SB2026070150 - Multiple vulnerabilities in Google Chrome



SB2026070150 - Multiple vulnerabilities in Google Chrome

Published: July 1, 2026

Security Bulletin ID SB2026070150
CSH Severity
High
Patch available
YES
Number of vulnerabilities 382
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 29% Medium 42% Low 29%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 382 vulnerabilities.


1) Use-after-free (CVE-ID: CVE-2026-13774)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Extensions component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.


2) Use-after-free (CVE-ID: CVE-2026-13775)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the GPU component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.


3) Type Confusion (CVE-ID: CVE-2026-13776)

CWE-ID: CWE-843 - Type confusion

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error within the Dawn component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


4) Input validation error (CVE-ID: CVE-2026-13777)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input in iOSWeb in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and execute arbitrary code on the system.


5) Use-after-free (CVE-ID: CVE-2026-13778)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the WebUSB component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.


6) Use-after-free (CVE-ID: CVE-2026-13779)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Chromoting component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.


7) Input validation error (CVE-ID: CVE-2026-13780)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input in ANGLE in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and execute arbitrary code on the system.


8) Input validation error (CVE-ID: CVE-2026-13781)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input in Skia in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and execute arbitrary code on the system.


9) Use-after-free (CVE-ID: CVE-2026-13782)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Browser component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.


10) Use-after-free (CVE-ID: CVE-2026-13783)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Views component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.


11) Use-after-free (CVE-ID: CVE-2026-13784)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Views component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.


12) Use-after-free (CVE-ID: CVE-2026-13785)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Bluetooth component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.


13) Use-after-free (CVE-ID: CVE-2026-13786)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Ozone component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.


14) Use-after-free (CVE-ID: CVE-2026-13787)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Chromoting component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.


15) Use-after-free (CVE-ID: CVE-2026-13788)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Fullscreen component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.


16) Use-after-free (CVE-ID: CVE-2026-13789)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the GPU component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.


17) Cryptographic issues (CVE-ID: CVE-2026-13790)

CWE-ID: CWE-310 - Cryptographic Issues

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to side-channel information leak in Scroll. Chrome High. A remote attacker can create a specially crafted web page, trick the victim into opening it and gain access to sensitive information.


18) Input validation error (CVE-ID: CVE-2026-13791)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input in Downloads in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and execute arbitrary code on the system.


19) Use-after-free (CVE-ID: CVE-2026-13792)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Touchbar component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.


20) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2026-13793)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient policy enforcement in SVG in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and compromise the affected system.


21) Input validation error (CVE-ID: CVE-2026-13794)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input in WebAppInstalls in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and execute arbitrary code on the system.


22) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2026-13795)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient policy enforcement in Chrome for iOS in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and compromise the affected system.


23) Integer overflow (CVE-ID: CVE-2026-13796)

CWE-ID: CWE-190 - Integer overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in Chromecast component in Google Chrome. A remote attacker can trick the victim to open a specially crafted web page, trigger an integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


24) Input validation error (CVE-ID: CVE-2026-13797)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input in Chromecast in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and execute arbitrary code on the system.


25) Heap-based buffer overflow (CVE-ID: CVE-2026-13798)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted HTML content in Chromecast. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.


26) Use-after-free (CVE-ID: CVE-2026-13799)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the QUIC component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.


27) Improperly implemented security check for standard (CVE-ID: CVE-2026-13800)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to incorrect implementation in Updater in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.


28) Integer overflow (CVE-ID: CVE-2026-13801)

CWE-ID: CWE-190 - Integer overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in Chromecast component in Google Chrome. A remote attacker can trick the victim to open a specially crafted web page, trigger an integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


29) Use-after-free (CVE-ID: CVE-2026-13802)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Views component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.


30) Type Confusion (CVE-ID: CVE-2026-13803)

CWE-ID: CWE-843 - Type confusion

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error within the Chrome Tabs component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


31) Use-after-free (CVE-ID: CVE-2026-13804)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Chromecast component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.


32) Use-after-free (CVE-ID: CVE-2026-13805)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the GFX component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.


33) Input validation error (CVE-ID: CVE-2026-13806)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input in Accessibility in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and execute arbitrary code on the system.


34) Use-after-free (CVE-ID: CVE-2026-13807)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Import component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.


35) Input validation error (CVE-ID: CVE-2026-13808)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation when processing HTML content in Chrome for iOS. Chrome High. A remote attacker can trick the victim to open a specially crafted web page and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


36) Cryptographic issues (CVE-ID: CVE-2026-13809)

CWE-ID: CWE-310 - Cryptographic Issues

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to side-channel information leak in Safe Browsing. eported by Google on 2026-04-19[TBD][504600482] High CVE-2026-13810: Inappropriate implementation in Input. Chrome High. A remote attacker can create a specially crafted web page, trick the victim into opening it and gain access to sensitive information.


37) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2026-13810)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Input in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted website and gain access to sensitive information. 


38) Use-after-free (CVE-ID: CVE-2026-13811)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the IME component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.


39) Input validation error (CVE-ID: CVE-2026-13812)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input in Chrome for iOS in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and execute arbitrary code on the system.


40) Input validation error (CVE-ID: CVE-2026-13813)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input in Chrome for iOS in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and execute arbitrary code on the system.


41) Use-after-free (CVE-ID: CVE-2026-13814)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Views component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.


42) Use-after-free (CVE-ID: CVE-2026-13815)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Blink component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.


43) Input validation error (CVE-ID: CVE-2026-13816)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input in File Input in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and execute arbitrary code on the system.


44) Input validation error (CVE-ID: CVE-2026-13817)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input in Glic in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and execute arbitrary code on the system.


45) Improperly implemented security check for standard (CVE-ID: CVE-2026-13818)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to incorrect implementation in Passwords in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.


46) Out-of-bounds read (CVE-ID: CVE-2026-13819)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the ANGLE component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger an out-of-bounds read error and gain access to sensitive information.


47) Out-of-bounds read (CVE-ID: CVE-2026-13820)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the Skia component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger an out-of-bounds read error and gain access to sensitive information.


48) Use-after-free (CVE-ID: CVE-2026-13821)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Canvas component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.


49) Improperly implemented security check for standard (CVE-ID: CVE-2026-13822)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to incorrect implementation in Extensions in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.


50) Use-after-free (CVE-ID: CVE-2026-13823)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Glic component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.


51) Input validation error (CVE-ID: CVE-2026-13824)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input in Extensions in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and execute arbitrary code on the system.


52) Use of uninitialized resource (CVE-ID: CVE-2026-13825)

CWE-ID: CWE-908 - Use of Uninitialized Resource

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to usage of uninitialized resources in Dawn in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage, trigger uninitialized usage of resources and compromise the affected system.


53) Improperly implemented security check for standard (CVE-ID: CVE-2026-13826)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to incorrect implementation in Autofill in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.


54) Use-after-free (CVE-ID: CVE-2026-13827)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Updater component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.


55) Improperly implemented security check for standard (CVE-ID: CVE-2026-13828)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to incorrect implementation in Enterprise in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.


56) Input validation error (CVE-ID: CVE-2026-13829)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input in Settings in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and execute arbitrary code on the system.


57) Use-after-free (CVE-ID: CVE-2026-13830)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Chromoting component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.


58) Use-after-free (CVE-ID: CVE-2026-13831)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the GPU component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.


59) Use-after-free (CVE-ID: CVE-2026-13832)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Headless component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.


60) Use of uninitialized resource (CVE-ID: CVE-2026-13833)

CWE-ID: CWE-908 - Use of Uninitialized Resource

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to usage of uninitialized resources in ANGLE in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage, trigger uninitialized usage of resources and compromise the affected system.


61) Input validation error (CVE-ID: CVE-2026-13834)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input in ANGLE in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and execute arbitrary code on the system.


62) Improperly implemented security check for standard (CVE-ID: CVE-2026-13835)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to incorrect implementation in XML in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.


63) Improperly implemented security check for standard (CVE-ID: CVE-2026-13836)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to incorrect implementation in CSS in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.


64) Improperly implemented security check for standard (CVE-ID: CVE-2026-13837)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to incorrect implementation in CSS in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.


65) Improperly implemented security check for standard (CVE-ID: CVE-2026-13838)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to incorrect implementation in CSS in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.


66) Improperly implemented security check for standard (CVE-ID: CVE-2026-13839)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to incorrect implementation in CSS in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.


67) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2026-13840)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient policy enforcement in Canvas in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and compromise the affected system.


68) Integer overflow (CVE-ID: CVE-2026-13841)

CWE-ID: CWE-190 - Integer overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in Skia component in Google Chrome. A remote attacker can trick the victim to open a specially crafted web page, trigger an integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


69) Spoofing attack (CVE-ID: CVE-2026-13842)

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to perform a spoofing attack.

The vulnerability exists due to insufficient validation of user-supplied input in Chrome for iOS in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and spoof web page content.


70) Input validation error (CVE-ID: CVE-2026-13843)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input in Chrome for iOS in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and execute arbitrary code on the system.


71) Use-after-free (CVE-ID: CVE-2026-13844)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Updater component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.


72) Use-after-free (CVE-ID: CVE-2026-13845)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the DOM component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.


73) Use-after-free (CVE-ID: CVE-2026-13846)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the USB component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.


74) Input validation error (CVE-ID: CVE-2026-13847)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input in Chrome for iOS in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and execute arbitrary code on the system.


75) Use-after-free (CVE-ID: CVE-2026-13848)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Forms component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.


76) Input validation error (CVE-ID: CVE-2026-13849)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input in Chromoting in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and execute arbitrary code on the system.


77) Input validation error (CVE-ID: CVE-2026-13850)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input in Chrome for iOS in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and execute arbitrary code on the system.


78) Input validation error (CVE-ID: CVE-2026-13851)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input in WebAppInstalls in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and execute arbitrary code on the system.


79) Input validation error (CVE-ID: CVE-2026-13852)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input in WebAppInstalls in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and execute arbitrary code on the system.


80) Use-after-free (CVE-ID: CVE-2026-13853)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Journeys component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.


81) Use-after-free (CVE-ID: CVE-2026-13854)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Ozone component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.


82) Use-after-free (CVE-ID: CVE-2026-13855)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Ozone component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.


83) Input validation error (CVE-ID: CVE-2026-13856)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input in Speech in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


84) Improperly implemented security check for standard (CVE-ID: CVE-2026-13857)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Geometry in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


85) Out-of-bounds read (CVE-ID: CVE-2026-13858)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the FFmpeg component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger an out-of-bounds read error and gain access to sensitive information.


86) Improperly implemented security check for standard (CVE-ID: CVE-2026-13859)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in ANGLE in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


87) Spoofing attack (CVE-ID: CVE-2026-13860)

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a spoofing attack.

The vulnerability exists due to insufficient validation of user-supplied input in Autofill in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and spoof web page content.


88) Use-after-free (CVE-ID: CVE-2026-13861)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within Core in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.


89) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2026-13862)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient policy enforcement in Web Authentication (Passkeys & Security Keys) in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.


90) Input validation error (CVE-ID: CVE-2026-13863)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input in CustomTabs in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


91) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2026-13864)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient policy enforcement in WebHID in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.


92) Input validation error (CVE-ID: CVE-2026-13865)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input in Enterprise in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


93) Input validation error (CVE-ID: CVE-2026-13866)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input in Input in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


94) Improperly implemented security check for standard (CVE-ID: CVE-2026-13867)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Geolocation in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


95) Improperly implemented security check for standard (CVE-ID: CVE-2026-13868)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Network in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


96) Use-after-free (CVE-ID: CVE-2026-13869)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within Device in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.


97) Use-after-free (CVE-ID: CVE-2026-13870)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within WebView in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.


98) Input validation error (CVE-ID: CVE-2026-13871)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input in GuestView in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


99) Input validation error (CVE-ID: CVE-2026-13872)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input in WebAppInstalls in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


100) Out-of-bounds read (CVE-ID: CVE-2026-13873)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to gain access to crash the browser.

The vulnerability exists due to a boundary condition within the Layout component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger an out-of-bounds read error and crash the browser.


101) Improperly implemented security check for standard (CVE-ID: CVE-2026-13874)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in DataTransfer in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


102) Input validation error (CVE-ID: CVE-2026-13875)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input in GPU in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


103) Improperly implemented security check for standard (CVE-ID: CVE-2026-13876)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Network in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


104) Input validation error (CVE-ID: CVE-2026-13877)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input in ANGLE in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


105) Use-after-free (CVE-ID: CVE-2026-13878)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within Bluetooth in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.


106) Use-after-free (CVE-ID: CVE-2026-13879)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within Bluetooth in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.


107) Use-after-free (CVE-ID: CVE-2026-13880)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within USB in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.


108) Input validation error (CVE-ID: CVE-2026-13881)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input in WebAppInstalls in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


109) Improperly implemented security check for standard (CVE-ID: CVE-2026-13882)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in USB in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


110) Type Confusion (CVE-ID: CVE-2026-13883)

CWE-ID: CWE-843 - Type confusion

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a type confusion error within the ANGLE component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a type confusion error and gain access to sensitive information.


111) Heap-based buffer overflow (CVE-ID: CVE-2026-13884)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted HTML content in Chromecast. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.


112) Use-after-free (CVE-ID: CVE-2026-13885)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within Skia in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.


113) Improper access control (CVE-ID: CVE-2026-13886)

CWE-ID: CWE-284 - Improper Access Control

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to improper access restrictions in Isolated Web Apps. A remote attacker can create a specially crafted web page, trick the victim into visiting it, bypass implemented security restrictions and gain unauthorized access to sensitive information.


114) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2026-13887)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient policy enforcement in NFC in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.


115) Use-after-free (CVE-ID: CVE-2026-13888)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within Extensions in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.


116) Input validation error (CVE-ID: CVE-2026-13889)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input in WebAuthentication in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


117) Out-of-bounds read (CVE-ID: CVE-2026-13890)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the Chromecast component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger an out-of-bounds read error and gain access to sensitive information.


118) Input validation error (CVE-ID: CVE-2026-13891)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input in Extensions in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


119) Improperly implemented security check for standard (CVE-ID: CVE-2026-13892)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Chrome for iOS in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


120) Input validation error (CVE-ID: CVE-2026-13893)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input in WebUI in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


121) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2026-13894)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient policy enforcement in Network in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.


122) Improperly implemented security check for standard (CVE-ID: CVE-2026-13895)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Autofill in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


123) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2026-13896)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient policy enforcement in Glic in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.


124) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2026-13897)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient policy enforcement in Chromecast in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.


125) Use-after-free (CVE-ID: CVE-2026-13898)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within Cast Receiver in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.


126) Use-after-free (CVE-ID: CVE-2026-13899)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within HTML in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.


127) Input validation error (CVE-ID: CVE-2026-13900)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input in Chromecast in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


128) Input validation error (CVE-ID: CVE-2026-13901)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input in Serial in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


129) Improperly implemented security check for standard (CVE-ID: CVE-2026-13902)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Chrome for iOS in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


130) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2026-13903)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient policy enforcement in Bluetooth in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.


131) Spoofing attack (CVE-ID: CVE-2026-13904)

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a spoofing attack.

The vulnerability exists due to insufficient validation of user-supplied input in Safe Browsing in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and spoof web page content.


132) Spoofing attack (CVE-ID: CVE-2026-13905)

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a spoofing attack.

The vulnerability exists due to insufficient validation of user-supplied input in Chrome for iOS in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and spoof web page content.


133) Out-of-bounds read (CVE-ID: CVE-2026-13906)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the Codecs component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger an out-of-bounds read error and gain access to sensitive information.


134) Improperly implemented security check for standard (CVE-ID: CVE-2026-13907)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in iOSWeb in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


135) Input validation error (CVE-ID: CVE-2026-13908)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input in Omnibox in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


136) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2026-13909)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient policy enforcement in DevTools in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.


137) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2026-13910)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient policy enforcement in WebXR in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.


138) Input validation error (CVE-ID: CVE-2026-13911)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input in Spellcheck in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


139) Spoofing attack (CVE-ID: CVE-2026-13912)

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a spoofing attack.

The vulnerability exists due to insufficient validation of user-supplied input in Safe Browsing in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and spoof web page content.


140) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2026-13913)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient policy enforcement in Autofill in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.


141) Improperly implemented security check for standard (CVE-ID: CVE-2026-13914)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Passwords in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


142) Use-after-free (CVE-ID: CVE-2026-13915)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within Chrome for iOS in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.


143) Improperly implemented security check for standard (CVE-ID: CVE-2026-13916)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Chrome for iOS in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


144) Input validation error (CVE-ID: CVE-2026-13917)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input in Chrome for iOS in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


145) Use-after-free (CVE-ID: CVE-2026-13918)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within Chrome for iOS in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.


146) Input validation error (CVE-ID: CVE-2026-13919)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input in Extensions in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


147) Input validation error (CVE-ID: CVE-2026-13920)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input in Media in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


148) Input validation error (CVE-ID: CVE-2026-13921)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input in DeviceBoundSessionCredentials in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


149) Cryptographic issues (CVE-ID: CVE-2026-13922)

CWE-ID: CWE-310 - Cryptographic Issues

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to side-channel information leak in Paint. Chrome Medium. A remote attacker can create a specially crafted web page, trick the victim into opening it and gain access to sensitive information.


150) Use of uninitialized resource (CVE-ID: CVE-2026-13923)

CWE-ID: CWE-908 - Use of Uninitialized Resource

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to usage of uninitialized resources in GPU in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage, trigger uninitialized usage of resources and bypass implemented security mechanisms.


151) Input validation error (CVE-ID: CVE-2026-13924)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input in WebView in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


152) Improperly implemented security check for standard (CVE-ID: CVE-2026-13925)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Downloads in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


153) Input validation error (CVE-ID: CVE-2026-13926)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input in Network in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


154) Input validation error (CVE-ID: CVE-2026-13927)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input in UI in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


155) Input validation error (CVE-ID: CVE-2026-13928)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input in Enterprise in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


156) Input validation error (CVE-ID: CVE-2026-13929)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input in DevTools in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


157) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2026-13930)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient policy enforcement in Actor in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.


158) Improperly implemented security check for standard (CVE-ID: CVE-2026-13931)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Media in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


159) Improperly implemented security check for standard (CVE-ID: CVE-2026-13932)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Sharing in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


160) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2026-13933)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient policy enforcement in Passwords in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.


161) Input validation error (CVE-ID: CVE-2026-13934)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input in Dawn in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


162) Cryptographic issues (CVE-ID: CVE-2026-13935)

CWE-ID: CWE-310 - Cryptographic Issues

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to side-channel information leak in ComputePressure. Chrome Medium. A remote attacker can create a specially crafted web page, trick the victim into opening it and gain access to sensitive information.


163) Improperly implemented security check for standard (CVE-ID: CVE-2026-13936)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Passwords in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


164) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2026-13937)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient policy enforcement in Passwords in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.


165) Integer overflow (CVE-ID: CVE-2026-13938)

CWE-ID: CWE-190 - Integer overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to crash the browser.

The vulnerability exists due to a integer overflow in Fonts in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage and crash the browser.


166) Input validation error (CVE-ID: CVE-2026-13939)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input in WebShare in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


167) Use of uninitialized resource (CVE-ID: CVE-2026-13940)

CWE-ID: CWE-908 - Use of Uninitialized Resource

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to usage of uninitialized resources in Cast in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage, trigger uninitialized usage of resources and bypass implemented security mechanisms.


168) Improperly implemented security check for standard (CVE-ID: CVE-2026-13941)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in SiteSettings in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


169) Input validation error (CVE-ID: CVE-2026-13942)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input in Video Capture in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


170) Use of uninitialized resource (CVE-ID: CVE-2026-13943)

CWE-ID: CWE-908 - Use of Uninitialized Resource

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to usage of uninitialized resources in CSS in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage, trigger uninitialized usage of resources and bypass implemented security mechanisms.


171) Improperly implemented security check for standard (CVE-ID: CVE-2026-13944)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in DataTransfer in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


172) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2026-13945)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient policy enforcement in Extensions in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.


173) Improperly implemented security check for standard (CVE-ID: CVE-2026-13946)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in ScriptInjections in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


174) Use of uninitialized resource (CVE-ID: CVE-2026-13947)

CWE-ID: CWE-908 - Use of Uninitialized Resource

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to usage of uninitialized resources in XR in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage, trigger uninitialized usage of resources and bypass implemented security mechanisms.


175) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2026-13948)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient policy enforcement in Extensions in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.


176) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2026-13949)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient policy enforcement in Payments in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.


177) Use of uninitialized resource (CVE-ID: CVE-2026-13950)

CWE-ID: CWE-908 - Use of Uninitialized Resource

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to usage of uninitialized resources in GPU in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage, trigger uninitialized usage of resources and bypass implemented security mechanisms.


178) Improper access control (CVE-ID: CVE-2026-13951)

CWE-ID: CWE-284 - Improper Access Control

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to improper access restrictions in USB. A remote attacker can create a specially crafted web page, trick the victim into visiting it, bypass implemented security restrictions and gain unauthorized access to sensitive information.


179) Improperly implemented security check for standard (CVE-ID: CVE-2026-13952)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in PerformanceAPIs in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


180) Improperly implemented security check for standard (CVE-ID: CVE-2026-13953)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in SplitView in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


181) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2026-13954)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient policy enforcement in XML in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.


182) Input validation error (CVE-ID: CVE-2026-13955)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input in CustomTabs in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


183) Spoofing attack (CVE-ID: CVE-2026-13956)

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a spoofing attack.

The vulnerability exists due to insufficient validation of user-supplied input in PageInfo in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and spoof web page content.


184) Spoofing attack (CVE-ID: CVE-2026-13957)

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a spoofing attack.

The vulnerability exists due to insufficient validation of user-supplied input in Extensions in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and spoof web page content.


185) Use of uninitialized resource (CVE-ID: CVE-2026-13958)

CWE-ID: CWE-908 - Use of Uninitialized Resource

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to usage of uninitialized resources in Codecs in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage, trigger uninitialized usage of resources and bypass implemented security mechanisms.


186) Input validation error (CVE-ID: CVE-2026-13959)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input in Blink in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


187) Improperly implemented security check for standard (CVE-ID: CVE-2026-13960)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Passwords in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


188) Input validation error (CVE-ID: CVE-2026-13961)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input in DevTools in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


189) Input validation error (CVE-ID: CVE-2026-13962)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input in PDF in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


190) Improperly implemented security check for standard (CVE-ID: CVE-2026-13963)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in DevTools in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


191) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2026-13964)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient policy enforcement in WebView in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.


192) Use-after-free (CVE-ID: CVE-2026-13965)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within Oilpan in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.


193) Improperly implemented security check for standard (CVE-ID: CVE-2026-13966)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in History in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


194) Type Confusion (CVE-ID: CVE-2026-13967)

CWE-ID: CWE-843 - Type confusion

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a type confusion error and gain access to sensitive information.


195) Input validation error (CVE-ID: CVE-2026-13968)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input in DevTools in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


196) Use of uninitialized resource (CVE-ID: CVE-2026-13969)

CWE-ID: CWE-908 - Use of Uninitialized Resource

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to usage of uninitialized resources in UI in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage, trigger uninitialized usage of resources and bypass implemented security mechanisms.


197) Use of uninitialized resource (CVE-ID: CVE-2026-13970)

CWE-ID: CWE-908 - Use of Uninitialized Resource

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to usage of uninitialized resources in Media in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage, trigger uninitialized usage of resources and bypass implemented security mechanisms.


198) Use of uninitialized resource (CVE-ID: CVE-2026-13971)

CWE-ID: CWE-908 - Use of Uninitialized Resource

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to usage of uninitialized resources in Skia in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage, trigger uninitialized usage of resources and bypass implemented security mechanisms.


199) Improperly implemented security check for standard (CVE-ID: CVE-2026-13972)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Paint in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


200) Improperly implemented security check for standard (CVE-ID: CVE-2026-13973)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in UI in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


201) Integer overflow (CVE-ID: CVE-2026-13974)

CWE-ID: CWE-190 - Integer overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to crash the browser.

The vulnerability exists due to a integer overflow in Safe Browsing in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage and crash the browser.


202) Out-of-bounds read (CVE-ID: CVE-2026-13975)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the ANGLE component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger an out-of-bounds read error and gain access to sensitive information.


203) Heap-based buffer overflow (CVE-ID: CVE-2026-13976)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted HTML content in Storage. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.


204) Improperly implemented security check for standard (CVE-ID: CVE-2026-13977)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in HTMLParser in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


205) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2026-13978)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient policy enforcement in PageInfo in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.


206) Improperly implemented security check for standard (CVE-ID: CVE-2026-13979)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Paint in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


207) Spoofing attack (CVE-ID: CVE-2026-13980)

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a spoofing attack.

The vulnerability exists due to insufficient validation of user-supplied input in Chrome for iOS in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and spoof web page content.


208) Improperly implemented security check for standard (CVE-ID: CVE-2026-13981)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Chrome for iOS in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


209) Spoofing attack (CVE-ID: CVE-2026-13982)

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a spoofing attack.

The vulnerability exists due to insufficient validation of user-supplied input in Passwords in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and spoof web page content.


210) Spoofing attack (CVE-ID: CVE-2026-13983)

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a spoofing attack.

The vulnerability exists due to insufficient validation of user-supplied input in Chrome for iOS in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and spoof web page content.


211) Spoofing attack (CVE-ID: CVE-2026-13984)

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a spoofing attack.

The vulnerability exists due to insufficient validation of user-supplied input in TabStrip in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and spoof web page content.


212) Improperly implemented security check for standard (CVE-ID: CVE-2026-13985)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in MediaCapture in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


213) Improperly implemented security check for standard (CVE-ID: CVE-2026-13986)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Media UI in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


214) Spoofing attack (CVE-ID: CVE-2026-13987)

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a spoofing attack.

The vulnerability exists due to insufficient validation of user-supplied input in Mobile in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and spoof web page content.


215) Improperly implemented security check for standard (CVE-ID: CVE-2026-13988)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Paint in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


216) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2026-13989)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient policy enforcement in PageInfo in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.


217) Input validation error (CVE-ID: CVE-2026-13990)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input in DataTransfer in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


218) Input validation error (CVE-ID: CVE-2026-13991)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input in Chrome for iOS in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


219) Improperly implemented security check for standard (CVE-ID: CVE-2026-13992)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in UI in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


220) Spoofing attack (CVE-ID: CVE-2026-13993)

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a spoofing attack.

The vulnerability exists due to insufficient validation of user-supplied input in WebAppInstalls in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and spoof web page content.


221) Improperly implemented security check for standard (CVE-ID: CVE-2026-13994)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Credential Management in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


222) Input validation error (CVE-ID: CVE-2026-13995)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input in Autofill in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


223) Spoofing attack (CVE-ID: CVE-2026-13996)

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a spoofing attack.

The vulnerability exists due to insufficient validation of user-supplied input in Permissions in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and spoof web page content.


224) Spoofing attack (CVE-ID: CVE-2026-13997)

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a spoofing attack.

The vulnerability exists due to insufficient validation of user-supplied input in Extensions in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and spoof web page content.


225) Spoofing attack (CVE-ID: CVE-2026-13998)

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a spoofing attack.

The vulnerability exists due to insufficient validation of user-supplied input in File Input in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and spoof web page content.


226) Improperly implemented security check for standard (CVE-ID: CVE-2026-13999)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Extensions in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


227) Improperly implemented security check for standard (CVE-ID: CVE-2026-14000)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in XML in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


228) Improperly implemented security check for standard (CVE-ID: CVE-2026-14001)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Network in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


229) Improperly implemented security check for standard (CVE-ID: CVE-2026-14002)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Geolocation in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


230) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2026-14003)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient policy enforcement in Extensions in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.


231) Improperly implemented security check for standard (CVE-ID: CVE-2026-14004)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in CSS in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


232) Use-after-free (CVE-ID: CVE-2026-14005)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within Omnibox in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.


233) Use-after-free (CVE-ID: CVE-2026-14006)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within Navigation in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.


234) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2026-14007)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient policy enforcement in PermissionsPolicy in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.


235) Use of uninitialized resource (CVE-ID: CVE-2026-14008)

CWE-ID: CWE-908 - Use of Uninitialized Resource

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to usage of uninitialized resources in WebXR in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage, trigger uninitialized usage of resources and bypass implemented security mechanisms.


236) Input validation error (CVE-ID: CVE-2026-14009)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input in Passwords in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


237) Use of uninitialized resource (CVE-ID: CVE-2026-14010)

CWE-ID: CWE-908 - Use of Uninitialized Resource

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to usage of uninitialized resources in Codecs in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage, trigger uninitialized usage of resources and bypass implemented security mechanisms.


238) Out-of-bounds read (CVE-ID: CVE-2026-14011)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the SurfaceCapture component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger an out-of-bounds read error and gain access to sensitive information.


239) Cryptographic issues (CVE-ID: CVE-2026-14012)

CWE-ID: CWE-310 - Cryptographic Issues

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to side-channel information leak in CSS. Chrome Medium. A remote attacker can create a specially crafted web page, trick the victim into opening it and gain access to sensitive information.


240) Improperly implemented security check for standard (CVE-ID: CVE-2026-14013)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in SVG in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


241) Improperly implemented security check for standard (CVE-ID: CVE-2026-14014)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Paint in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


242) Improperly implemented security check for standard (CVE-ID: CVE-2026-14015)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in WebRTC in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


243) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2026-14016)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient policy enforcement in SVG in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.


244) Improperly implemented security check for standard (CVE-ID: CVE-2026-14017)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Navigation in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


245) Use-after-free (CVE-ID: CVE-2026-14018)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within Updater in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.


246) Improperly implemented security check for standard (CVE-ID: CVE-2026-14019)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Passwords in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


247) Input validation error (CVE-ID: CVE-2026-14020)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input in WebXR in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


248) Input validation error (CVE-ID: CVE-2026-14021)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input in StorageAccessAPI in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


249) Input validation error (CVE-ID: CVE-2026-14022)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input in Network in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


250) Input validation error (CVE-ID: CVE-2026-14023)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input in SanitizerAPI in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


251) Use-after-free (CVE-ID: CVE-2026-14024)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within Ozone in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.


252) Use-after-free (CVE-ID: CVE-2026-14025)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to use-after-free error in Views in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and crash the browser.


253) Spoofing attack (CVE-ID: CVE-2026-14026)

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a spoofing attack.

The vulnerability exists due to insufficient validation of user-supplied input in SplitView in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and spoof web page content.


254) Use-after-free (CVE-ID: CVE-2026-14027)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to use-after-free error in SignIn in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and crash the browser.


255) Spoofing attack (CVE-ID: CVE-2026-14028)

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a spoofing attack.

The vulnerability exists due to insufficient validation of user-supplied input in Chrome for iOS in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and spoof web page content.


256) Spoofing attack (CVE-ID: CVE-2026-14030)

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a spoofing attack.

The vulnerability exists due to insufficient validation of user-supplied input in SplitView in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and spoof web page content.


257) Spoofing attack (CVE-ID: CVE-2026-14031)

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a spoofing attack.

The vulnerability exists due to insufficient validation of user-supplied input in File Input in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and spoof web page content.


258) Use-after-free (CVE-ID: CVE-2026-14032)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to use-after-free error in Bluetooth in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and crash the browser.


259) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2026-14033)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient policy enforcement in Media in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.


260) Improperly implemented security check for standard (CVE-ID: CVE-2026-14034)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in WebXR in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


261) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2026-14035)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient policy enforcement in Bluetooth in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.


262) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2026-14036)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient policy enforcement in Bluetooth in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.


263) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2026-14037)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient policy enforcement in GPU in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.


264) Input validation error (CVE-ID: CVE-2026-14038)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to gain access to crash the browser.

The vulnerability exists due to a improper input validation in New Tab Page in Google Chrome. A remote attacker can trick the victim to perform certain actions in browser and crash it.


265) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2026-14039)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient policy enforcement in GetUserMedia in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.


266) Use-after-free (CVE-ID: CVE-2026-14040)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to use-after-free error in BrowserTag in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and crash the browser.


267) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2026-14041)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient policy enforcement in Serial in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.


268) Improperly implemented security check for standard (CVE-ID: CVE-2026-14042)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Isolated Web Apps in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


269) Use-after-free (CVE-ID: CVE-2026-14043)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to use-after-free error in GetUserMedia in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and crash the browser.


270) Use-after-free (CVE-ID: CVE-2026-14044)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to use-after-free error in ANGLE in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and crash the browser.


271) Input validation error (CVE-ID: CVE-2026-14045)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to gain access to crash the browser.

The vulnerability exists due to a improper input validation in Network in Google Chrome. A remote attacker can trick the victim to perform certain actions in browser and crash it.


272) Improperly implemented security check for standard (CVE-ID: CVE-2026-14046)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in CustomTabs in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


273) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2026-14047)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient policy enforcement in Extensions in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.


274) Use-after-free (CVE-ID: CVE-2026-14048)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to use-after-free error in Chromecast in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and crash the browser.


275) Improperly implemented security check for standard (CVE-ID: CVE-2026-14049)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in GPU in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


276) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2026-14050)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient policy enforcement in Passwords in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.


277) Use of uninitialized resource (CVE-ID: CVE-2026-14051)

CWE-ID: CWE-908 - Use of Uninitialized Resource

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to usage of uninitialized resources in GamepadAPI in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and crash the browser.


278) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2026-14052)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient policy enforcement in FileSystem in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.


279) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2026-14053)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient policy enforcement in Extensions in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.


280) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2026-14054)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient policy enforcement in Network in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.


281) Input validation error (CVE-ID: CVE-2026-14055)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to gain access to crash the browser.

The vulnerability exists due to a improper input validation in Device Trust in Google Chrome. A remote attacker can trick the victim to perform certain actions in browser and crash it.


282) Input validation error (CVE-ID: CVE-2026-14056)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to gain access to crash the browser.

The vulnerability exists due to a improper input validation in Media in Google Chrome. A remote attacker can trick the victim to perform certain actions in browser and crash it.


283) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2026-14057)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient policy enforcement in FedCM in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.


284) Protection mechanism failure (CVE-ID: CVE-2026-14058)

CWE-ID: CWE-693 - Protection Mechanism Failure

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to improperly imposed security restrictions in Parser. A remote attacker can trick the victim to visit a specially crafted webpage and bypass implemented policy.


285) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2026-14059)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient policy enforcement in Related-Website-Sets in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.


286) Input validation error (CVE-ID: CVE-2026-14060)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to gain access to crash the browser.

The vulnerability exists due to a improper input validation in Chromoting in Google Chrome. A remote attacker can trick the victim to perform certain actions in browser and crash it.


287) Improperly implemented security check for standard (CVE-ID: CVE-2026-14061)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Dawn in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


288) Improperly implemented security check for standard (CVE-ID: CVE-2026-14062)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Views in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


289) Out-of-bounds read (CVE-ID: CVE-2026-14063)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to gain access to crash the browser.

The vulnerability exists due to a boundary condition within the Chromecast component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger an out-of-bounds read error and crash the browser.


290) Use-after-free (CVE-ID: CVE-2026-14064)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to use-after-free error in PageInfo in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and crash the browser.


291) Input validation error (CVE-ID: CVE-2026-14065)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to gain access to crash the browser.

The vulnerability exists due to a improper input validation in PageInfo in Google Chrome. A remote attacker can trick the victim to perform certain actions in browser and crash it.


292) Input validation error (CVE-ID: CVE-2026-14066)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to gain access to crash the browser.

The vulnerability exists due to a improper input validation in Chrome for iOS in Google Chrome. A remote attacker can trick the victim to perform certain actions in browser and crash it.


293) Use-after-free (CVE-ID: CVE-2026-14067)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to use-after-free error in Chrome for iOS in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and crash the browser.


294) Improperly implemented security check for standard (CVE-ID: CVE-2026-14068)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Omnibox in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


295) Integer overflow (CVE-ID: CVE-2026-14069)

CWE-ID: CWE-190 - Integer overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to gain access to crash the browser.

The vulnerability exists due to a integer overflow in WebNN in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage and crash the browser.


296) Use of uninitialized resource (CVE-ID: CVE-2026-14070)

CWE-ID: CWE-908 - Use of Uninitialized Resource

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to usage of uninitialized resources in WebNN in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and crash the browser.


297) Cryptographic issues (CVE-ID: CVE-2026-14071)

CWE-ID: CWE-310 - Cryptographic Issues

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to side-channel information leak in WebAudio. Chrome Low. A remote attacker can create a specially crafted web page, trick the victim into opening it and gain access to sensitive information.


298) Spoofing attack (CVE-ID: CVE-2026-14072)

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a spoofing attack.

The vulnerability exists due to insufficient validation of user-supplied input in SplitView in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and spoof web page content.


299) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2026-14073)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient policy enforcement in WebXR in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.


300) Cryptographic issues (CVE-ID: CVE-2026-14074)

CWE-ID: CWE-310 - Cryptographic Issues

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to side-channel information leak in WebAuthentication. Chrome Low. A remote attacker can create a specially crafted web page, trick the victim into opening it and gain access to sensitive information.


301) Protection mechanism failure (CVE-ID: CVE-2026-14075)

CWE-ID: CWE-693 - Protection Mechanism Failure

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to improperly imposed security restrictions in Chrome for iOS. A remote attacker can trick the victim to visit a specially crafted webpage and bypass implemented policy.


302) Protection mechanism failure (CVE-ID: CVE-2026-14076)

CWE-ID: CWE-693 - Protection Mechanism Failure

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to improperly imposed security restrictions in Network. A remote attacker can trick the victim to visit a specially crafted webpage and bypass implemented policy.


303) Spoofing attack (CVE-ID: CVE-2026-14077)

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a spoofing attack.

The vulnerability exists due to insufficient validation of user-supplied input in Select in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and spoof web page content.


304) Protection mechanism failure (CVE-ID: CVE-2026-14078)

CWE-ID: CWE-693 - Protection Mechanism Failure

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to improperly imposed security restrictions in WebRTC. A remote attacker can trick the victim to visit a specially crafted webpage and bypass implemented policy.


305) Protection mechanism failure (CVE-ID: CVE-2026-14079)

CWE-ID: CWE-693 - Protection Mechanism Failure

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to improperly imposed security restrictions in Network. A remote attacker can trick the victim to visit a specially crafted webpage and bypass implemented policy.


306) Input validation error (CVE-ID: CVE-2026-14080)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to gain access to crash the browser.

The vulnerability exists due to a improper input validation in TabSwitcher in Google Chrome. A remote attacker can trick the victim to perform certain actions in browser and crash it.


307) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2026-14081)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient policy enforcement in DevTools in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.


308) Race condition (CVE-ID: CVE-2026-14082)

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to improper input validation in Storage in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage and bypass implemented security restrictions.


309) Input validation error (CVE-ID: CVE-2026-14083)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to gain access to crash the browser.

The vulnerability exists due to a improper input validation in HTML in Google Chrome. A remote attacker can trick the victim to perform certain actions in browser and crash it.


310) Input validation error (CVE-ID: CVE-2026-14084)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to gain access to crash the browser.

The vulnerability exists due to a improper input validation in Chromoting in Google Chrome. A remote attacker can trick the victim to perform certain actions in browser and crash it.


311) Cryptographic issues (CVE-ID: CVE-2026-14085)

CWE-ID: CWE-310 - Cryptographic Issues

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to side-channel information leak in CSS. Chrome Low. A remote attacker can create a specially crafted web page, trick the victim into opening it and gain access to sensitive information.


312) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2026-14086)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient policy enforcement in HID in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.


313) Input validation error (CVE-ID: CVE-2026-14087)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to gain access to crash the browser.

The vulnerability exists due to a improper input validation in WebNN in Google Chrome. A remote attacker can trick the victim to perform certain actions in browser and crash it.


314) Use of uninitialized resource (CVE-ID: CVE-2026-14088)

CWE-ID: CWE-908 - Use of Uninitialized Resource

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to usage of uninitialized resources in Canvas in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and crash the browser.


315) Input validation error (CVE-ID: CVE-2026-14089)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to gain access to crash the browser.

The vulnerability exists due to a improper input validation in PopupBlocker in Google Chrome. A remote attacker can trick the victim to perform certain actions in browser and crash it.


316) Out-of-bounds read (CVE-ID: CVE-2026-14090)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to crash the browser.

The vulnerability exists due to a boundary condition within the CameraCapture component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger an out-of-bounds read error and crash the browser.


317) Use-after-free (CVE-ID: CVE-2026-14091)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to use-after-free error in DevTools in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and crash the browser.


318) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2026-14092)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient policy enforcement in Privacy in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.


319) Use-after-free (CVE-ID: CVE-2026-14093)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to use-after-free error in Cast in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and crash the browser.


320) Use-after-free (CVE-ID: CVE-2026-14094)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to use-after-free error in Installer in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and crash the browser.


321) Input validation error (CVE-ID: CVE-2026-14095)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to gain access to crash the browser.

The vulnerability exists due to a improper input validation in Browser in Google Chrome. A remote attacker can trick the victim to perform certain actions in browser and crash it.


322) Improper control of a resource through its lifetime (CVE-ID: CVE-2026-14096)

CWE-ID: CWE-664 - Improper control of a resource through its lifetime

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to an object lifecycle issue in Input in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage and crash the browser.


323) Improperly implemented security check for standard (CVE-ID: CVE-2026-14097)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in WebAppInstalls in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


324) Improperly implemented security check for standard (CVE-ID: CVE-2026-14098)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in CSS in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


325) Use-after-free (CVE-ID: CVE-2026-14099)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to use-after-free error in Chrome for iOS in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and crash the browser.


326) Input validation error (CVE-ID: CVE-2026-14100)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input in NetworkCache in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


327) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2026-14101)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient policy enforcement in Sandbox in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.


328) Use-after-free (CVE-ID: CVE-2026-14102)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to use-after-free error in Passwords in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and crash the browser.


329) Use-after-free (CVE-ID: CVE-2026-14103)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to use-after-free error in SSL in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and crash the browser.


330) Input validation error (CVE-ID: CVE-2026-14104)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to gain access to crash the browser.

The vulnerability exists due to a improper input validation in WebAppInstalls in Google Chrome. A remote attacker can trick the victim to perform certain actions in browser and crash it.


331) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2026-14105)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient policy enforcement in Speech in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.


332) Input validation error (CVE-ID: CVE-2026-14106)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to gain access to crash the browser.

The vulnerability exists due to a improper input validation in Text in Google Chrome. A remote attacker can trick the victim to perform certain actions in browser and crash it.


333) Use-after-free (CVE-ID: CVE-2026-14107)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to use-after-free error in Scheduling in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and crash the browser.


334) Use-after-free (CVE-ID: CVE-2026-14108)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to use-after-free error in PDFium in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and crash the browser.


335) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2026-14109)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient policy enforcement in Mojo in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.


336) Improperly implemented security check for standard (CVE-ID: CVE-2026-14110)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in DarkMode in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


337) Use-after-free (CVE-ID: CVE-2026-14111)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to use-after-free error in WebProtect in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and crash the browser.


338) Improperly implemented security check for standard (CVE-ID: CVE-2026-14112)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Enterprise in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


339) Use-after-free (CVE-ID: CVE-2026-14113)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to use-after-free error in Updater in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and crash the browser.


340) Improperly implemented security check for standard (CVE-ID: CVE-2026-14114)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in WebAppInstalls in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


341) Input validation error (CVE-ID: CVE-2026-14115)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to gain access to crash the browser.

The vulnerability exists due to a improper input validation in Cast in Google Chrome. A remote attacker can trick the victim to perform certain actions in browser and crash it.


342) Input validation error (CVE-ID: CVE-2026-14116)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to gain access to crash the browser.

The vulnerability exists due to a improper input validation in DevTools in Google Chrome. A remote attacker can trick the victim to perform certain actions in browser and crash it.


343) Input validation error (CVE-ID: CVE-2026-14117)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to gain access to crash the browser.

The vulnerability exists due to a improper input validation in DevTools in Google Chrome. A remote attacker can trick the victim to perform certain actions in browser and crash it.


344) Input validation error (CVE-ID: CVE-2026-14118)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input in DevTools in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


345) Type Confusion (CVE-ID: CVE-2026-14119)

CWE-ID: CWE-843 - Type confusion

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a type confusion error within the Bluetooth component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a type confusion error and crash the browser.


346) Improperly implemented security check for standard (CVE-ID: CVE-2026-14120)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in DevTools in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


347) Use-after-free (CVE-ID: CVE-2026-14121)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to use-after-free error in Chromoting in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and crash the browser.


348) Input validation error (CVE-ID: CVE-2026-14122)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to gain access to crash the browser.

The vulnerability exists due to a improper input validation in WebAppInstalls in Google Chrome. A remote attacker can trick the victim to perform certain actions in browser and crash it.


349) Spoofing attack (CVE-ID: CVE-2026-14123)

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a spoofing attack.

The vulnerability exists due to insufficient validation of user-supplied input in Chrome for iOS in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and spoof web page content.


350) Improperly implemented security check for standard (CVE-ID: CVE-2026-14124)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in CredentialProvider in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


351) Use of uninitialized resource (CVE-ID: CVE-2026-14125)

CWE-ID: CWE-908 - Use of Uninitialized Resource

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to usage of uninitialized resources in ANGLE in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and crash the browser.


352) Spoofing attack (CVE-ID: CVE-2026-14126)

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a spoofing attack.

The vulnerability exists due to insufficient validation of user-supplied input in UI in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and spoof web page content.


353) Improperly implemented security check for standard (CVE-ID: CVE-2026-14127)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Printing in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


354) Input validation error (CVE-ID: CVE-2026-14128)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input in Chrome for iOS in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


355) Spoofing attack (CVE-ID: CVE-2026-14129)

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a spoofing attack.

The vulnerability exists due to insufficient validation of user-supplied input in PreviewTab in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and spoof web page content.


356) Spoofing attack (CVE-ID: CVE-2026-14130)

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a spoofing attack.

The vulnerability exists due to insufficient validation of user-supplied input in Omnibox in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and spoof web page content.


357) Input validation error (CVE-ID: CVE-2026-14131)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to gain access to crash the browser.

The vulnerability exists due to a improper input validation in WebAppInstalls in Google Chrome. A remote attacker can trick the victim to perform certain actions in browser and crash it.


358) Improperly implemented security check for standard (CVE-ID: CVE-2026-14132)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in WebXR in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


359) Race condition (CVE-ID: CVE-2026-14133)

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to improper input validation in History Embeddings in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage and bypass implemented security restrictions.


360) Improperly implemented security check for standard (CVE-ID: CVE-2026-14134)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Autofill in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


361) Input validation error (CVE-ID: CVE-2026-14135)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to gain access to crash the browser.

The vulnerability exists due to a improper input validation in Network in Google Chrome. A remote attacker can trick the victim to perform certain actions in browser and crash it.


362) Spoofing attack (CVE-ID: CVE-2026-14136)

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a spoofing attack.

The vulnerability exists due to insufficient validation of user-supplied input in Chrome for iOS in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and spoof web page content.


363) Input validation error (CVE-ID: CVE-2026-14137)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to gain access to crash the browser.

The vulnerability exists due to a improper input validation in Chrome for iOS in Google Chrome. A remote attacker can trick the victim to perform certain actions in browser and crash it.


364) Improperly implemented security check for standard (CVE-ID: CVE-2026-14138)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in WebAppInstalls in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


365) Improperly implemented security check for standard (CVE-ID: CVE-2026-14139)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in TabStrip in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


366) Input validation error (CVE-ID: CVE-2026-14140)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to gain access to crash the browser.

The vulnerability exists due to a improper input validation in Input in Google Chrome. A remote attacker can trick the victim to perform certain actions in browser and crash it.


367) Spoofing attack (CVE-ID: CVE-2026-14141)

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a spoofing attack.

The vulnerability exists due to insufficient validation of user-supplied input in Document Picture-in-Picture in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and spoof web page content.


368) Improperly implemented security check for standard (CVE-ID: CVE-2026-14142)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Extensions in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


369) Spoofing attack (CVE-ID: CVE-2026-14143)

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a spoofing attack.

The vulnerability exists due to insufficient validation of user-supplied input in Passwords in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and spoof web page content.


370) Spoofing attack (CVE-ID: CVE-2026-14144)

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a spoofing attack.

The vulnerability exists due to insufficient validation of user-supplied input in Views in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and spoof web page content.


371) Improperly implemented security check for standard (CVE-ID: CVE-2026-14145)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in CSS in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


372) Improperly implemented security check for standard (CVE-ID: CVE-2026-14146)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in CSS in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


373) Improperly implemented security check for standard (CVE-ID: CVE-2026-14147)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in CSS in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


374) Type Confusion (CVE-ID: CVE-2026-14148)

CWE-ID: CWE-843 - Type confusion

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a type confusion error within the CSS component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a type confusion error and crash the browser.


375) Use-after-free (CVE-ID: CVE-2026-14149)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to use-after-free error in Audio in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and crash the browser.


376) Input validation error (CVE-ID: CVE-2026-14150)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to gain access to crash the browser.

The vulnerability exists due to a improper input validation in Speech in Google Chrome. A remote attacker can trick the victim to perform certain actions in browser and crash it.


377) Improperly implemented security check for standard (CVE-ID: CVE-2026-14151)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in AI in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


378) Out-of-bounds write (CVE-ID: CVE-2026-14152)

CWE-ID: CWE-787 - Out-of-bounds write

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to a boundary error when processing untrusted HTML content in ANGLE. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger out-of-bounds write and crash the browser.


379) Improperly implemented security check for standard (CVE-ID: CVE-2026-14153)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Glic in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


380) Improperly implemented security check for standard (CVE-ID: CVE-2026-14154)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in DevTools in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


381) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2026-14155)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient policy enforcement in StorageAccessAPI in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.


382) Protection mechanism failure (CVE-ID: CVE-2026-14156)

CWE-ID: CWE-693 - Protection Mechanism Failure

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to improperly imposed security restrictions in StorageAccessAPI. A remote attacker can trick the victim to visit a specially crafted webpage and bypass implemented policy.


Remediation

Install update from vendor's website.

References