CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2026-12468
High

A race condition in the Updater in Google Chrome on Mac prior to version 149.0.7827.155 allowed a remote attacker who compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

CVE-2026-12467
High

Use after free in Extensions in Google Chrome prior to version 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

CVE-2026-12466
High

Heap buffer overflow in WebRTC in Google Chrome on Windows prior to version 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page.

CVE-2026-12465
High

Object lifecycle issue in Metrics in Google Chrome prior to version 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

CVE-2026-12464
High

A use after free vulnerability in Browser in Google Chrome prior to version 149.0.7827.155 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

CVE-2026-12462
High

A use after free vulnerability in Media in Google Chrome prior to version 149.0.7827.155 allows a remote attacker who has compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page.

CVE-2026-12455
High

Use after free in Tab Strip in Google Chrome prior to version 149.0.7827.155 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page.

CVE-2026-12454
High

A race condition in Safe Browsing in Google Chrome on Mac prior to version 149.0.7827.155 allowed a remote attacker who compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

CVE-2026-12452
High

A use after free vulnerability in Downloads in Google Chrome on Android prior to version 149.0.7827.155 allows a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2026-12451
High

Use after free in DigitalCredentials in Google Chrome prior to version 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

CVE-2026-12449
High

Use after free in Chromoting in Google Chrome on Windows prior to version 149.0.7827.155 allowed a local attacker to perform OS-level privilege escalation via a malicious file.

CVE-2026-12448
High

Inappropriate implementation in WebView in Google Chrome on Android prior to version 149.0.7827.155 allowed a remote attacker to perform privilege escalation via a crafted HTML page.

CVE-2026-12447
High

Heap buffer overflow in WebRTC in Google Chrome prior to version 149.0.7827.155 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

CVE-2026-12445
High

A use after free vulnerability in Extensions in Google Chrome prior to version 149.0.7827.155 allowed an attacker to exploit heap corruption via a malicious extension if a user installed it.

CVE-2026-12443
High

Use after free in Web Authentication in Google Chrome prior to version 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page.

CVE-2026-12442
High

A use after free vulnerability in the Passwords module of Google Chrome on Android prior to version 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page.

CVE-2026-12441
High

A use after free vulnerability in the File Input component of Google Chrome on Linux prior to version 149.0.7827.155 allows a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2026-12439
High

Use after free in Digital Credentials in Google Chrome prior to version 149.0.7827.155 allows a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2026-12438
High

Inappropriate implementation in WebView in Google Chrome on Android prior to version 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

CVE-2026-12437
High

A use after free vulnerability in WebShare in Google Chrome on Windows prior to version 149.0.7827.155 allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

PreviousPage 100 of 3315Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS