VYPR

apk package

wolfi/chromium

pkg:apk/wolfi/chromium

Vulnerabilities (1,378)

  • CVE-2026-10942HigJun 4, 2026
    affected < 149.0.7827.53-r0fixed 149.0.7827.53-r0

    Inappropriate implementation in UI in Google Chrome on Windows prior to 149.0.7827.53 allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: High)

  • CVE-2026-10941HigJun 4, 2026
    affected < 149.0.7827.53-r0fixed 149.0.7827.53-r0

    Out of bounds memory access in Skia in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-10940HigJun 4, 2026
    affected < 149.0.7827.53-r0fixed 149.0.7827.53-r0

    Race in Codecs in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-10939HigJun 4, 2026
    affected < 149.0.7827.53-r0fixed 149.0.7827.53-r0

    Use after free in WebRTC in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-10938MedJun 4, 2026
    affected < 149.0.7827.53-r0fixed 149.0.7827.53-r0

    Inappropriate implementation in Input in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-10937MedJun 4, 2026
    affected < 149.0.7827.53-r0fixed 149.0.7827.53-r0

    Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-10935HigJun 4, 2026
    affected < 149.0.7827.53-r0fixed 149.0.7827.53-r0

    Type Confusion in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-10934HigJun 4, 2026
    affected < 149.0.7827.53-r0fixed 149.0.7827.53-r0

    Use after free in Autofill in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-10932HigJun 4, 2026
    affected < 149.0.7827.53-r0fixed 149.0.7827.53-r0

    Use after free in UI in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-10931CriJun 4, 2026
    affected < 149.0.7827.53-r0fixed 149.0.7827.53-r0

    Use after free in FileSystem in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-10929HigJun 4, 2026
    affected < 149.0.7827.53-r0fixed 149.0.7827.53-r0

    Heap buffer overflow in ANGLE in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-10928HigJun 4, 2026
    affected < 149.0.7827.53-r0fixed 149.0.7827.53-r0

    Script injection in Headless in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-10924HigJun 4, 2026
    affected < 149.0.7827.53-r0fixed 149.0.7827.53-r0

    Integer overflow in Chromecast in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-10921HigJun 4, 2026
    affected < 149.0.7827.53-r0fixed 149.0.7827.53-r0

    Integer overflow in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-10920HigJun 4, 2026
    affected < 149.0.7827.53-r0fixed 149.0.7827.53-r0

    Insufficient validation of untrusted input in WebShare in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-10918HigJun 4, 2026
    affected < 149.0.7827.53-r0fixed 149.0.7827.53-r0

    Use after free in Viz in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-10917HigJun 4, 2026
    affected < 149.0.7827.53-r0fixed 149.0.7827.53-r0

    Insufficient validation of untrusted input in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-10914HigJun 4, 2026
    affected < 149.0.7827.53-r0fixed 149.0.7827.53-r0

    Use after free in ANGLE in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-10913HigJun 4, 2026
    affected < 149.0.7827.53-r0fixed 149.0.7827.53-r0

    Use after free in ANGLE in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-10912MedJun 4, 2026
    affected < 149.0.7827.53-r0fixed 149.0.7827.53-r0

    Insufficient validation of untrusted input in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: High)

Page 21 of 69