CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.07)
A race condition in the Updater in Google Chrome on Mac prior to version 149.0.7827.155 allowed a remote attacker who compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Use after free in Extensions in Google Chrome prior to version 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Heap buffer overflow in WebRTC in Google Chrome on Windows prior to version 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
Object lifecycle issue in Metrics in Google Chrome prior to version 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
A use after free vulnerability in Browser in Google Chrome prior to version 149.0.7827.155 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
A use after free vulnerability in Media in Google Chrome prior to version 149.0.7827.155 allows a remote attacker who has compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page.
Use after free in Tab Strip in Google Chrome prior to version 149.0.7827.155 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page.
A race condition in Safe Browsing in Google Chrome on Mac prior to version 149.0.7827.155 allowed a remote attacker who compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
A use after free vulnerability in Downloads in Google Chrome on Android prior to version 149.0.7827.155 allows a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Use after free in DigitalCredentials in Google Chrome prior to version 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Use after free in Chromoting in Google Chrome on Windows prior to version 149.0.7827.155 allowed a local attacker to perform OS-level privilege escalation via a malicious file.
Inappropriate implementation in WebView in Google Chrome on Android prior to version 149.0.7827.155 allowed a remote attacker to perform privilege escalation via a crafted HTML page.
Heap buffer overflow in WebRTC in Google Chrome prior to version 149.0.7827.155 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
A use after free vulnerability in Extensions in Google Chrome prior to version 149.0.7827.155 allowed an attacker to exploit heap corruption via a malicious extension if a user installed it.
Use after free in Web Authentication in Google Chrome prior to version 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
A use after free vulnerability in the Passwords module of Google Chrome on Android prior to version 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
A use after free vulnerability in the File Input component of Google Chrome on Linux prior to version 149.0.7827.155 allows a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Use after free in Digital Credentials in Google Chrome prior to version 149.0.7827.155 allows a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Inappropriate implementation in WebView in Google Chrome on Android prior to version 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
A use after free vulnerability in WebShare in Google Chrome on Windows prior to version 149.0.7827.155 allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

