ALT-PU-2026-8777-9

Обновление пакета chromium в ветке sisyphus

Версия149.0.7827.53-alt1
Задание#420154
Опубликовано2026-07-04
Макс. серьёзностьCRITICAL
Серьёзность:

Закрытые проблемы (518)

BDU:2026-07957
CRITICAL9.6

Уязвимость режима чтения (Reading Mode) браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю обойти защитный механизм песочницы

Опубликовано: 2026-06-07
CVSS 3.xКРИТИЧЕСКАЯ 9.6
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CVSS 2.0КРИТИЧЕСКАЯ 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
BDU:2026-07958
MEDIUM6.5

Уязвимость раздела Navigation (Навигация) браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю обойти существующие механизмы безопасности

Опубликовано: 2026-06-07
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVSS 2.0ВЫСОКАЯ 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:C/A:N
BDU:2026-07960
MEDIUM4.3

Уязвимость раздела Navigation (Навигация) браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю обойти существующие механизмы безопасности

Опубликовано: 2026-06-07
CVSS 3.xСРЕДНЯЯ 4.3
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVSS 2.0СРЕДНЯЯ 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:N
BDU:2026-07975
MEDIUM4.3

Уязвимость пользовательского интерфейса браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю осуществлять подмену интерфейса с помощью специально созданной HTML-страницы

Опубликовано: 2026-06-08
CVSS 3.xСРЕДНЯЯ 4.3
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVSS 2.0СРЕДНЯЯ 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:N
BDU:2026-07976
MEDIUM6.5

Уязвимость сетевого компонента Cronet браузера Google Chrome, позволяющая нарушителю подменять доменное имя

Опубликовано: 2026-06-08
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVSS 2.0ВЫСОКАЯ 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:C/A:N
BDU:2026-08009
MEDIUM6.5

Уязвимость браузеров Google Chrome и Microsoft Edge, связанная с ошибкой подтверждения источника данных, позволяющая нарушителю обойти ограничения безопасности

Опубликовано: 2026-06-08
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVSS 2.0ВЫСОКАЯ 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:C/A:N
BDU:2026-08010
MEDIUM6.5

Уязвимость компонента Extensions (Расширения) браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю раскрыть защищаемую информацию

Опубликовано: 2026-06-08
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVSS 2.0ВЫСОКАЯ 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:N/A:N
BDU:2026-08011
MEDIUM6.5

Уязвимость компонента Payments браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю подменить пользовательский интерфейс

Опубликовано: 2026-06-08
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVSS 2.0ВЫСОКАЯ 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:C/A:N
BDU:2026-08012
HIGH8.8

Уязвимость компонента Media браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код

Опубликовано: 2026-06-08
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.0КРИТИЧЕСКАЯ 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
BDU:2026-08013
MEDIUM6.5

Уязвимость библиотеки ANGLE браузеров Google Chrome и Microsoft Edge операционных систем Windows, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Опубликовано: 2026-06-08
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVSS 2.0ВЫСОКАЯ 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:N/A:N
BDU:2026-08014
HIGH8.8

Уязвимость компонента Media браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код

Опубликовано: 2026-06-08
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.0КРИТИЧЕСКАЯ 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
BDU:2026-08034
MEDIUM6.5

Уязвимость функции Link Preview (Предварительный просмотр) браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю обойти ограничения безопасности

Опубликовано: 2026-06-09
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVSS 2.0ВЫСОКАЯ 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:C/A:N
BDU:2026-08035
MEDIUM6.5

Уязвимость компонента Actor браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю обойти ограничения безопасности

Опубликовано: 2026-06-09
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVSS 2.0ВЫСОКАЯ 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:C/A:N
BDU:2026-08036
HIGH8.8

Уязвимость технологии WebRTC браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код

Опубликовано: 2026-06-09
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.0КРИТИЧЕСКАЯ 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
BDU:2026-08037
MEDIUM5.3

Уязвимость библиотеки ANGLE браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Опубликовано: 2026-06-09
CVSS 3.xСРЕДНЯЯ 5.3
CVSS:3.x/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
CVSS 2.0СРЕДНЯЯ 5.4
CVSS:2.0/AV:N/AC:H/Au:N/C:C/I:N/A:N
BDU:2026-08038
MEDIUM6.5

Уязвимость компонента WebML браузеров Google Chrome и Microsoft Edge операционных систем MacOS, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Опубликовано: 2026-06-09
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVSS 2.0ВЫСОКАЯ 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:N/A:N
BDU:2026-08039
CRITICAL9.6

Уязвимость библиотеки ANGLE браузеров Google Chrome и Microsoft Edge операционных систем MacOS, позволяющая нарушителю обойти защитный механизм песочницы

Опубликовано: 2026-06-09
CVSS 3.xКРИТИЧЕСКАЯ 9.6
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CVSS 2.0КРИТИЧЕСКАЯ 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
BDU:2026-08040
HIGH8.3

Уязвимость интерфейса Web Serial API браузеров Google Chrome и Microsoft Edge операционных систем Android, позволяющая нарушителю обойти защитный механизм песочницы

Опубликовано: 2026-06-09
CVSS 3.xВЫСОКАЯ 8.3
CVSS:3.x/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
CVSS 2.0ВЫСОКАЯ 7.6
CVSS:2.0/AV:N/AC:H/Au:N/C:C/I:C/A:C
BDU:2026-08041
CRITICAL9.6

Уязвимость интерфейса WebUSB API браузеров Google Chrome и Microsoft Edge операционных систем Windows, позволяющая нарушителю обойти защитный механизм песочницы

Опубликовано: 2026-06-09
CVSS 3.xКРИТИЧЕСКАЯ 9.6
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CVSS 2.0КРИТИЧЕСКАЯ 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
BDU:2026-08042
MEDIUM6.5

Уязвимость функции Navigation браузеров Google Chrome и Microsoft Edge операционных систем Android, позволяющая нарушителю обойти ограничения безопасности

Опубликовано: 2026-06-09
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVSS 2.0ВЫСОКАЯ 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:C/A:N
BDU:2026-08043
MEDIUM5.3

Уязвимость библиотеки ANGLE браузеров Google Chrome и Microsoft Edge операционных систем MacOS, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Опубликовано: 2026-06-09
CVSS 3.xСРЕДНЯЯ 5.3
CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSS 2.0СРЕДНЯЯ 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
BDU:2026-08122
MEDIUM4.3

Уязвимость компонента DevTools браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Опубликовано: 2026-06-10
CVSS 3.xСРЕДНЯЯ 4.3
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CVSS 2.0СРЕДНЯЯ 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
BDU:2026-08123
MEDIUM6.5

Уязвимость функции конфиденциальности Fenced Frames браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю обойти существующие механизмы безопасности

Опубликовано: 2026-06-10
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVSS 2.0ВЫСОКАЯ 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:C/A:N
BDU:2026-08124
MEDIUM4.3

Уязвимость компонента PointerLock браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю выполнить подмену пользовательского интерфейса

Опубликовано: 2026-06-10
CVSS 3.xСРЕДНЯЯ 4.3
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVSS 2.0СРЕДНЯЯ 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:N
BDU:2026-08125
MEDIUM6.8

Уязвимость компонента интеграции с платформой (PlatformIntegration) браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю выполнить произвольный код

Опубликовано: 2026-06-10
CVSS 3.xСРЕДНЯЯ 6.8
CVSS:3.x/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
CVSS 2.0ВЫСОКАЯ 7.1
CVSS:2.0/AV:N/AC:H/Au:N/C:C/I:C/A:N
BDU:2026-08126
HIGH8.8

Уязвимость браузеров Google Chrome и Microsoft Edge, связанная с недостаточной проверкой входных данных, позволяющая нарушителю выполнить произвольный код

Опубликовано: 2026-06-10
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.0КРИТИЧЕСКАЯ 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
BDU:2026-08185
MEDIUM4.7

Уязвимость набора API для работы с складными устройствами Foldable API браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю обойти существующие механизмы безопасности

Опубликовано: 2026-06-14
CVSS 3.xСРЕДНЯЯ 4.7
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
CVSS 2.0СРЕДНЯЯ 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
BDU:2026-08186
HIGH8.1

Уязвимость службы Safe Browsing браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код

Опубликовано: 2026-06-14
CVSS 3.xВЫСОКАЯ 8.1
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
CVSS 2.0КРИТИЧЕСКАЯ 9.4
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:N
BDU:2026-08187
MEDIUM5.4

Уязвимость функции TabGroups браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить подмену пользовательского интерфейса

Опубликовано: 2026-06-14
CVSS 3.xСРЕДНЯЯ 5.4
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
CVSS 2.0СРЕДНЯЯ 6.4
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:P
BDU:2026-08188
MEDIUM4.3

Уязвимость службы File Input браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить подмену пользовательского интерфейса

Опубликовано: 2026-06-14
CVSS 3.xСРЕДНЯЯ 4.3
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVSS 2.0СРЕДНЯЯ 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:N
BDU:2026-08189
MEDIUM6.1

Уязвимость компонента Enterprise браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю повысить свои привилегии

Опубликовано: 2026-06-14
CVSS 3.xСРЕДНЯЯ 6.1
CVSS:3.x/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CVSS 2.0СРЕДНЯЯ 6.6
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:N
BDU:2026-08190
HIGH8.8

Уязвимость компонента Extensions браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код внутри песочницы

Опубликовано: 2026-06-14
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.0КРИТИЧЕСКАЯ 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
BDU:2026-08191
MEDIUM6.5

Уязвимость компонента Tab Hover Cards браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить подмену домена

Опубликовано: 2026-06-14
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVSS 2.0ВЫСОКАЯ 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:C/A:N
BDU:2026-08192
MEDIUM6.5

Уязвимость службы Network браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю обойти существующие механизмы безопасности

Опубликовано: 2026-06-14
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVSS 2.0ВЫСОКАЯ 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:C/A:N
BDU:2026-08193
HIGH8.1

Уязвимость компонента Extensions браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код

Опубликовано: 2026-06-14
CVSS 3.xВЫСОКАЯ 8.1
CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.0ВЫСОКАЯ 7.6
CVSS:2.0/AV:N/AC:H/Au:N/C:C/I:C/A:C
BDU:2026-08194
HIGH8.3

Уязвимость компонента Media браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить подмену пользовательского интерфейса

Опубликовано: 2026-06-14
CVSS 3.xВЫСОКАЯ 8.3
CVSS:3.x/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
CVSS 2.0ВЫСОКАЯ 7.6
CVSS:2.0/AV:N/AC:H/Au:N/C:C/I:C/A:C
BDU:2026-08195
HIGH8.3

Уязвимость компонента Web Bluetooth браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю обойти защитный механизм песочницы

Опубликовано: 2026-06-14
CVSS 3.xВЫСОКАЯ 8.3
CVSS:3.x/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
CVSS 2.0ВЫСОКАЯ 7.6
CVSS:2.0/AV:N/AC:H/Au:N/C:C/I:C/A:C
BDU:2026-08196
MEDIUM6.5

Уязвимость элемента управления вкладками Tab Strip браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить подмену домена

Опубликовано: 2026-06-14
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVSS 2.0ВЫСОКАЯ 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:C/A:N
BDU:2026-08197
MEDIUM6.5

Уязвимость пользовательского интерфейса WebUI браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить подмену домена

Опубликовано: 2026-06-14
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVSS 2.0ВЫСОКАЯ 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:C/A:N
BDU:2026-08592
MEDIUM6.5

Уязвимость браузера Google Chrome операционных систем iOS, связанная с недостатком в механизме подтверждения источника, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Опубликовано: 2026-06-22
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVSS 2.0ВЫСОКАЯ 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:N/A:N
BDU:2026-08994
MEDIUM6.5

Уязвимость компонента PreviewTab браузеров Google Chrome, позволяющая нарушителю обойти механизмы защиты

Опубликовано: 2026-06-30
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVSS 2.0ВЫСОКАЯ 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:C/A:N
BDU:2026-09086
HIGH8.8

Уязвимость компонента Passwords браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Опубликовано: 2026-07-01
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.0КРИТИЧЕСКАЯ 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
BDU:2026-09092
HIGH8.8

Уязвимость службы Network браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код

Опубликовано: 2026-07-01
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.0КРИТИЧЕСКАЯ 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
BDU:2026-09094
HIGH8.3

Уязвимость библиотеки ANGLE браузера Google Chrome, позволяющая нарушителю обойти защитный механизм песочницы

Опубликовано: 2026-07-01
CVSS 3.xВЫСОКАЯ 8.3
CVSS:3.x/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
CVSS 2.0ВЫСОКАЯ 7.6
CVSS:2.0/AV:N/AC:H/Au:N/C:C/I:C/A:C
BDU:2026-09097
HIGH8.8

Уязвимость компонента Network браузера Google Chrome, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Опубликовано: 2026-07-01
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.0КРИТИЧЕСКАЯ 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
BDU:2026-09099
HIGH8.3

Уязвимость компонента WebShare браузера Google Chrome операционных систем Android, позволяющая нарушителю обойти защитный механизм песочницы

Опубликовано: 2026-07-01
CVSS 3.xВЫСОКАЯ 8.3
CVSS:3.x/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
CVSS 2.0ВЫСОКАЯ 7.6
CVSS:2.0/AV:N/AC:H/Au:N/C:C/I:C/A:C
BDU:2026-09101
MEDIUM6.5

Уязвимость компонента Dawn браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Опубликовано: 2026-07-01
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVSS 2.0ВЫСОКАЯ 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:N/A:N
BDU:2026-09102
CRITICAL9.6

Уязвимость функции автозаполнения Autofill браузера Google Chrome, позволяющая нарушителю обойти защитный механизм песочницы

Опубликовано: 2026-07-01
CVSS 3.xКРИТИЧЕСКАЯ 9.6
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CVSS 2.0КРИТИЧЕСКАЯ 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
BDU:2026-09106
HIGH8.8

Уязвимость компонента Fonts браузера Google Chrome операционных систем Linux, позволяющая нарушителю выполнить произвольный код

Опубликовано: 2026-07-01
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.0КРИТИЧЕСКАЯ 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
BDU:2026-09108
MEDIUM6.5

Уязвимость компонента WebView браузера Google Chrome операционных систем Android, позволяющая нарушителю получить доступ к конфиденциальной информации

Опубликовано: 2026-07-01
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVSS 2.0ВЫСОКАЯ 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:N/A:N
BDU:2026-09111
MEDIUM6.5

Уязвимость компонента Network браузера Google Chrome, позволяющая нарушителю получить доступ к конфиденциальной информации

Опубликовано: 2026-07-01
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVSS 2.0ВЫСОКАЯ 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:N/A:N
BDU:2026-09113
HIGH8.8

Уязвимость браузера Google Chrome операционных систем iOS, связанная с возможностью использования памяти после освобождения, позволяющая нарушителю выполнить произвольный код

Опубликовано: 2026-07-01
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.0КРИТИЧЕСКАЯ 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
BDU:2026-09114
HIGH8.8

Уязвимость браузера Google Chrome операционных систем iOS, связанная с возможностью использования памяти после освобождения, позволяющая нарушителю выполнить произвольный код

Опубликовано: 2026-07-01
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.0КРИТИЧЕСКАЯ 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
BDU:2026-09126
HIGH8.8

Уязвимость графической подсистемы GFX браузеров Google Chrome операционных систем Linux, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании

Опубликовано: 2026-07-01
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.0КРИТИЧЕСКАЯ 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
BDU:2026-09128
HIGH8.1

Уязвимость компонента Chromoting браузеров Google Chrome операционных систем MacOS, позволяющая нарушителю выполнить произвольный код

Опубликовано: 2026-07-01
CVSS 3.xВЫСОКАЯ 8.1
CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.0ВЫСОКАЯ 7.6
CVSS:2.0/AV:N/AC:H/Au:N/C:C/I:C/A:C
BDU:2026-09132
CRITICAL9.6

Уязвимость системы баз данных Google Base браузера Google Chrome операционных систем Windows, позволяющая нарушителю обойти защитный механизм песочницы

Опубликовано: 2026-07-01
CVSS 3.xКРИТИЧЕСКАЯ 9.6
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CVSS 2.0КРИТИЧЕСКАЯ 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
BDU:2026-09133
HIGH8.8

Уязвимость компонента Media браузера Google Chrome операционных систем Windows, позволяющая нарушителю обойти защитный механизм песочницы

Опубликовано: 2026-07-01
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.0КРИТИЧЕСКАЯ 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
BDU:2026-09134
CRITICAL9.6

Уязвимость графического процессора браузера Google Chrome операционных систем Windows, позволяющая нарушителю обойти защитный механизм песочницы

Опубликовано: 2026-07-01
CVSS 3.xКРИТИЧЕСКАЯ 9.6
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CVSS 2.0КРИТИЧЕСКАЯ 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
BDU:2026-09135
MEDIUM6.5

Уязвимость графического процессора браузера Google Chrome, позволяющая нарушителю получить доступ к конфиденциальной информации

Опубликовано: 2026-07-01
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVSS 2.0ВЫСОКАЯ 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:N/A:N
BDU:2026-09136
MEDIUM6.5

Уязвимость набора инструментов для веб-разработки DevTools браузера Google Chrome, позволяющая нарушителю обойти существующие ограничения безопасности

Опубликовано: 2026-07-01
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVSS 2.0ВЫСОКАЯ 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:C/A:N
BDU:2026-09137
MEDIUM6.5

Уязвимость ИИ-помощника Gemini (ранее GLIC (Gemini Live in Chrome)) браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Опубликовано: 2026-07-01
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVSS 2.0ВЫСОКАЯ 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:N/A:N
BDU:2026-09138
MEDIUM4.3

Уязвимость компонента Password Manager браузера Google Chrome, позволяющая нарушителю выполнить подмену пользовательского интерфейса

Опубликовано: 2026-07-01
CVSS 3.xСРЕДНЯЯ 4.3
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVSS 2.0СРЕДНЯЯ 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:N
BDU:2026-09140
HIGH8.1

Уязвимость компонента WebGPU браузера Google Chrome, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Опубликовано: 2026-07-01
CVSS 3.xВЫСОКАЯ 8.1
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
CVSS 2.0КРИТИЧЕСКАЯ 9.4
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:N/A:C
BDU:2026-09142
HIGH8.1

Уязвимость компонента Payments браузера Google Chrome операционных систем Android, позволяющая нарушителю проводить спуфинг-атаки

Опубликовано: 2026-07-01
CVSS 3.xВЫСОКАЯ 8.1
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
CVSS 2.0КРИТИЧЕСКАЯ 9.4
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:N/A:C
BDU:2026-09157
HIGH8.8

Уязвимость графической библиотеки Skia браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании

Опубликовано: 2026-07-01
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.0КРИТИЧЕСКАЯ 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
BDU:2026-09159
MEDIUM6.5

Уязвимость компонента Password Manager браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Опубликовано: 2026-07-01
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVSS 2.0ВЫСОКАЯ 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:C/A:N
BDU:2026-09161
MEDIUM6.5

Уязвимость графической библиотеки Skia браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Опубликовано: 2026-07-01
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVSS 2.0ВЫСОКАЯ 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:C/A:N
BDU:2026-09174
HIGH8.3

Уязвимость компонента Media браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю обойти защитный механизм песочницы

Опубликовано: 2026-07-01
CVSS 3.xВЫСОКАЯ 8.3
CVSS:3.x/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
CVSS 2.0ВЫСОКАЯ 7.6
CVSS:2.0/AV:N/AC:H/Au:N/C:C/I:C/A:C
BDU:2026-09175
HIGH8.8

Уязвимость компонента Cast браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код

Опубликовано: 2026-07-01
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.0ВЫСОКАЯ 8.3
CVSS:2.0/AV:A/AC:L/Au:N/C:C/I:C/A:C
BDU:2026-09176
HIGH8.8

Уязвимость библиотеки ANGLE браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании

Опубликовано: 2026-07-01
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.0КРИТИЧЕСКАЯ 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
BDU:2026-09177
HIGH8.1

Уязвимость библиотеки ANGLE браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю раскрыть защищаемую информацию или вызвать отказ в обслуживании

Опубликовано: 2026-07-01
CVSS 3.xВЫСОКАЯ 8.1
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
CVSS 2.0КРИТИЧЕСКАЯ 9.4
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:N/A:C
BDU:2026-09178
HIGH8.8

Уязвимость обработчика JavaScript-сценариев V8 браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код

Опубликовано: 2026-07-01
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.0КРИТИЧЕСКАЯ 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
BDU:2026-09179
MEDIUM6.1

Уязвимость набора инструментов для веб-разработки DevTools браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю проводить UXSS-атаки

Опубликовано: 2026-07-01
CVSS 3.xСРЕДНЯЯ 6.1
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVSS 2.0СРЕДНЯЯ 6.4
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:N
BDU:2026-09180
MEDIUM6.1

Уязвимость компонента Codecs браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю обойти защитный механизм песочницы

Опубликовано: 2026-07-01
CVSS 3.xСРЕДНЯЯ 6.1
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVSS 2.0СРЕДНЯЯ 6.4
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:N
BDU:2026-09181
HIGH8.1

Уязвимость компонента Input браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю обойти существующие механизмы безопасности

Опубликовано: 2026-07-01
CVSS 3.xВЫСОКАЯ 8.1
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
CVSS 2.0КРИТИЧЕСКАЯ 9.4
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:N
BDU:2026-09182
HIGH8.3

Уязвимость библиотеки ANGLE браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю обойти защитный механизм песочницы

Опубликовано: 2026-07-01
CVSS 3.xВЫСОКАЯ 8.3
CVSS:3.x/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
CVSS 2.0ВЫСОКАЯ 7.6
CVSS:2.0/AV:N/AC:H/Au:N/C:C/I:C/A:C
BDU:2026-09183
HIGH8.3

Уязвимость компонента Dawn браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю обойти защитный механизм песочницы

Опубликовано: 2026-07-01
CVSS 3.xВЫСОКАЯ 8.3
CVSS:3.x/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
CVSS 2.0ВЫСОКАЯ 7.6
CVSS:2.0/AV:N/AC:H/Au:N/C:C/I:C/A:C
BDU:2026-09184
HIGH8.8

Уязвимость технологии WebRTC браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код

Опубликовано: 2026-07-01
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.0КРИТИЧЕСКАЯ 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
BDU:2026-09185
HIGH8.1

Уязвимость компонента Passwords (управление паролями) браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю обойти ограничения безопасности

Опубликовано: 2026-07-01
CVSS 3.xВЫСОКАЯ 8.1
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
CVSS 2.0КРИТИЧЕСКАЯ 9.4
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:N
BDU:2026-09186
HIGH8.8

Уязвимость технологии WebRTC браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код

Опубликовано: 2026-07-01
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.0КРИТИЧЕСКАЯ 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
BDU:2026-09187
HIGH8.8

Уязвимость библиотеки ANGLE браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код

Опубликовано: 2026-07-01
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.0КРИТИЧЕСКАЯ 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
BDU:2026-09188
HIGH8.3

Уязвимость библиотеки ANGLE браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю обойти защитный механизм песочницы

Опубликовано: 2026-07-01
CVSS 3.xВЫСОКАЯ 8.3
CVSS:3.x/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
CVSS 2.0ВЫСОКАЯ 7.6
CVSS:2.0/AV:N/AC:H/Au:N/C:C/I:C/A:C
BDU:2026-09189
HIGH8.8

Уязвимость компонента PDF браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код

Опубликовано: 2026-07-01
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.0КРИТИЧЕСКАЯ 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
BDU:2026-09190
MEDIUM6.5

Уязвимость службы Network браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю обойти существующие ограничения безопасности

Опубликовано: 2026-07-01
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVSS 2.0ВЫСОКАЯ 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:C/A:N
BDU:2026-09191
HIGH8.8

Уязвимость пользовательского интерфейса браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании

Опубликовано: 2026-07-01
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.0КРИТИЧЕСКАЯ 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
BDU:2026-09192
HIGH8.8

Уязвимость компонента WebAppInstalls браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код

Опубликовано: 2026-07-01
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.0КРИТИЧЕСКАЯ 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
BDU:2026-09193
HIGH8.3

Уязвимость компонента Printing браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю обойти защитный механизм песочницы

Опубликовано: 2026-07-01
CVSS 3.xВЫСОКАЯ 8.3
CVSS:3.x/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
CVSS 2.0ВЫСОКАЯ 7.6
CVSS:2.0/AV:N/AC:H/Au:N/C:C/I:C/A:C
BDU:2026-09194
HIGH8.8

Уязвимость компонента Cast Streaming браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код

Опубликовано: 2026-07-01
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.0ВЫСОКАЯ 8.3
CVSS:2.0/AV:A/AC:L/Au:N/C:C/I:C/A:C
BDU:2026-09195
HIGH8.3

Уязвимость компонента Chromecast браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю обойти защитный механизм песочницы

Опубликовано: 2026-07-01
CVSS 3.xВЫСОКАЯ 8.3
CVSS:3.x/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
CVSS 2.0ВЫСОКАЯ 7.6
CVSS:2.0/AV:N/AC:H/Au:N/C:C/I:C/A:C
BDU:2026-09196
HIGH8.3

Уязвимость менеджера паролей браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю обойти ограничения безопасности

Опубликовано: 2026-07-01
CVSS 3.xВЫСОКАЯ 8.3
CVSS:3.x/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
CVSS 2.0ВЫСОКАЯ 7.6
CVSS:2.0/AV:N/AC:H/Au:N/C:C/I:C/A:C
BDU:2026-09197
MEDIUM6.5

Уязвимость компонента Extensions браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю обойти ограничения безопасности

Опубликовано: 2026-07-01
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVSS 2.0ВЫСОКАЯ 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:C/A:N
CVE-2026-10881
CRITICAL9.6

Out of bounds read and write in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xКРИТИЧЕСКАЯ 9.6
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-10883
HIGH8.8

Type Confusion in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-10884
HIGH8.3

Use after free in Chromecast in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.3
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-10885
HIGH8.8

Use after free in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-10886
CRITICAL9.6

Use after free in FileSystem in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xКРИТИЧЕСКАЯ 9.6
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-10887
HIGH8.1

Use after free in Chromoting in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Critical)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.1
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2026-10888
HIGH8.8

Use after free in Cast Streaming in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to execute arbitrary code via malicious network traffic. (Chromium security severity: Critical)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2026-10889
HIGH8.3

Out of bounds read in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.3
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-10890
HIGH8.8

Use after free in Cast in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to potentially exploit heap corruption via malicious network traffic. (Chromium security severity: Critical)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2026-10891
HIGH8.8

Use after free in GFX in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-10892
CRITICAL9.6

Out of bounds write in GPU in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xКРИТИЧЕСКАЯ 9.6
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-10893
HIGH8.8

Use after free in Chromoting in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Critical)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-10894
HIGH8.3

Use after free in Printing in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.3
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-10896
HIGH8.8

Use after free in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-10897
HIGH8.8

Inappropriate implementation in GPU in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-10898
HIGH8.3

Stack buffer overflow in GPU in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.3
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-10899
HIGH7.5

Use after free in Ozone in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 7.5
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-10900
HIGH7.5

Use after free in Passwords in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 7.5
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-10901
HIGH7.5

Use after free in Passwords in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 7.5
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-10903
HIGH8.8

Use after free in WebRTC in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-10904
HIGH8.8

Inappropriate implementation in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-10905
HIGH8.3

Use after free in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.3
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-10906
HIGH7.5

Use after free in WebAuthentication in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 7.5
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-10907
HIGH8.8

Out of bounds write in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-10908
HIGH8.3

Use after free in FullScreen in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.3
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-10909
HIGH8.3

Use after free in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.3
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-10910
HIGH8.8

Type Confusion in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-10911
HIGH8.3

Insufficient validation of untrusted input in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.3
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-10912
MEDIUM6.5

Insufficient validation of untrusted input in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2026-10913
HIGH8.8

Use after free in ANGLE in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-10914
HIGH8.8

Use after free in ANGLE in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-10915
HIGH8.3

Use after free in Core in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.3
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-10916
MEDIUM6.1

Insufficient validation of untrusted input in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.1
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE-2026-10917
HIGH8.3

Insufficient validation of untrusted input in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.3
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-10918
HIGH8.3

Use after free in Viz in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.3
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-10919
HIGH8.3

Use after free in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.3
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-10920
HIGH8.3

Insufficient validation of untrusted input in WebShare in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.3
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-10921
HIGH8.3

Integer overflow in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.3
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-10922
HIGH8.8

Insufficient validation of untrusted input in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass same origin policy via malicious network traffic. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-10923
HIGH8.8

Use after free in WebAppInstalls in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to execute arbitrary code via a malicious file. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-10924
HIGH8.3

Integer overflow in Chromecast in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.3
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-10925
HIGH8.3

Out of bounds write in Skia in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.3
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-10926
HIGH8.8

Use after free in Cast in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to execute arbitrary code via malicious network traffic. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2026-10927
HIGH8.3

Out of bounds read in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.3
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-10929
HIGH8.3

Heap buffer overflow in ANGLE in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.3
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-10930
HIGH8.1

Out of bounds read in ANGLE in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.1
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
CVE-2026-10931
CRITICAL9.6

Use after free in FileSystem in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xКРИТИЧЕСКАЯ 9.6
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-10932
HIGH8.8

Use after free in UI in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-10933
HIGH8.3

Use after free in Audio in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.3
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-10934
HIGH8.3

Use after free in Autofill in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.3
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-10935
HIGH8.8

Type Confusion in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-10936
HIGH8.8

Type Confusion in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-10937
MEDIUM6.5

Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2026-10938
MEDIUM6.5

Inappropriate implementation in Input in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2026-10939
HIGH8.8

Use after free in WebRTC in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-10940
HIGH8.3

Race in Codecs in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.3
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-10941
HIGH8.8

Out of bounds memory access in Skia in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-10942
HIGH7.8

Inappropriate implementation in UI in Google Chrome on Windows prior to 149.0.7827.53 allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 7.8
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-10943
HIGH8.8

Use after free in WebRTC in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-10944
MEDIUM6.5

Insufficient policy enforcement in Autofill in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-10945
HIGH8.8

Use after free in PDF in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-10946
HIGH7.5

Heap buffer overflow in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 7.5
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-10947
HIGH8.8

Use after free in WebRTC in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-10948
HIGH8.8

Use after free in WebRTC in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-10949
HIGH8.3

Heap buffer overflow in Video in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.3
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-10950
MEDIUM6.5

Insufficient policy enforcement in Autofill in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-10951
HIGH8.8

Use after free in Autofill in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-10952
HIGH8.8

Use after free in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-10953
HIGH8.3

Use after free in Core in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.3
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-10954
HIGH8.8

Use after free in Actor in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-10955
HIGH8.8

Type Confusion in ANGLE in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-10956
HIGH8.8

Use after free in MimeHandlerView in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-10957
HIGH8.8

Use after free in Glic in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-10958
HIGH8.8

Use after free in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-10959
HIGH8.8

Use after free in Input in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-10960
HIGH8.3

Uninitialized Use in Codecs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.3
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-10961
HIGH8.3

Use after free in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.3
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-10962
HIGH8.8

Type Confusion in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-10963
HIGH8.8

Integer overflow in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-10964
HIGH8.8

Integer overflow in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-10965
HIGH8.8

Integer overflow in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-10966
CRITICAL9.6

Inappropriate implementation in Codecs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xКРИТИЧЕСКАЯ 9.6
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-10967
HIGH8.3

Use after free in SurfaceCapture in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.3
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-10968
HIGH7.4

Insufficient validation of untrusted input in Dawn in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 7.4
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
CVE-2026-10969
HIGH7.5

Insufficient validation of untrusted input in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 7.5
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-10970
HIGH8.3

Insufficient validation of untrusted input in InterestGroups in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.3
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-10971
CRITICAL9.6

Insufficient validation of untrusted input in Printing in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xКРИТИЧЕСКАЯ 9.6
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-10972
CRITICAL9.6

Use after free in Ozone in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xКРИТИЧЕСКАЯ 9.6
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-10974
CRITICAL9.6

Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xКРИТИЧЕСКАЯ 9.6
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-10975
HIGH8.8

Use after free in WebRTC in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-10976
HIGH7.4

Uninitialized Use in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 7.4
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
CVE-2026-10977
MEDIUM6.5

Uninitialized Use in Skia in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-10978
HIGH8.8

Use after free in Chromoting in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-10979
MEDIUM6.5

Out of bounds read in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-10980
MEDIUM6.5

Insufficient validation of untrusted input in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2026-10981
MEDIUM6.5

Insufficient validation of untrusted input in Codecs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted video file. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-10982
HIGH8.8

Use after free in WebXR in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-10983
CRITICAL9.6

Insufficient validation of untrusted input in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xКРИТИЧЕСКАЯ 9.6
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-10984
MEDIUM5.4

Inappropriate implementation in Accessibility in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 5.4
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
CVE-2026-10986
HIGH8.8

Integer overflow in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a malicious file. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-10987
HIGH8.8

Integer overflow in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-10988
HIGH8.8

Use after free in Views in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-10989
HIGH8.8

Inappropriate implementation in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-10990
CRITICAL9.6

Use after free in Glic in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xКРИТИЧЕСКАЯ 9.6
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-10991
HIGH8.8

Use after free in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-10992
MEDIUM6.5

Insufficient data validation in Animation in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-10993
MEDIUM6.5

Heap buffer overflow in Skia in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-10994
MEDIUM6.5

Uninitialized Use in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-10995
HIGH8.8

Heap buffer overflow in TabStrip in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-10996
MEDIUM6.5

Inappropriate implementation in Workers in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2026-10997
MEDIUM6.5

Insufficient policy enforcement in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2026-10998
MEDIUM4.0

Out of bounds read in Media in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to perform an out of bounds memory read via malicious network traffic. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 4.0
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2026-10999
MEDIUM6.5

Integer overflow in ANGLE in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-11000
HIGH8.8

Use after free in Fonts in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-11001
MEDIUM6.5

Inappropriate implementation in Payments in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2026-11002
CRITICAL9.6

Use after free in Autofill in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xКРИТИЧЕСКАЯ 9.6
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-11003
HIGH8.8

Use after free in WebRTC in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-11004
MEDIUM5.3

Out of bounds read in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 5.3
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-11005
MEDIUM5.3

Out of bounds read in ANGLE in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 5.3
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-11006
MEDIUM6.5

Out of bounds read in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-11007
MEDIUM6.5

Insufficient validation of untrusted input in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-11008
MEDIUM6.5

Insufficient validation of untrusted input in WebAppInstalls in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-11009
CRITICAL9.6

Use after free in USB in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xКРИТИЧЕСКАЯ 9.6
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-11010
HIGH8.3

Use after free in WebShare in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.3
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-11011
HIGH8.1

Insufficient policy enforcement in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.1
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
CVE-2026-11012
HIGH8.3

Use after free in Serial in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.3
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-11013
MEDIUM6.5

Insufficient validation of untrusted input in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-11014
MEDIUM6.5

Insufficient policy enforcement in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass site isolation via a crafted Chrome Extension. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2026-11015
HIGH8.1

Out of bounds read in WebGPU in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.1
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
CVE-2026-11016
MEDIUM6.5

Insufficient validation of untrusted input in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2026-11017
MEDIUM6.5

Inappropriate implementation in Link Preview in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2026-11018
MEDIUM6.5

Insufficient policy enforcement in Actor in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2026-11019
MEDIUM6.5

Inappropriate implementation in Payments in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2026-11020
MEDIUM6.5

Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted XML file. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-11021
CRITICAL9.6

Insufficient validation of untrusted input in GPU in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xКРИТИЧЕСКАЯ 9.6
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-11022
MEDIUM6.5

Insufficient validation of untrusted input in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2026-11023
MEDIUM6.5

Inappropriate implementation in WebAppInstalls in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2026-11024
HIGH8.8

Stack buffer overflow in Skia in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-11025
MEDIUM6.5

Insufficient policy enforcement in Navigation in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2026-11026
MEDIUM6.5

Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2026-11027
MEDIUM6.5

Insufficient validation of untrusted input in Glic in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-11028
HIGH8.8

Use after free in Media in Google Chrome on Linux and ChromeOS prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-11029
CRITICAL9.6

Insufficient validation of untrusted input in Drag and Drop in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xКРИТИЧЕСКАЯ 9.6
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-11030
HIGH8.8

Use after free in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via malicious network traffic. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-11031
MEDIUM4.3

Insufficient validation of untrusted input in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via malicious network traffic. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 4.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE-2026-11032
MEDIUM6.5

Inappropriate implementation in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-11033
MEDIUM6.5

Uninitialized Use in WebML in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-11034
MEDIUM6.1

Insufficient validation of untrusted input in Tab Group Sync in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via malicious network traffic. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.1
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE-2026-11035
HIGH7.3

Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to perform privilege escalation via a crafted XML file. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 7.3
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CVE-2026-11036
MEDIUM6.5

Inappropriate implementation in DOM in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2026-11037
CRITICAL9.6

Out of bounds write in Codecs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xКРИТИЧЕСКАЯ 9.6
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-11038
MEDIUM6.5

Insufficient policy enforcement in Subresource Integrity in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass content security policy via malicious network traffic. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2026-11040
HIGH8.3

Use after free in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.3
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-11041
HIGH8.8

Insufficient validation of untrusted input in Media in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-11042
HIGH8.8

Use after free in Views in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-11043
CRITICAL9.6

Out of bounds write in ANGLE in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xКРИТИЧЕСКАЯ 9.6
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-11044
MEDIUM6.5

Integer overflow in ANGLE in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-11045
MEDIUM6.5

Insufficient validation of untrusted input in GPU in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-11046
HIGH8.8

Insufficient validation of untrusted input in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-11047
CRITICAL9.6

Inappropriate implementation in Base in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xКРИТИЧЕСКАЯ 9.6
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-11048
MEDIUM6.5

Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2026-11049
HIGH8.8

Use after free in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-11050
HIGH8.8

Use after free in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-11051
MEDIUM6.5

Out of bounds read in ANGLE in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-11052
CRITICAL9.6

Type Confusion in GPU in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xКРИТИЧЕСКАЯ 9.6
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-11054
HIGH8.8

Use after free in WebRTC in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-11055
HIGH8.8

Use after free in ANGLE in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-11056
CRITICAL9.6

Insufficient validation of untrusted input in SiteIsolation in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xКРИТИЧЕСКАЯ 9.6
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-11057
MEDIUM6.5

Uninitialized Use in Skia in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-11058
HIGH7.5

Integer overflow in CredentialProvider in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform OS-level privilege escalation via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 7.5
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-11059
HIGH8.8

Use after free in Blink in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-11060
HIGH8.8

Use after free in Media in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-11061
CRITICAL9.6

Type Confusion in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xКРИТИЧЕСКАЯ 9.6
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-11062
MEDIUM4.3

Insufficient policy enforcement in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 4.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE-2026-11063
CRITICAL9.6

Insufficient validation of untrusted input in WebNN in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xКРИТИЧЕСКАЯ 9.6
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-11064
MEDIUM6.5

Race in GPU in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-11065
CRITICAL9.6

Use after free in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xКРИТИЧЕСКАЯ 9.6
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-11066
CRITICAL9.6

Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xКРИТИЧЕСКАЯ 9.6
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-11067
MEDIUM6.5

Uninitialized Use in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-11068
HIGH8.8

Use after free in WebSockets in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-11069
MEDIUM6.5

Insufficient validation of untrusted input in Cast in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2026-11070
CRITICAL9.6

Insufficient validation of untrusted input in Chromoting in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the network process to potentially perform a sandbox escape via malicious network traffic. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xКРИТИЧЕСКАЯ 9.6
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-11071
HIGH8.8

Use after free in Base in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-11072
HIGH7.8

Use after free in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to execute arbitrary code via a malicious file. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 7.8
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-11073
MEDIUM6.5

Use after free in WebGL in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-11074
HIGH8.8

Use after free in WebRTC in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-11075
MEDIUM6.5

Out of bounds read in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-11076
HIGH8.8

Type Confusion in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-11077
HIGH8.8

Bad cast in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-11078
MEDIUM6.5

Inappropriate implementation in FileSystem in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2026-11079
HIGH8.8

Insufficient validation of untrusted input in Codecs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform an out of bounds memory write via a crafted video file. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-11080
HIGH8.8

Use after free in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-11081
MEDIUM6.5

Inappropriate implementation in Canvas in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2026-11082
CRITICAL9.6

Race in GPU in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xКРИТИЧЕСКАЯ 9.6
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-11083
MEDIUM6.5

Inappropriate implementation in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-11084
MEDIUM6.5

Inappropriate implementation in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-11085
HIGH8.8

Integer overflow in GPU in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-11086
HIGH8.8

Inappropriate implementation in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-11087
MEDIUM6.5

Uninitialized Use in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-11088
CRITICAL9.6

Integer overflow in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xКРИТИЧЕСКАЯ 9.6
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-11089
MEDIUM6.5

Uninitialized Use in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-11091
HIGH8.8

Inappropriate implementation in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-11092
HIGH8.8

Insufficient policy enforcement in DevTools in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to perform privilege escalation via a crafted Chrome Extension. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-11093
MEDIUM6.5

Inappropriate implementation in Printing in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-11094
CRITICAL9.6

Use after free in Codecs in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xКРИТИЧЕСКАЯ 9.6
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-11095
CRITICAL9.6

Insufficient validation of untrusted input in Codecs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xКРИТИЧЕСКАЯ 9.6
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-11096
MEDIUM6.5

Out of bounds read in WebRTC in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-11097
MEDIUM6.5

Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-11098
MEDIUM5.3

Insufficient validation of untrusted input in GPU in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 5.3
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-11100
CRITICAL9.6

Use after free in File Input in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xКРИТИЧЕСКАЯ 9.6
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-11101
MEDIUM6.5

Uninitialized Use in Dawn in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-11102
HIGH8.8

Inappropriate implementation in Isolated Web Apps in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a malicious file. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-11103
HIGH7.8

Inappropriate implementation in Installer in Google Chrome on Windows prior to 149.0.7827.53 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 7.8
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-11104
MEDIUM6.5

Uninitialized Use in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-11105
MEDIUM6.5

Insufficient validation of untrusted input in WebUI in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-11106
MEDIUM6.5

Inappropriate implementation in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-11107
MEDIUM4.3

Inappropriate implementation in Downloads in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 4.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE-2026-11108
HIGH8.8

Inappropriate implementation in NFC in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-11111
HIGH8.1

Out of bounds read in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.1
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
CVE-2026-11112
CRITICAL9.6

Insufficient validation of untrusted input in Chromoting in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted Chrome Extension. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xКРИТИЧЕСКАЯ 9.6
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-11113
CRITICAL9.6

Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xКРИТИЧЕСКАЯ 9.6
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-11114
CRITICAL9.6

Use after free in Device Trust in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xКРИТИЧЕСКАЯ 9.6
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-11115
HIGH7.3

Use after free in Updater in Google Chrome on Windows prior to 149.0.7827.53 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 7.3
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CVE-2026-11116
HIGH8.8

Use after free in Chromoting in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-11117
HIGH8.8

Use after free in Views in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-11118
HIGH8.8

Use after free in WebRTC in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-11119
CRITICAL9.6

Inappropriate implementation in GPU in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xКРИТИЧЕСКАЯ 9.6
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-11120
CRITICAL9.6

Insufficient validation of untrusted input in Enterprise Reporting in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xКРИТИЧЕСКАЯ 9.6
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-11121
MEDIUM6.5

Insufficient validation of untrusted input in Skia in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-11122
MEDIUM6.1

Inappropriate implementation in Keyboard in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.1
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE-2026-11123
MEDIUM6.5

Uninitialized Use in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-11124
HIGH8.8

Integer overflow in Skia in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-11125
HIGH8.8

Use after free in Compositing in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-11126
MEDIUM4.3

Inappropriate implementation in DevTools in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 4.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CVE-2026-11127
MEDIUM6.5

Inappropriate implementation in WebAPKs in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform domain spoofing via a crafted WebAPK. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2026-11128
MEDIUM6.5

Inappropriate implementation in Web Share in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-11129
MEDIUM6.5

Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-11130
HIGH8.8

Use after free in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-11131
CRITICAL9.6

Use after free in Autofill in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xКРИТИЧЕСКАЯ 9.6
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-11132
MEDIUM6.5

Insufficient policy enforcement in Paint in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2026-11133
MEDIUM6.5

Insufficient policy enforcement in Paint in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2026-11134
MEDIUM6.5

Inappropriate implementation in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-11135
MEDIUM6.5

Insufficient policy enforcement in Autofill in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2026-11136
HIGH8.8

Use after free in Canvas in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-11137
MEDIUM6.5

Uninitialized Use in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-11139
MEDIUM6.5

Inappropriate implementation in Paint in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-11140
MEDIUM6.5

Out of bounds read in Chromecast in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-11141
MEDIUM6.5

Uninitialized Use in Audio in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-11142
MEDIUM6.5

Insufficient policy enforcement in Paint in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2026-11143
MEDIUM6.5

Out of bounds read in Extensions in Google Chrome on Linux prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-11144
HIGH8.8

Use after free in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted video file. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-11145
MEDIUM5.3

Race in Geolocation in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 5.3
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-11146
CRITICAL9.6

Insufficient validation of untrusted input in Chromoting in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xКРИТИЧЕСКАЯ 9.6
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-11147
HIGH8.8

Use after free in WebML in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-11148
MEDIUM6.5

Inappropriate implementation in Payments in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-11149
HIGH7.5

Insufficient validation of untrusted input in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 7.5
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-11150
MEDIUM6.1

Inappropriate implementation in XML in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.1
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE-2026-11151
HIGH7.5

Insufficient validation of untrusted input in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 7.5
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-11152
CRITICAL9.6

Object lifecycle issue in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xКРИТИЧЕСКАЯ 9.6
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-11153
CRITICAL9.1

Side-channel information leakage in Forms in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xКРИТИЧЕСКАЯ 9.1
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE-2026-11154
HIGH7.5

Use after free in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 7.5
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-11155
MEDIUM4.3

Inappropriate implementation in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 4.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CVE-2026-11156
MEDIUM4.3

Inappropriate implementation in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 4.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CVE-2026-11157
MEDIUM5.4

Script injection in Accessibility in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts or HTML (UXSS) via a crafted Chrome Extension. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 5.4
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
CVE-2026-11158
HIGH8.6

Insufficient validation of untrusted input in Downloads in Google Chrome on Mac prior to 149.0.7827.53 allowed a local attacker to potentially perform a sandbox escape via a crafted AppleScript command. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.6
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-11160
MEDIUM6.5

Out of bounds read in Input in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-11161
MEDIUM4.3

Inappropriate implementation in DataTransfer in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 4.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CVE-2026-11162
MEDIUM4.3

Inappropriate implementation in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 4.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CVE-2026-11163
CRITICAL9.6

Use after free in Messages in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xКРИТИЧЕСКАЯ 9.6
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-11164
HIGH8.8

Use after free in Blink in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-11165
CRITICAL9.6

Use after free in WebMIDI in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xКРИТИЧЕСКАЯ 9.6
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-11166
MEDIUM6.8

Inappropriate implementation in SVG in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.8
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
CVE-2026-11167
CRITICAL9.6

Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xКРИТИЧЕСКАЯ 9.6
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-11168
MEDIUM6.5

Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-11169
HIGH8.1

Inappropriate implementation in XML in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted XML file. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.1
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
CVE-2026-11170
HIGH8.1

Inappropriate implementation in Chromoting in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to perform OS-level privilege escalation via malicious network traffic. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.1
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2026-11171
HIGH8.8

Integer overflow in Blink in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-11172
HIGH8.8

Incorrect security UI in Contact Picker in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-11173
HIGH8.8

Out of bounds write in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-11174
MEDIUM5.3

Inappropriate implementation in Site Isolation in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 5.3
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-11175
HIGH8.8

Incorrect security UI in Messages in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-11176
MEDIUM6.5

Inappropriate implementation in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-11177
HIGH8.8

Use after free in Omnibox in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-11178
MEDIUM4.3

Insufficient policy enforcement in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 4.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CVE-2026-11179
HIGH8.8

Inappropriate implementation in ORB in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-11180
MEDIUM6.5

Inappropriate implementation in SVG in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-11181
MEDIUM6.3

Inappropriate implementation in Media Session in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
CVE-2026-11182
MEDIUM6.5

Inappropriate implementation in SVG in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-11183
MEDIUM6.5

Out of bounds read in GWP-ASan in Google Chrome prior to 149.0.7827.53 allowed a local attacker to obtain potentially sensitive information from process memory via a malicious file. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-11184
MEDIUM6.3

Insufficient policy enforcement in Actor in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
CVE-2026-11185
HIGH8.1

Use after free in V8 in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code inside a sandbox via a crafted Chrome Extension. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.1
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
CVE-2026-11186
MEDIUM6.1

Inappropriate implementation in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.1
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE-2026-11187
MEDIUM6.3

Inappropriate implementation in Glic in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
CVE-2026-11188
HIGH8.8

Use after free in USB in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-11189
MEDIUM6.5

Insufficient validation of untrusted input in DevTools in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2026-11190
MEDIUM6.5

Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2026-11191
HIGH8.8

Out of bounds memory access in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-11192
MEDIUM4.3

Insufficient validation of untrusted input in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via malicious network traffic. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 4.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE-2026-11193
MEDIUM6.5

Insufficient policy enforcement in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2026-11194
MEDIUM6.5

Inappropriate implementation in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-11195
MEDIUM6.5

Inappropriate implementation in MHTML in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-11196
MEDIUM6.5

Type Confusion in XML in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted XML file. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-11197
MEDIUM6.5

Insufficient policy enforcement in Workers in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2026-11198
CRITICAL9.6

Insufficient validation of untrusted input in Codecs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xКРИТИЧЕСКАЯ 9.6
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-11199
MEDIUM5.9

Inappropriate implementation in WebRTC in Google Chrome prior to 149.0.7827.53 allowed an attacker in a privileged network position to leak cross-origin data via malicious network traffic. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 5.9
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2026-11200
MEDIUM6.5

Inappropriate implementation in WebRTC in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-11201
HIGH8.8

Use after free in ServiceWorker in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-11202
HIGH8.8

Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-11203
MEDIUM6.5

Inappropriate implementation in GPU in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-11204
MEDIUM6.5

Inappropriate implementation in Signin in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2026-11205
MEDIUM6.1

Insufficient validation of untrusted input in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (UXSS) via a crafted QR code. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.1
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE-2026-11206
MEDIUM6.5

Insufficient policy enforcement in ServiceWorker in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-11207
CRITICAL9.6

Insufficient validation of untrusted input in Autofill in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via malicious network traffic. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xКРИТИЧЕСКАЯ 9.6
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-11208
MEDIUM6.5

Use after free in Codecs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-11209
MEDIUM6.5

Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-11210
MEDIUM6.5

Inappropriate implementation in Safe Browsing in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via a crafted RAR file. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2026-11211
HIGH8.8

Integer overflow in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-11212
MEDIUM4.3

Insufficient policy enforcement in DevTools in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 4.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CVE-2026-11213
CRITICAL9.6

Insufficient validation of untrusted input in Reading Mode in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xКРИТИЧЕСКАЯ 9.6
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-11214
MEDIUM6.5

Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-11215
MEDIUM6.5

Inappropriate implementation in Cronet in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2026-11216
MEDIUM4.3

Incorrect security UI in File Input in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 4.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE-2026-11217
MEDIUM6.5

Inappropriate implementation in Fenced Frames in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2026-11218
MEDIUM6.8

Inappropriate implementation in PlatformIntegration in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a malicious file. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.8
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
CVE-2026-11219
MEDIUM4.3

Inappropriate implementation in Navigation in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 4.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE-2026-11220
MEDIUM6.5

Insufficient validation of untrusted input in Navigation in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2026-11221
MEDIUM4.3

Insufficient validation of untrusted input in PointerLock in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 4.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE-2026-11222
MEDIUM6.5

Incorrect security UI in Tab Strip in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2026-11223
MEDIUM6.5

Insufficient validation of untrusted input in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2026-11224
HIGH8.1

Use after free in Chromoting in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.1
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2026-11225
MEDIUM6.5

Inappropriate implementation in WebUI in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2026-11226
MEDIUM6.5

Insufficient policy enforcement in PreviewTab in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2026-11227
MEDIUM6.5

Incorrect security UI in Tab Hover Cards in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2026-11228
MEDIUM4.3

Inappropriate implementation in File Input in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 4.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE-2026-11229
MEDIUM6.1

Inappropriate implementation in Enterprise in Google Chrome prior to 149.0.7827.53 allowed a local attacker to perform privilege escalation via physical access to the device. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.1
CVSS:3.x/CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE-2026-11230
HIGH8.8

Use after free in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-11231
HIGH8.1

Inappropriate implementation in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a malicious file. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.1
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
CVE-2026-11232
MEDIUM5.4

Inappropriate implementation in TabGroups in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via malicious network traffic. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 5.4
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
CVE-2026-11233
MEDIUM4.7

Insufficient policy enforcement in FoldableAPIs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 4.7
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
CVE-2026-11234
MEDIUM4.3

Inappropriate implementation in FoldableAPIs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 4.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CVE-2026-11235
HIGH8.8

Insufficient policy enforcement in Compositing in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-11236
HIGH8.3

Insufficient policy enforcement in Web Bluetooth in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.3
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-11237
HIGH8.3

Insufficient validation of untrusted input in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.3
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-11238
MEDIUM5.9

Inappropriate implementation in DevTools in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 5.9
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2026-11239
HIGH7.5

Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 7.5
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-11240
LOW3.1

Insufficient validation of untrusted input in Loader in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xНИЗКАЯ 3.1
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
CVE-2026-11241
HIGH8.0

Insufficient validation of untrusted input in Cast in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.0
CVSS:3.x/CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-11242
HIGH7.5

Insufficient validation of untrusted input in Plugins in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 7.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2026-11243
MEDIUM5.4

Inappropriate implementation in Downloads in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 5.4
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
CVE-2026-11244
LOW3.1

Insufficient validation of untrusted input in WebAuthentication in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xНИЗКАЯ 3.1
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
CVE-2026-11245
MEDIUM4.3

Inappropriate implementation in Payments in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 4.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE-2026-11246
MEDIUM5.3

Insufficient validation of untrusted input in IndexedDB in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 5.3
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2026-11247
LOW3.1

Insufficient policy enforcement in CustomTabs in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xНИЗКАЯ 3.1
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
CVE-2026-11248
HIGH8.8

Inappropriate implementation in Google Lens in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-11249
MEDIUM4.7

Use after free in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 4.7
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
CVE-2026-11250
CRITICAL9.6

Inappropriate implementation in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xКРИТИЧЕСКАЯ 9.6
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-11251
LOW3.1

Insufficient policy enforcement in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xНИЗКАЯ 3.1
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
CVE-2026-11252
MEDIUM4.3

Insufficient policy enforcement in Content Settings in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 4.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE-2026-11253
MEDIUM4.3

Inappropriate implementation in Permissions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 4.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CVE-2026-11254
MEDIUM4.3

Inappropriate implementation in Permissions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 4.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE-2026-11255
HIGH7.5

Insufficient validation of untrusted input in Storage Access API in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 7.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2026-11256
HIGH8.3

Integer overflow in GPU in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.3
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-11257
MEDIUM4.3

Inappropriate implementation in Browser in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 4.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE-2026-11258
MEDIUM6.5

Inappropriate implementation in File System Access in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2026-11259
MEDIUM4.3

Insufficient validation of untrusted input in Cast in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 4.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE-2026-11260
MEDIUM4.3

Inappropriate implementation in Permissions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 4.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE-2026-11261
MEDIUM4.3

Inappropriate implementation in PDF in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 4.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE-2026-11263
MEDIUM6.5

Insufficient policy enforcement in WebAuthentication in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-11264
MEDIUM4.3

Policy bypass in Content Security Policy in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 4.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE-2026-11265
HIGH7.5

Inappropriate implementation in Autofill in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 7.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2026-11266
MEDIUM4.3

Inappropriate implementation in SafeBrowsing in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass Safe Browsing via a malicious file. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 4.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE-2026-11267
MEDIUM4.3

Insufficient policy enforcement in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 4.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE-2026-11268
MEDIUM6.5

Uninitialized Use in ANGLE in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-11269
HIGH7.1

Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker in a privileged network position to execute arbitrary code inside a sandbox via a crafted Chrome Extension. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 7.1
CVSS:3.x/CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-11270
MEDIUM6.5

Inappropriate implementation in UI in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-11271
MEDIUM6.5

Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-11272
HIGH8.8

Insufficient validation of untrusted input in Reading List in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-11273
MEDIUM6.1

Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.1
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE-2026-11274
MEDIUM4.3

Inappropriate implementation in DOM Distiller in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 4.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE-2026-11275
MEDIUM6.5

Inappropriate implementation in Page Info in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2026-11276
MEDIUM5.1

Inappropriate implementation in Cast in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to bypass discretionary access control via malicious network traffic. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 5.1
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CVE-2026-11277
MEDIUM4.3

Insufficient policy enforcement in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 4.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE-2026-11278
MEDIUM6.5

Inappropriate implementation in CustomTabs in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-11279
HIGH8.8

Out of bounds read in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-11280
MEDIUM4.3

Inappropriate implementation in Signin in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 4.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE-2026-11281
MEDIUM5.0

Integer overflow in Chromoting in Google Chrome on Windows prior to 149.0.7827.53 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted ETW event. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 5.0
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
CVE-2026-11282
CRITICAL9.6

Insufficient policy enforcement in Sandbox in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xКРИТИЧЕСКАЯ 9.6
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-11283
MEDIUM6.5

Insufficient validation of untrusted input in Shortcuts in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a malicious file. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2026-11284
MEDIUM6.5

Side-channel information leakage in PerformanceAPIs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-11285
MEDIUM4.3

Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 4.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE-2026-11286
MEDIUM4.3

Insufficient validation of untrusted input in Wallet in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 4.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE-2026-11287
MEDIUM6.5

Insufficient policy enforcement in Navigation in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2026-11288
MEDIUM6.5

Insufficient policy enforcement in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-11289
MEDIUM6.5

Side-channel information leakage in Paint in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-11290
MEDIUM5.0

Integer overflow in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to cause a denial of service via a malicious file. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 5.0
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
CVE-2026-11291
MEDIUM4.3

Inappropriate implementation in Android Autofill in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 4.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE-2026-11292
MEDIUM4.3

Insufficient policy enforcement in Blink in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 4.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE-2026-11293
CRITICAL9.6

Use after free in Input in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xКРИТИЧЕСКАЯ 9.6
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-11294
MEDIUM4.3

Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 4.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE-2026-11295
HIGH8.8

Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-11296
HIGH7.5

Inappropriate implementation in ImageCapture in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 7.5
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-11297
HIGH7.7

Insufficient validation of untrusted input in Reader Mode in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to bypass navigation restrictions via a malicious file. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 7.7
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
CVE-2026-11298
MEDIUM4.3

Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 4.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE-2026-11299
MEDIUM6.5

Integer overflow in Fonts in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-11300
MEDIUM4.3

Inappropriate implementation in Permissions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 4.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE-2026-11301
HIGH8.8

Inappropriate implementation in LiveCaption in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform out of bounds memory access via malicious network traffic. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-11302
MEDIUM4.3

Insufficient policy enforcement in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 4.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE-2026-11303
HIGH8.8

Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-11304
HIGH8.8

Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-11305
HIGH8.8

Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-11306
HIGH8.8

Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-11307
HIGH8.8

Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-11308
MEDIUM6.3

Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to perform privilege escalation via a crafted Chrome Extension. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
CVE-2026-11309
MEDIUM4.3

Insufficient policy enforcement in History in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Опубликовано: 2026-06-04Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 4.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N