apk package
wolfi/chromium
pkg:apk/wolfi/chromium
Vulnerabilities (1,378)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-11266 | Med | 4.3 | < 149.0.7827.53-r0 | 149.0.7827.53-r0 | Jun 5, 2026 | Inappropriate implementation in SafeBrowsing in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass Safe Browsing via a malicious file. (Chromium security severity: Low) | |
| CVE-2026-11265 | Hig | 7.5 | < 149.0.7827.53-r0 | 149.0.7827.53-r0 | Jun 5, 2026 | Inappropriate implementation in Autofill in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) | |
| CVE-2026-11264 | Med | 4.3 | < 149.0.7827.53-r0 | 149.0.7827.53-r0 | Jun 5, 2026 | Policy bypass in Content Security Policy in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low) | |
| CVE-2026-11261 | Med | 4.3 | < 149.0.7827.53-r0 | 149.0.7827.53-r0 | Jun 5, 2026 | Inappropriate implementation in PDF in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | |
| CVE-2026-11259 | Med | 4.3 | < 149.0.7827.53-r0 | 149.0.7827.53-r0 | Jun 5, 2026 | Insufficient validation of untrusted input in Cast in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low) | |
| CVE-2026-11257 | Med | 4.3 | < 149.0.7827.53-r0 | 149.0.7827.53-r0 | Jun 5, 2026 | Inappropriate implementation in Browser in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) | |
| CVE-2026-11256 | Hig | 8.3 | < 149.0.7827.53-r0 | 149.0.7827.53-r0 | Jun 5, 2026 | Integer overflow in GPU in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low) | |
| CVE-2026-11255 | Hig | 7.5 | < 149.0.7827.53-r0 | 149.0.7827.53-r0 | Jun 5, 2026 | Insufficient validation of untrusted input in Storage Access API in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) | |
| CVE-2026-11252 | Med | 4.3 | < 149.0.7827.53-r0 | 149.0.7827.53-r0 | Jun 5, 2026 | Insufficient policy enforcement in Content Settings in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Low) | |
| CVE-2026-11251 | Low | 3.1 | < 149.0.7827.53-r0 | 149.0.7827.53-r0 | Jun 5, 2026 | Insufficient policy enforcement in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Low) | |
| CVE-2026-11249 | Med | 4.7 | < 149.0.7827.53-r0 | 149.0.7827.53-r0 | Jun 5, 2026 | Use after free in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low) | |
| CVE-2026-11248 | Hig | 8.8 | < 149.0.7827.53-r0 | 149.0.7827.53-r0 | Jun 5, 2026 | Inappropriate implementation in Google Lens in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) | |
| CVE-2026-11247 | Low | 3.1 | < 149.0.7827.53-r0 | 149.0.7827.53-r0 | Jun 5, 2026 | Insufficient policy enforcement in CustomTabs in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) | |
| CVE-2026-11246 | Med | 5.3 | < 149.0.7827.53-r0 | 149.0.7827.53-r0 | Jun 5, 2026 | Insufficient validation of untrusted input in IndexedDB in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low) | |
| CVE-2026-11245 | Med | 4.3 | < 149.0.7827.53-r0 | 149.0.7827.53-r0 | Jun 5, 2026 | Inappropriate implementation in Payments in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | |
| CVE-2026-11244 | Low | 3.1 | < 149.0.7827.53-r0 | 149.0.7827.53-r0 | Jun 5, 2026 | Insufficient validation of untrusted input in WebAuthentication in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low) | |
| CVE-2026-11243 | Med | 5.4 | < 149.0.7827.53-r0 | 149.0.7827.53-r0 | Jun 5, 2026 | Inappropriate implementation in Downloads in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) | |
| CVE-2026-11241 | Hig | 8.0 | < 149.0.7827.53-r0 | 149.0.7827.53-r0 | Jun 5, 2026 | Insufficient validation of untrusted input in Cast in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low) | |
| CVE-2026-11240 | Low | 3.1 | < 149.0.7827.53-r0 | 149.0.7827.53-r0 | Jun 5, 2026 | Insufficient validation of untrusted input in Loader in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Low) | |
| CVE-2026-11238 | Med | 5.9 | < 149.0.7827.53-r0 | 149.0.7827.53-r0 | Jun 5, 2026 | Inappropriate implementation in DevTools in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. (Chromium security severity: |
- affected < 149.0.7827.53-r0fixed 149.0.7827.53-r0
Inappropriate implementation in SafeBrowsing in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass Safe Browsing via a malicious file. (Chromium security severity: Low)
- affected < 149.0.7827.53-r0fixed 149.0.7827.53-r0
Inappropriate implementation in Autofill in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
- affected < 149.0.7827.53-r0fixed 149.0.7827.53-r0
Policy bypass in Content Security Policy in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)
- affected < 149.0.7827.53-r0fixed 149.0.7827.53-r0
Inappropriate implementation in PDF in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
- affected < 149.0.7827.53-r0fixed 149.0.7827.53-r0
Insufficient validation of untrusted input in Cast in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low)
- affected < 149.0.7827.53-r0fixed 149.0.7827.53-r0
Inappropriate implementation in Browser in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)
- affected < 149.0.7827.53-r0fixed 149.0.7827.53-r0
Integer overflow in GPU in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)
- affected < 149.0.7827.53-r0fixed 149.0.7827.53-r0
Insufficient validation of untrusted input in Storage Access API in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
- affected < 149.0.7827.53-r0fixed 149.0.7827.53-r0
Insufficient policy enforcement in Content Settings in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Low)
- affected < 149.0.7827.53-r0fixed 149.0.7827.53-r0
Insufficient policy enforcement in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Low)
- affected < 149.0.7827.53-r0fixed 149.0.7827.53-r0
Use after free in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low)
- affected < 149.0.7827.53-r0fixed 149.0.7827.53-r0
Inappropriate implementation in Google Lens in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)
- affected < 149.0.7827.53-r0fixed 149.0.7827.53-r0
Insufficient policy enforcement in CustomTabs in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
- affected < 149.0.7827.53-r0fixed 149.0.7827.53-r0
Insufficient validation of untrusted input in IndexedDB in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low)
- affected < 149.0.7827.53-r0fixed 149.0.7827.53-r0
Inappropriate implementation in Payments in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
- affected < 149.0.7827.53-r0fixed 149.0.7827.53-r0
Insufficient validation of untrusted input in WebAuthentication in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low)
- affected < 149.0.7827.53-r0fixed 149.0.7827.53-r0
Inappropriate implementation in Downloads in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)
- affected < 149.0.7827.53-r0fixed 149.0.7827.53-r0
Insufficient validation of untrusted input in Cast in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low)
- affected < 149.0.7827.53-r0fixed 149.0.7827.53-r0
Insufficient validation of untrusted input in Loader in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Low)
- affected < 149.0.7827.53-r0fixed 149.0.7827.53-r0
Inappropriate implementation in DevTools in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. (Chromium security severity:
Page 9 of 69