CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.01)
Insufficient policy enforcement in StorageAccessAPI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page.
Insufficient policy enforcement in StorageAccessAPI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
An inappropriate implementation in DevTools in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension.
An inappropriate implementation in the Glic component in Google Chrome prior to 150.0.7871.47 allowed a remote attacker, after convincing a user to perform specific UI gestures, to perform UI spoofing via a crafted HTML page. The issue is rated as low severity.
Insufficient validation of untrusted input in Speech in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page.
A Type Confusion vulnerability in the CSS component of Google Chrome prior to version 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
An inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. The issue is rated as low severity.
An inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
An inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.
An incorrect security UI in Views in Google Chrome prior to 150.0.7871.47 allowed a remote attacker, after convincing a user to perform specific UI gestures, to perform UI spoofing via a crafted HTML page.
An incorrect security UI in Passwords in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page.
An inappropriate implementation in Extensions in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. The issue is rated as Low severity by Chromium security team.
A vulnerability in the Document Picture-in-Picture feature in Google Chrome on Android prior to version 150.0.7871.47 allowed a remote attacker to perform domain spoofing via a crafted HTML page. The issue is due to incorrect security UI.
Insufficient validation of untrusted input in Google Chrome on Android prior to version 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page.
Inappropriate implementation in TabStrip in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page.
An inappropriate implementation in WebAppInstalls in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. The issue is rated as low severity.
Insufficient validation of untrusted input in Chrome for iOS prior to version 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page, provided the user was convinced to engage in specific UI gestures.
Insufficient validation of untrusted input in Chrome for iOS prior to version 150.0.7871.47 allows a remote attacker to perform UI spoofing via a crafted HTML page.
Insufficient validation of untrusted input in the Network component of Google Chrome prior to version 150.0.7871.47 allows a remote attacker who has compromised the renderer process to perform UI spoofing via a crafted HTML page. The vulnerability has a low severity rating from Chromium.
An inappropriate implementation in Autofill in Google Chrome on Android prior to version 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. The issue is rated as low severity by the Chromium security team.

