CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.10)
Wykorzystanie niezainicjowanej pamięci w kodekach w Google Chrome przed wersją 149.0.7827.53 umożliwia zdalnemu atakującemu, który przejął proces renderowania, potencjalne wykonanie ucieczki z piaskownicy za pomocą spreparowanej strony HTML.
Wykorzystanie po zwolnieniu pamięci w module Input w Google Chrome na Androidzie przed wersją 149.0.7827.53 umożliwia zdalnemu atakującemu wykonanie dowolnego kodu wewnątrz piaskownicy za pomocą spreparowanej strony HTML.
W Chrome na iOS przed wersją 149.0.7827.53 wystąpiła podatność typu use after free, która pozwalała zdalnemu atakującemu na wykonanie dowolnego kodu poprzez nakłonienie użytkownika do wykonania określonych gestów interfejsu użytkownika na spreparowanej stronie HTML.
Wykorzystanie po zwolnieniu pamięci w Glic w Google Chrome przed wersją 149.0.7827.53 umożliwia zdalnemu atakującemu wykonanie dowolnego kodu wewnątrz piaskownicy za pomocą spreparowanej strony HTML.
Use after free in MimeHandlerView in Google Chrome prior to version 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
In Google Chrome on Windows prior to version 149.0.7827.53, a 'Type Confusion' vulnerability in ANGLE allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
In Google Chrome prior to version 149.0.7827.53, there was a use after free vulnerability in the Actor component that allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Use after free in Core in Google Chrome on Android prior to version 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
A use after free vulnerability in Chrome for iOS prior to version 149.0.7827.53 allows a remote attacker to potentially exploit heap corruption via a crafted HTML page.
A use after free vulnerability in Autofill in Google Chrome on iOS prior to version 149.0.7827.53 can be exploited by a remote attacker. The attacker can convince a user to perform specific UI gestures, potentially leading to heap corruption via a crafted HTML page.
Heap buffer overflow in Video in Google Chrome prior to version 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Use after free in WebRTC in Google Chrome prior to version 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
A use after free vulnerability in WebRTC in Google Chrome prior to version 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Heap buffer overflow in Media in Google Chrome prior to version 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted HTML page.
Use after free in PDF in Google Chrome prior to version 149.0.7827.53 allows a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted PDF file.
A use after free vulnerability in WebRTC in Google Chrome prior to version 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Inappropriate implementation in UI in Google Chrome on Windows prior to version 149.0.7827.53 allowed a local attacker to perform privilege escalation via a malicious file.
Out of bounds memory access in Skia in Google Chrome prior to version 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
A race condition in Codecs in Google Chrome on Windows prior to version 149.0.7827.53 allowed a remote attacker who compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Wykorzystanie po zwolnieniu pamięci w WebRTC w Google Chrome przed wersją 149.0.7827.53 umożliwia zdalnemu atakującemu wykonanie dowolnego kodu wewnątrz piaskownicy za pomocą spreparowanej strony HTML.

