CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2026-14156
Medium

Insufficient policy enforcement in StorageAccessAPI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page.

CVE-2026-14155
Medium

Insufficient policy enforcement in StorageAccessAPI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVE-2026-14154
Medium

An inappropriate implementation in DevTools in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension.

CVE-2026-14153
Medium

An inappropriate implementation in the Glic component in Google Chrome prior to 150.0.7871.47 allowed a remote attacker, after convincing a user to perform specific UI gestures, to perform UI spoofing via a crafted HTML page. The issue is rated as low severity.

CVE-2026-14150
Medium

Insufficient validation of untrusted input in Speech in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page.

CVE-2026-14148
Medium

A Type Confusion vulnerability in the CSS component of Google Chrome prior to version 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

CVE-2026-14147
Medium

An inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. The issue is rated as low severity.

CVE-2026-14146
Medium

An inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVE-2026-14145
Medium

An inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.

CVE-2026-14144
Medium

An incorrect security UI in Views in Google Chrome prior to 150.0.7871.47 allowed a remote attacker, after convincing a user to perform specific UI gestures, to perform UI spoofing via a crafted HTML page.

CVE-2026-14143
Medium

An incorrect security UI in Passwords in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page.

CVE-2026-14142
Medium

An inappropriate implementation in Extensions in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. The issue is rated as Low severity by Chromium security team.

CVE-2026-14141
Medium

A vulnerability in the Document Picture-in-Picture feature in Google Chrome on Android prior to version 150.0.7871.47 allowed a remote attacker to perform domain spoofing via a crafted HTML page. The issue is due to incorrect security UI.

CVE-2026-14140
Medium

Insufficient validation of untrusted input in Google Chrome on Android prior to version 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page.

CVE-2026-14139
Medium

Inappropriate implementation in TabStrip in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page.

CVE-2026-14138
Medium

An inappropriate implementation in WebAppInstalls in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. The issue is rated as low severity.

CVE-2026-14137
Medium

Insufficient validation of untrusted input in Chrome for iOS prior to version 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page, provided the user was convinced to engage in specific UI gestures.

CVE-2026-14136
Medium

Insufficient validation of untrusted input in Chrome for iOS prior to version 150.0.7871.47 allows a remote attacker to perform UI spoofing via a crafted HTML page.

CVE-2026-14135
Medium

Insufficient validation of untrusted input in the Network component of Google Chrome prior to version 150.0.7871.47 allows a remote attacker who has compromised the renderer process to perform UI spoofing via a crafted HTML page. The vulnerability has a low severity rating from Chromium.

CVE-2026-14134
Medium

An inappropriate implementation in Autofill in Google Chrome on Android prior to version 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. The issue is rated as low severity by the Chromium security team.

PreviousPage 17 of 508Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS