CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.10)
Insufficient policy enforcement in WebView in Google Chrome on Android prior to version 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Inappropriate implementation in Media in Google Chrome prior to version 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Inappropriate implementation in Site Isolation in Google Chrome prior to version 149.0.7827.53 allowed a remote attacker who compromised the renderer process to bypass site isolation via a crafted HTML page.
Inappropriate implementation in Extensions in Google Chrome prior to version 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page.
Inappropriate implementation in SVG in Google Chrome prior to version 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.
Inappropriate implementation in CSS in Google Chrome prior to version 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Inappropriate implementation in DataTransfer in Google Chrome prior to version 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
In Google Chrome on Linux prior to version 149.0.7827.53, an out of bounds read in the Input module allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
Uninitialized Use in Skia in Google Chrome prior to version 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
In Google Chrome prior to version 149.0.7827.53, there was a script injection vulnerability in the accessibility feature. An attacker could convince a user to install a malicious extension, allowing the injection of arbitrary scripts or HTML.
Inappropriate implementation in CSS in Google Chrome prior to version 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Inappropriate implementation in CSS in Google Chrome prior to version 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Inappropriate implementation in XML in Google Chrome prior to version 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.
Inappropriate implementation in Payments in Google Chrome on Android prior to version 149.0.7827.53 allowed a local attacker to leak cross-origin data via a crafted HTML page.
A race condition in Geolocation in Google Chrome on Android prior to version 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
An out of bounds read in Extensions in Google Chrome on Linux prior to version 149.0.7827.53 allowed an attacker to obtain potentially sensitive information from process memory via a malicious Chrome Extension.
Insufficient policy enforcement in Paint in Google Chrome prior to version 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
In Google Chrome prior to version 149.0.7827.53, there was an uninitialized use in the audio module that allowed a remote attacker who compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page.
An out of bounds read in Chromecast in Google Chrome prior to version 149.0.7827.53 allowed a remote attacker who compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page.
Inappropriate implementation in Paint in Google Chrome prior to version 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

