33814 high 7.5 7.5 debian debian sleswindows windows golanggoogle 29d ago When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.
CVE-2026-33811 high 7.5 7.5 FIX debian debian sleswindows windows golanggoogle 29d ago When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.
CVE-2026-41413 high 7.7 7.7 istiogoogle 29d ago Istio: SSRF via RequestAuthentication jwksUri
CVE-2026-8022 low 3.1 3.1 FIX debian debian linux-kernelmacos macos google 1mo ago Inappropriate implementation in MHTML in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted …
CVE-2026-8018 high 8.1 8.1 FIX debian debian linux-kernelmacos macos google 1mo ago Insufficient policy enforcement in DevTools in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to potentially perform a sandbox escape via malicious network traffic. (Chromium security…
CVE-2026-8017 low 3.1 3.1 FIX debian debian linux-kernelmacos macos google 1mo ago Side-channel information leakage in Media in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-8016 high 8.8 8.8 FIX debian debian linux-kernelmacos macos google 1mo ago Use after free in WebRTC in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-8007 high 7.5 7.5 FIX debian debian linux-kernelmacos macos google 1mo ago Insufficient validation of untrusted input in Cast in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a cra…
CVE-2026-8002 high 8.8 8.8 FIX debian debian linux-kernelmacos macos google 1mo ago Use after free in Audio in Google Chrome on Mac prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-8001 high 8.3 8.3 FIX debian debian linux-kernelmacos macos google 1mo ago Use After Free in Printing in Google Chrome on Linux, Mac, ChromeOS prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape v…
CVE-2026-8000 high 8.8 8.8 FIX debian debian linux-kernelmacos macos google 1mo ago Insufficient validation of untrusted input in ChromeDriver in Google Chrome on Windows prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium se…
CVE-2026-7997 high 7.8 7.8 FIX debian debianmacos macoswindows windows google 1mo ago Insufficient validation of untrusted input in Updater in Google Chrome on Mac prior to 148.0.7778.96 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium …
CVE-2026-7995 high 8.8 8.8 FIX debian debian linux-kernelmacos macos google 1mo ago Out of bounds read in AdFilter in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Mediu…
CVE-2026-7994 high 7.8 7.8 FIX debian debianwindows windows google 1mo ago Inappropriate implementation in Chromoting in Google Chrome on Windows prior to 148.0.7778.96 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium securit…
CVE-2026-7992 high 8.8 8.8 FIX debian debian linux-kernelwindows windows google 1mo ago Insufficient validation of untrusted input in UI in Google Chrome on Linux, ChromeOS prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute…
CVE-2026-7991 high 8.8 8.8 FIX debian debian linux-kernelmacos macos google 1mo ago Use after free in UI in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Ch…
CVE-2026-7990 high 7.8 7.8 FIX debian debianwindows windows google 1mo ago Insufficient validation of untrusted input in Updater in Google Chrome on Windows prior to 148.0.7778.96 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chrom…
CVE-2026-7988 high 8.8 8.8 FIX debian debian linux-kernelmacos macos google 1mo ago Type Confusion in WebRTC in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-7987 high 8.8 8.8 FIX debian debian linux-kernelmacos macos google 1mo ago Use after free in WebRTC in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-7985 high 8.3 8.3 FIX debian debian linux-kernelmacos macos google 1mo ago Use after free in GPU in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chro…
CVE-2026-7984 high 8.8 8.8 FIX debian debian linux-kernelmacos macos google 1mo ago Use after free in ReadingMode in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML …
CVE-2026-7981 high 8.1 8.1 FIX debian debian linux-kernelmacos macos google 1mo ago Out of bounds read in Codecs in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to obtain potentially sensitive information from process memory via a malicious file. (Chromium security…
CVE-2026-7980 high 8.8 8.8 FIX debian debian linux-kernelmacos macos google 1mo ago Use after free in WebAudio in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-7978 high 8.1 8.1 FIX debian debianmacos macoswindows windows google 1mo ago Inappropriate implementation in Companion in Google Chrome on Mac prior to 148.0.7778.96 allowed a remote attacker to perform OS-level privilege escalation via malicious network traffic. (Chromium se…
CVE-2026-7976 high 7.5 7.5 FIX debian debian linux-kernelmacos macos google 1mo ago Use after free in Views in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Ch…