VYPR

Vendor CVEs

Google

All CVEs

11,416 total · sorted by risk
  • CVE-2026-10969HigJun 4, 2026
    risk 0.49cvss 7.5epss 0.00

    Insufficient validation of untrusted input in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-10946HigJun 4, 2026
    risk 0.49cvss 7.5epss 0.00

    Heap buffer overflow in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-10906HigJun 4, 2026
    risk 0.49cvss 7.5epss 0.00

    Use after free in WebAuthentication in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-10901HigJun 4, 2026
    risk 0.49cvss 7.5epss 0.00

    Use after free in Passwords in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2026-10900HigJun 4, 2026
    risk 0.49cvss 7.5epss 0.00

    Use after free in Passwords in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2026-10899HigJun 4, 2026
    risk 0.49cvss 7.5epss 0.00

    Use after free in Ozone in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2026-46273HigJun 3, 2026
    risk 0.49cvss 8.6epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: ibmveth: Disable GSO for packets with small MSS Some physical adapters on Power systems do not support segmentation offload when the MSS is less than 224 bytes. Attempting to send such packets causes the…

  • CVE-2026-9990HigMay 28, 2026
    risk 0.49cvss 7.5epss 0.00

    Use after free in WebAppInstalls in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-9963HigMay 28, 2026
    risk 0.49cvss 7.5epss 0.00

    Uninitialized Use in iOS in Google Chrome on iOS prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-9960HigMay 28, 2026
    risk 0.49cvss 7.5epss 0.00

    Integer overflow in PDFium in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted font file. (Chromium security severity: High)

  • CVE-2026-9956HigMay 28, 2026
    risk 0.49cvss 7.5epss 0.00

    Use after free in iOS in Google Chrome on iOS prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-9954HigMay 28, 2026
    risk 0.49cvss 7.5epss 0.00

    Use after free in TabStrip in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-9934HigMay 28, 2026
    risk 0.49cvss 7.5epss 0.00

    Use after free in Aura in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-9933HigMay 28, 2026
    risk 0.49cvss 7.5epss 0.00

    Use after free in Input in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-9922HigMay 28, 2026
    risk 0.49cvss 7.5epss 0.00

    Use after free in GPU in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-9909HigMay 28, 2026
    risk 0.49cvss 7.5epss 0.00

    Integer overflow in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-9901HigMay 28, 2026
    risk 0.49cvss 7.5epss 0.00

    Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-10022HigMay 28, 2026
    risk 0.49cvss 7.5epss 0.00

    Type Confusion in V8 in Google Chrome prior to 148.0.7778.216 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code inside a sandbox via a crafted Chrome Extension. (Chromium security severity: Medium)

  • CVE-2026-10009HigMay 28, 2026
    risk 0.49cvss 7.5epss 0.00

    Integer overflow in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-10006HigMay 28, 2026
    risk 0.49cvss 7.5epss 0.00

    Race in WebAudio in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-10005HigMay 28, 2026
    risk 0.49cvss 7.5epss 0.00

    Use after free in WebAppInstalls in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-10003HigMay 28, 2026
    risk 0.49cvss 7.5epss 0.00

    Use after free in Views in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-9123HigMay 20, 2026
    risk 0.49cvss 7.5epss 0.00

    Heap buffer overflow in Chromecast in Google Chrome on Android, Linux, ChromeOS prior to 148.0.7778.179 allowed a local attacker to execute arbitrary code inside a sandbox via malicious network traffic. (Chromium security severity: Medium)

  • CVE-2026-9117HigMay 20, 2026
    risk 0.49cvss 7.5epss 0.00

    Type Confusion in GFX in Google Chrome on Linux, ChromeOS prior to 148.0.7778.179 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted video file. (Chromium security severity: High)

  • CVE-2026-8585HigMay 14, 2026
    risk 0.49cvss 7.5epss 0.00

    Inappropriate implementation in Media in Google Chrome on iOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-8557HigMay 14, 2026
    risk 0.49cvss 7.5epss 0.00

    Use after free in Accessibility in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-8547HigMay 14, 2026
    risk 0.49cvss 7.5epss 0.00

    Insufficient policy enforcement in Passwords in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-8521HigMay 14, 2026
    risk 0.49cvss 7.5epss 0.00

    Use after free in Tab Groups in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Critical)

  • CVE-2026-8510HigMay 14, 2026
    risk 0.49cvss 7.5epss 0.00

    Integer overflow in Skia in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2026-8007HigMay 6, 2026
    risk 0.49cvss 7.5epss 0.00

    Insufficient validation of untrusted input in Cast in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-7976HigMay 6, 2026
    risk 0.49cvss 7.5epss 0.00

    Use after free in Views in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Medium)

  • CVE-2026-7948HigMay 6, 2026
    risk 0.49cvss 7.5epss 0.00

    Race in Chromoting in Google Chrome on Windows prior to 148.0.7778.96 allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: Medium)

  • CVE-2026-7929HigMay 6, 2026
    risk 0.49cvss 7.5epss 0.00

    Use after free in MediaRecording in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-7897HigMay 6, 2026
    risk 0.49cvss 7.5epss 0.00

    Use after free in Mobile in Google Chrome on iOS prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2025-71256HigMay 6, 2026
    risk 0.49cvss 7.5epss 0.00

    In nr modem, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.

  • CVE-2025-71255HigMay 6, 2026
    risk 0.49cvss 7.5epss 0.00

    In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.

  • CVE-2025-71254HigMay 6, 2026
    risk 0.49cvss 7.5epss 0.00

    In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.

  • CVE-2025-71253HigMay 6, 2026
    risk 0.49cvss 7.5epss 0.00

    In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.

  • CVE-2025-71252HigMay 6, 2026
    risk 0.49cvss 7.5epss 0.00

    In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.

  • CVE-2025-71251HigMay 6, 2026
    risk 0.49cvss 7.5epss 0.00

    In IMS, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.

  • CVE-2026-7357HigApr 28, 2026
    risk 0.49cvss 7.5epss 0.00

    Use after free in GPU in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-7349HigApr 28, 2026
    risk 0.49cvss 7.5epss 0.00

    Use after free in Cast in Google Chrome prior to 147.0.7727.138 allowed an attacker on the local network segment to execute arbitrary code inside a sandbox via malicious network traffic. (Chromium security severity: High)

  • CVE-2026-7343HigApr 28, 2026
    risk 0.49cvss 7.5epss 0.00

    Use after free in Views in Google Chrome on Windows prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2026-7338HigApr 28, 2026
    risk 0.49cvss 7.5epss 0.00

    Use after free in Cast in Google Chrome prior to 147.0.7727.138 allowed an attacker on the local network segment to potentially exploit heap corruption via malicious network traffic. (Chromium security severity: High)

  • CVE-2026-6319HigApr 15, 2026
    risk 0.49cvss 7.5epss 0.00

    Use after free in Payments in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-6308HigApr 15, 2026
    risk 0.49cvss 7.5epss 0.00

    Out of bounds read in Media in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-5284HigApr 1, 2026
    risk 0.49cvss 7.5epss 0.00

    Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-5277HigApr 1, 2026
    risk 0.49cvss 7.5epss 0.00

    Integer overflow in ANGLE in Google Chrome on Windows prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

  • CVE-2025-13292HigDec 6, 2025
    risk 0.49cvss epss 0.00

    A vulnerability in Apigee-X allowed an attacker to gain unauthorized read and write access to Apigee Analytics (AX) data and access logs belonging to other Apigee customer organizations. Apigee-X was found to be vulnerable. This vulnerability was patched in…

  • CVE-2025-13721HigDec 2, 2025
    risk 0.49cvss 7.5epss 0.00

    Race in v8 in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Page 96 of 229