VYPR

Chromium

by Chromium

Source repositories

CVEs (477)

  • CVE-2026-9917MedMay 28, 2026
    risk 0.42cvss 6.5epss 0.00

    Uninitialized Use in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

  • CVE-2017-1000460MedJan 3, 2018
    risk 0.42cvss 6.5epss 0.00

    In line libavcodec/h264dec.c:500 in libav(v13_dev0), ffmpeg(n3.4), chromium(56 prior Feb 13, 2017), the return value of init_get_bits is ignored and get_ue_golomb(&gb) is called on an uninitialized get_bits context, which causes a NULL deref exception.

  • CVE-2026-9989MedMay 28, 2026
    risk 0.41cvss 6.3epss 0.00

    Inappropriate implementation in Media in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to bypass same origin policy via a crafted video file. (Chromium security severity: High)

  • CVE-2026-8010MedMay 6, 2026
    risk 0.41cvss 6.3epss 0.00

    Insufficient validation of untrusted input in SiteIsolation in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-7977MedMay 6, 2026
    risk 0.41cvss 6.3epss 0.00

    Inappropriate implementation in Canvas in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-7971MedMay 6, 2026
    risk 0.41cvss 6.3epss 0.00

    Inappropriate implementation in ORB in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-7953MedMay 6, 2026
    risk 0.40cvss 6.1epss 0.00

    Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via malicious network traffic. (Chromium security severity: Medium)

  • CVE-2026-8019MedMay 6, 2026
    risk 0.35cvss 5.4epss 0.00

    Insufficient policy enforcement in WebApp in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-8015MedMay 6, 2026
    risk 0.35cvss 5.4epss 0.00

    Inappropriate implementation in Media in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-8012MedMay 6, 2026
    risk 0.35cvss 5.4epss 0.00

    Inappropriate implementation in MHTML in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-8006MedMay 6, 2026
    risk 0.35cvss 5.4epss 0.00

    Insufficient policy enforcement in DevTools in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)

  • CVE-2026-8003MedMay 6, 2026
    risk 0.35cvss 5.4epss 0.00

    Insufficient validation of untrusted input in TabGroups in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via malicious network traffic. (Chromium security severity: Low)

  • CVE-2026-7962MedMay 6, 2026
    risk 0.35cvss 5.4epss 0.00

    Insufficient policy enforcement in DirectSockets in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform arbitrary read/write via a crafted Chrome Extension. (Chromium security severity: Medium)

  • CVE-2026-7950MedMay 6, 2026
    risk 0.35cvss 5.4epss 0.00

    Out of bounds read and write in GFX in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform arbitrary read/write via malicious network traffic. (Chromium security severity: Medium)

  • CVE-2026-7939MedMay 6, 2026
    risk 0.35cvss 5.4epss 0.00

    Inappropriate implementation in SanitizerAPI in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-7935MedMay 6, 2026
    risk 0.35cvss 5.4epss 0.00

    Inappropriate implementation in Speech in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-7931MedMay 6, 2026
    risk 0.35cvss 5.4epss 0.00

    Insufficient validation of untrusted input in iOS in Google Chrome on iOS prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-11696MedJun 9, 2026
    risk 0.34cvss 5.3epss 0.00

    Uninitialized Use in Video in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-11174MedJun 4, 2026
    risk 0.34cvss 5.3epss 0.00

    Inappropriate implementation in Site Isolation in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-9124MedMay 20, 2026
    risk 0.34cvss 5.3epss 0.00

    Insufficient validation of untrusted input in Input in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Page 7 of 24