VYPR

Chromium

by Chromium

Source repositories

CVEs (477)

  • CVE-2026-7923HigMay 6, 2026
    risk 0.54cvss 8.3epss 0.00

    Out of bounds write in Skia in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-7920HigMay 6, 2026
    risk 0.54cvss 8.3epss 0.00

    Use after free in Skia in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-7919HigMay 6, 2026
    risk 0.54cvss 8.3epss 0.00

    Use after free in Aura in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-7918HigMay 6, 2026
    risk 0.54cvss 8.3epss 0.00

    Use after free in GPU in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-7916HigMay 6, 2026
    risk 0.54cvss 8.3epss 0.00

    Insufficient data validation in InterestGroups in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-7914HigMay 6, 2026
    risk 0.54cvss 8.3epss 0.00

    Type Confusion in Accessibility in Google Chrome on Windows prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-7911HigMay 6, 2026
    risk 0.54cvss 8.3epss 0.00

    Use after free in Aura in Google Chrome on Windows prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-7905HigMay 6, 2026
    risk 0.54cvss 8.3epss 0.00

    Insufficient validation of untrusted input in Media in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-7900HigMay 6, 2026
    risk 0.54cvss 8.3epss 0.00

    Heap buffer overflow in ANGLE in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-11693HigJun 9, 2026
    risk 0.53cvss 8.1epss 0.00

    Inappropriate implementation in Plugins in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-8018HigMay 6, 2026
    risk 0.53cvss 8.1epss 0.00

    Insufficient policy enforcement in DevTools in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to potentially perform a sandbox escape via malicious network traffic. (Chromium security severity: Low)

  • CVE-2026-7981HigMay 6, 2026
    risk 0.53cvss 8.1epss 0.00

    Out of bounds read in Codecs in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to obtain potentially sensitive information from process memory via a malicious file. (Chromium security severity: Medium)

  • CVE-2026-7978HigMay 6, 2026
    risk 0.53cvss 8.1epss 0.00

    Inappropriate implementation in Companion in Google Chrome on Mac prior to 148.0.7778.96 allowed a remote attacker to perform OS-level privilege escalation via malicious network traffic. (Chromium security severity: Medium)

  • CVE-2026-7997HigMay 6, 2026
    risk 0.51cvss 7.8epss 0.00

    Insufficient validation of untrusted input in Updater in Google Chrome on Mac prior to 148.0.7778.96 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: Low)

  • CVE-2026-7994HigMay 6, 2026
    risk 0.51cvss 7.8epss 0.00

    Inappropriate implementation in Chromoting in Google Chrome on Windows prior to 148.0.7778.96 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: Medium)

  • CVE-2026-7990HigMay 6, 2026
    risk 0.51cvss 7.8epss 0.00

    Insufficient validation of untrusted input in Updater in Google Chrome on Windows prior to 148.0.7778.96 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: Medium)

  • CVE-2026-7913HigMay 6, 2026
    risk 0.51cvss 7.8epss 0.00

    Insufficient policy enforcement in DevTools in Google Chrome on Android prior to 148.0.7778.96 allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: High)

  • CVE-2026-11239HigJun 5, 2026
    risk 0.49cvss 7.5epss 0.00

    Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-9954HigMay 28, 2026
    risk 0.49cvss 7.5epss 0.00

    Use after free in TabStrip in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-8007HigMay 6, 2026
    risk 0.49cvss 7.5epss 0.00

    Insufficient validation of untrusted input in Cast in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low)

Page 5 of 24