Filtered by vendor Google
Subscriptions
Filtered by product Chrome
Subscriptions
Total
4988 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-13281 | 1 Google | 1 Chrome | 2026-06-26 | 8.3 High |
| Integer overflow in Mojo in Google Chrome prior to 149.0.7827.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High) | ||||
| CVE-2026-13283 | 1 Google | 1 Chrome | 2026-06-26 | 7.5 High |
| Use after free in AdFilter in Google Chrome on Android prior to 149.0.7827.201 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-13282 | 1 Google | 1 Chrome | 2026-06-26 | 6.8 Medium |
| Use after free in Payments in Google Chrome on Android prior to 149.0.7827.201 allowed a local attacker to potentially exploit heap corruption via physical access to the device. (Chromium security severity: High) | ||||
| CVE-2026-13022 | 1 Google | 1 Chrome | 2026-06-25 | N/A |
| Inappropriate implementation in Autofill in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-13036 | 1 Google | 1 Chrome | 2026-06-25 | 8.8 High |
| Use after free in Blink in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-13028 | 1 Google | 1 Chrome | 2026-06-25 | 9.6 Critical |
| Use after free in WebGL in Google Chrome on Android prior to 149.0.7827.197 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-13032 | 1 Google | 1 Chrome | 2026-06-25 | 9.6 Critical |
| Use after free in WebGL in Google Chrome on Android prior to 149.0.7827.197 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-13027 | 1 Google | 1 Chrome | 2026-06-25 | 8.8 High |
| Use after free in FileSystem in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-13035 | 1 Google | 1 Chrome | 2026-06-25 | 8.8 High |
| Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code via a malicious peripheral. (Chromium security severity: High) | ||||
| CVE-2026-13021 | 1 Google | 1 Chrome | 2026-06-25 | 4.3 Medium |
| Inappropriate implementation in DeviceBoundSessionCredentials in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-13029 | 1 Google | 1 Chrome | 2026-06-25 | 7.5 High |
| Use after free in Web Authentication in Google Chrome prior to 149.0.7827.197 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High) | ||||
| CVE-2026-13034 | 1 Google | 1 Chrome | 2026-06-25 | 4.7 Medium |
| Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-13025 | 1 Google | 1 Chrome | 2026-06-25 | 8.3 High |
| Race in DevTools in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-13033 | 1 Google | 1 Chrome | 2026-06-25 | 8.8 High |
| Out of bounds read and write in Blink>InterestGroups in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-13038 | 1 Google | 1 Chrome | 2026-06-25 | 8.8 High |
| Use after free in Autofill in Google Chrome on Windows prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-13023 | 1 Google | 1 Chrome | 2026-06-25 | 5.3 Medium |
| Uninitialized Use in GPU in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-13024 | 1 Google | 1 Chrome | 2026-06-25 | 4.2 Medium |
| Insufficient validation of untrusted input in Navigation in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-13026 | 1 Google | 1 Chrome | 2026-06-25 | 8.8 High |
| Use after free in Digital Credentials in Google Chrome on Mac prior to 149.0.7827.197 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-13030 | 1 Google | 1 Chrome | 2026-06-25 | 5.3 Medium |
| Uninitialized Use in GPU in Google Chrome on Android prior to 149.0.7827.197 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-13031 | 1 Google | 1 Chrome | 2026-06-25 | 8.8 High |
| Use after free in Blink in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | ||||