ALT-PU-2026-6456-1

BDU:2026-05506

LOW3.1

Уязвимость компонента Passwords браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Published: 2026-04-17

CVSS 3.xLOW 3.1

CVSS:3.x/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

CVSS 2.0LOW 2.6

CVSS:2.0/AV:N/AC:H/Au:N/C:P/I:N/A:N

References

CVE-2026-6312

BDU:2026-05507

HIGH8.8

Уязвимость компонента Video браузера Google Chrome, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Published: 2026-04-17

CVSS 3.xHIGH 8.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2026-6359

BDU:2026-05508

HIGH7.5

Уязвимость компонента Media браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Published: 2026-04-17

CVSS 3.xHIGH 7.5

CVSS:3.x/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0HIGH 7.6

CVSS:2.0/AV:N/AC:H/Au:N/C:C/I:C/A:C

References

CVE-2026-6308

BDU:2026-05509

CRITICAL9.6

Уязвимость библиотеки ANGLE браузера Google Chrome, позволяющая нарушителю обойти защитный механизм песочницы

Published: 2026-04-17

CVSS 3.xCRITICAL 9.6

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2026-6296

BDU:2026-05510

HIGH8.3

Уязвимость компонента Proxy браузера Google Chrome, позволяющая нарушителю обойти защитный механизм песочницы

Published: 2026-04-17

CVSS 3.xHIGH 8.3

CVSS:3.x/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

CVSS 2.0HIGH 7.6

CVSS:2.0/AV:N/AC:H/Au:N/C:C/I:C/A:C

References

CVE-2026-6297

BDU:2026-05511

HIGH8.8

Уязвимость элемента управления Разрешения (Permissions) браузера Google Chrome операционных систем Android, позволяющая нарушителю выполнить произвольный код

Published: 2026-04-17

CVSS 3.xHIGH 8.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2026-6315

BDU:2026-05512

HIGH8.8

Уязвимость компонента Cast браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Published: 2026-04-17

CVSS 3.xHIGH 8.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2026-6317

BDU:2026-05513

HIGH8.8

Уязвимость компонента Codecs браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Published: 2026-04-17

CVSS 3.xHIGH 8.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2026-6318

BDU:2026-05514

LOW3.1

Уязвимость механизма CORS браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Published: 2026-04-17

CVSS 3.xLOW 3.1

CVSS:3.x/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

CVSS 2.0LOW 2.6

CVSS:2.0/AV:N/AC:H/Au:N/C:P/I:N/A:N

References

CVE-2026-6313

BDU:2026-05515

MEDIUM6.5

Уязвимость графической библиотеки Skia браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Published: 2026-04-17

CVSS 3.xMEDIUM 6.5

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CVSS 2.0HIGH 7.8

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:N/A:N

References

CVE-2026-6364

BDU:2026-05516

HIGH8.8

Уязвимость обработчика JavaScript-сценариев V8 браузера Google Chrome, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Published: 2026-04-17

CVSS 3.xHIGH 8.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2026-6363

BDU:2026-05517

HIGH7.2

Уязвимость компонента PDFium браузера Google Chrome операционных систем Windows, позволяющая нарушителю выполнить произвольный код

Published: 2026-04-17

CVSS 3.xHIGH 7.2

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

CVSS 2.0MEDIUM 6.4

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:N

References

CVE-2026-6361

BDU:2026-05518

HIGH8.8

Уязвимость технологии расширенной реальности XR браузера Google Chrome операционных систем Android, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Published: 2026-04-17

CVSS 3.xHIGH 8.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2026-6358

BDU:2026-05519

HIGH8.3

Уязвимость графического процессора браузера Google Chrome, позволяющая нарушителю обойти защитный механизм песочницы

Published: 2026-04-17

CVSS 3.xHIGH 8.3

CVSS:3.x/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

CVSS 2.0HIGH 7.6

CVSS:2.0/AV:N/AC:H/Au:N/C:C/I:C/A:C

References

CVE-2026-6314

BDU:2026-05520

MEDIUM6.3

Уязвимость компонента Codecs браузера Google Chrome, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании

Published: 2026-04-17

CVSS 3.xMEDIUM 6.3

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

CVSS 2.0HIGH 7.5

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P

References

CVE-2026-6362

BDU:2026-05522

HIGH7.5

Уязвимость компонента Payments браузера Google Chrome операционных систем Android, позволяющая нарушителю выполнить произвольный код

Published: 2026-04-17

CVSS 3.xHIGH 7.5

CVSS:3.x/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0HIGH 7.6

CVSS:2.0/AV:N/AC:H/Au:N/C:C/I:C/A:C

References

CVE-2026-6319

BDU:2026-05523

HIGH8.8

Уязвимость компонента Forms браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Published: 2026-04-17

CVSS 3.xHIGH 8.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2026-6316

BDU:2026-05524

HIGH8.8

Уязвимость интерфейса FileSystem API браузера Google Chrome, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Published: 2026-04-17

CVSS 3.xHIGH 8.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2026-6360

BDU:2026-05525

HIGH8.8

Уязвимость компонента PDFium браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Published: 2026-04-17

CVSS 3.xHIGH 8.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2026-6305

BDU:2026-05526

HIGH8.8

Уязвимость компонента PDFium браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Published: 2026-04-17

CVSS 3.xHIGH 8.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2026-6306

BDU:2026-05527

HIGH8.8

Уязвимость JIT-компилятора Turbofan браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Published: 2026-04-17

CVSS 3.xHIGH 8.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2026-6307

BDU:2026-05533

HIGH8.3

Уязвимость компонента Accessibility браузера Google Chrome операционных систем Windows, позволяющая нарушителю обойти защитный механизм песочницы

Published: 2026-04-17

CVSS 3.xHIGH 8.3

CVSS:3.x/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

CVSS 2.0HIGH 7.6

CVSS:2.0/AV:N/AC:H/Au:N/C:C/I:C/A:C

References

CVE-2026-6311

BDU:2026-05534

HIGH8.3

Уязвимость компонента Graphite браузера Google Chrome, позволяющая нарушителю обойти защитный механизм песочницы

Published: 2026-04-17

CVSS 3.xHIGH 8.3

CVSS:3.x/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

CVSS 2.0HIGH 7.6

CVSS:2.0/AV:N/AC:H/Au:N/C:C/I:C/A:C

References

CVE-2026-6304

BDU:2026-05535

HIGH8.3

Уязвимость компонента Dawn браузера Google Chrome, позволяющая нарушителю обойти защитный механизм песочницы

Published: 2026-04-17

CVSS 3.xHIGH 8.3

CVSS:3.x/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

CVSS 2.0HIGH 7.6

CVSS:2.0/AV:N/AC:H/Au:N/C:C/I:C/A:C

References

CVE-2026-6310

BDU:2026-05536

HIGH8.3

Уязвимость библиотеки Viz (Visuals) браузера Google Chrome, позволяющая нарушителю обойти защитный механизм песочницы

Published: 2026-04-17

CVSS 3.xHIGH 8.3

CVSS:3.x/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

CVSS 2.0HIGH 7.6

CVSS:2.0/AV:N/AC:H/Au:N/C:C/I:C/A:C

References

CVE-2026-6309

BDU:2026-05537

HIGH8.8

Уязвимость компонента Codecs браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Published: 2026-04-17

CVSS 3.xHIGH 8.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2026-6303

BDU:2026-05538

HIGH8.8

Уязвимость компонента Video браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Published: 2026-04-17

CVSS 3.xHIGH 8.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2026-6302

BDU:2026-05539

HIGH8.8

Уязвимость компонента CSS браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Published: 2026-04-17

CVSS 3.xHIGH 8.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2026-6300

BDU:2026-05540

HIGH8.8

Уязвимость JIT-компилятора Turbofan браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Published: 2026-04-17

CVSS 3.xHIGH 8.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2026-6301

BDU:2026-05541

MEDIUM4.3

Уязвимость графической библиотеки Skia браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Published: 2026-04-17

CVSS 3.xMEDIUM 4.3

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CVSS 2.0MEDIUM 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N

References

CVE-2026-6298

BDU:2026-05542

HIGH8.8

Уязвимость компонента Prerender браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Published: 2026-04-17

CVSS 3.xHIGH 8.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2026-6299

CVE-2026-6296

CRITICAL9.6

Heap buffer overflow in ANGLE in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Published: 2026-04-15Modified: 2026-04-17

CVSS 3.xCRITICAL 9.6

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References

CVE-2026-6297

HIGH8.3

Use after free in Proxy in Google Chrome prior to 147.0.7727.101 allowed an attacker in a privileged network position to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Published: 2026-04-15Modified: 2026-04-17

CVSS 3.xHIGH 8.3

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

References

CVE-2026-6298

MEDIUM4.3

Heap buffer overflow in Skia in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Critical)

Published: 2026-04-15Modified: 2026-04-17

CVSS 3.xMEDIUM 4.3

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

References

CVE-2026-6299

HIGH8.8

Use after free in Prerender in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

Published: 2026-04-15Modified: 2026-04-17

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2026-6300

HIGH8.8

Use after free in CSS in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Published: 2026-04-15Modified: 2026-04-17

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2026-6301

HIGH8.8

Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Published: 2026-04-15Modified: 2026-04-17

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2026-6302

HIGH8.8

Use after free in Video in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Published: 2026-04-15Modified: 2026-04-17

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2026-6303

HIGH8.8

Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Published: 2026-04-15Modified: 2026-04-17

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2026-6304

HIGH8.3

Use after free in Graphite in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Published: 2026-04-15Modified: 2026-04-17

CVSS 3.xHIGH 8.3

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

References

CVE-2026-6305

HIGH8.8

Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)

Published: 2026-04-15Modified: 2026-04-17

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2026-6306

HIGH8.8

Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)

Published: 2026-04-15Modified: 2026-04-17

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2026-6307

HIGH8.8

Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Published: 2026-04-15Modified: 2026-04-17

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2026-6308

HIGH7.5

Out of bounds read in Media in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Published: 2026-04-15Modified: 2026-04-17

CVSS 3.xHIGH 7.5

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2026-6309

HIGH8.3

Use after free in Viz in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Published: 2026-04-15Modified: 2026-04-17

CVSS 3.xHIGH 8.3

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

References

CVE-2026-6310

HIGH8.3

Use after free in Dawn in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Published: 2026-04-15Modified: 2026-04-17

CVSS 3.xHIGH 8.3

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

References

CVE-2026-6311

HIGH8.3

Uninitialized Use in Accessibility in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Published: 2026-04-15Modified: 2026-04-17

CVSS 3.xHIGH 8.3

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

References

CVE-2026-6312

LOW3.1

Insufficient policy enforcement in Passwords in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

Published: 2026-04-15Modified: 2026-04-17

CVSS 3.xLOW 3.1

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

References

CVE-2026-6313

LOW3.1

Insufficient policy enforcement in CORS in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

Published: 2026-04-15Modified: 2026-04-17

CVSS 3.xLOW 3.1

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

References

CVE-2026-6314

HIGH8.3

Out of bounds write in GPU in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the GPU process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Published: 2026-04-15Modified: 2026-04-17

CVSS 3.xHIGH 8.3

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

References

CVE-2026-6315

HIGH8.8

Use after free in Permissions in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Published: 2026-04-15Modified: 2026-04-17

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2026-6316

HIGH8.8

Use after free in Forms in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Published: 2026-04-15Modified: 2026-04-17

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2026-6317

HIGH8.8

Use after free in Cast in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Published: 2026-04-15Modified: 2026-04-17

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2026-6318

HIGH8.8

Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

Published: 2026-04-15Modified: 2026-04-17

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2026-6319

HIGH7.5

Use after free in Payments in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Medium)

Published: 2026-04-15Modified: 2026-04-17

CVSS 3.xHIGH 7.5

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2026-6358

HIGH8.8

Use after free in XR in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Critical)

Published: 2026-04-15Modified: 2026-04-17

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2026-6359

HIGH8.8

Use after free in Video in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Published: 2026-04-15Modified: 2026-04-17

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2026-6360

HIGH8.8

Use after free in FileSystem in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)

Published: 2026-04-15Modified: 2026-04-17

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2026-6361

HIGH8.3

Heap buffer overflow in PDFium in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)

Published: 2026-04-15Modified: 2026-04-29

CVSS 3.xHIGH 8.3

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

References

CVE-2026-6362

MEDIUM6.3

Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted video file. (Chromium security severity: High)

Published: 2026-04-15Modified: 2026-04-29

CVSS 3.xMEDIUM 6.3

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

References

CVE-2026-6363

HIGH8.8

Type Confusion in V8 in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)

Published: 2026-04-15Modified: 2026-04-17

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2026-6364

MEDIUM6.5

Out of bounds read in Skia in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted file. (Chromium security severity: Medium)

Published: 2026-04-15Modified: 2026-04-17

CVSS 3.xMEDIUM 6.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References

Package update chromium in branch sisyphus_loongarch64

Closed issues (62)

Уязвимость компонента Passwords браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Уязвимость компонента Video браузера Google Chrome, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Уязвимость компонента Media браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Уязвимость библиотеки ANGLE браузера Google Chrome, позволяющая нарушителю обойти защитный механизм песочницы

Уязвимость компонента Proxy браузера Google Chrome, позволяющая нарушителю обойти защитный механизм песочницы

Уязвимость элемента управления Разрешения (Permissions) браузера Google Chrome операционных систем Android, позволяющая нарушителю выполнить произвольный код

Уязвимость компонента Cast браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Уязвимость компонента Codecs браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Уязвимость механизма CORS браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Уязвимость графической библиотеки Skia браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Уязвимость компонента PDFium браузера Google Chrome операционных систем Windows, позволяющая нарушителю выполнить произвольный код

Уязвимость графического процессора браузера Google Chrome, позволяющая нарушителю обойти защитный механизм песочницы

Уязвимость компонента Codecs браузера Google Chrome, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании

Уязвимость компонента Payments браузера Google Chrome операционных систем Android, позволяющая нарушителю выполнить произвольный код

Уязвимость компонента Forms браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Уязвимость компонента PDFium браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Уязвимость компонента PDFium браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Уязвимость JIT-компилятора Turbofan браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Уязвимость компонента Accessibility браузера Google Chrome операционных систем Windows, позволяющая нарушителю обойти защитный механизм песочницы

Уязвимость компонента Graphite браузера Google Chrome, позволяющая нарушителю обойти защитный механизм песочницы

Уязвимость компонента Dawn браузера Google Chrome, позволяющая нарушителю обойти защитный механизм песочницы

Уязвимость библиотеки Viz (Visuals) браузера Google Chrome, позволяющая нарушителю обойти защитный механизм песочницы

Уязвимость компонента Codecs браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Уязвимость компонента Video браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Уязвимость компонента CSS браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Уязвимость JIT-компилятора Turbofan браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Уязвимость графической библиотеки Skia браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Уязвимость компонента Prerender браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Heap buffer overflow in ANGLE in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Use after free in Proxy in Google Chrome prior to 147.0.7727.101 allowed an attacker in a privileged network position to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Heap buffer overflow in Skia in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Critical)

Use after free in Prerender in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

Use after free in CSS in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Use after free in Video in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Use after free in Graphite in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)

Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)

Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Out of bounds read in Media in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Use after free in Viz in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Use after free in Dawn in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Uninitialized Use in Accessibility in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Insufficient policy enforcement in Passwords in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

Insufficient policy enforcement in CORS in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

Out of bounds write in GPU in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the GPU process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Use after free in Permissions in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Use after free in Forms in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Use after free in Cast in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

Use after free in Payments in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Medium)

Use after free in XR in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Critical)

Use after free in Video in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Use after free in FileSystem in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)

Heap buffer overflow in PDFium in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)

Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted video file. (Chromium security severity: High)

Type Confusion in V8 in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)

Out of bounds read in Skia in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted file. (Chromium security severity: Medium)