CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2026-14132
Medium

A vulnerability in WebXR in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. The issue stems from inappropriate implementation in WebXR.

CVE-2026-14131
Medium

Insufficient validation of untrusted input in WebAppInstalls in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page.

CVE-2026-14130
Medium

An incorrect security UI in the Omnibox of Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. The issue is rated as low severity.

CVE-2026-14129
Medium

In Google Chrome on Android prior to version 150.0.7871.47, an inappropriate implementation in PreviewTab allowed a remote attacker, by convincing a user to perform specific UI gestures, to perform UI spoofing via a crafted HTML page.

CVE-2026-14128
Medium

An inappropriate implementation in Chrome for iOS prior to version 150.0.7871.47 allowed a remote attacker to spoof the Omnibox (URL bar) contents via a crafted HTML page. The issue stems from improper handling in the browser.

CVE-2026-14127
Medium

An inappropriate implementation in the Printing module of Google Chrome prior to version 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. The vulnerability has a Chromium security severity of Low.

CVE-2026-14126
Medium

In Google Chrome on Android prior to version 150.0.7871.47, an incorrect security UI allows a remote attacker to perform domain spoofing via a crafted HTML page.

CVE-2026-14125
Medium

An uninitialized use vulnerability in the ANGLE component of Google Chrome prior to version 150.0.7871.47 allows a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

CVE-2026-14123
Medium

A vulnerability in Chrome for iOS prior to version 150.0.7871.47 allowed a remote attacker to spoof the Omnibox (URL bar) contents via a crafted HTML page due to incorrect security UI.

CVE-2026-14119
Medium

A type confusion vulnerability in Bluetooth within Google Chrome on Windows (prior to version 150.0.7871.47) allows an attacker on the local network segment to obtain potentially sensitive information from process memory via a malicious peripheral. The issue is rated as Low severity by the Chromium team.

CVE-2026-14118
Medium

Insufficient data validation in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker, after convincing a user to perform specific UI gestures, to leak cross-origin data via a crafted HTML page.

CVE-2026-14117
Medium

Insufficient validation of untrusted input in DevTools in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentially sensitive information from process memory via a crafted HTML page.

CVE-2026-14116
Medium

Insufficient validation of untrusted input in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page.

CVE-2026-14112
Medium

An inappropriate implementation in the Enterprise component in Google Chrome prior to 150.0.7871.47 allowed a remote attacker, after convincing a user to perform specific UI gestures, to obtain potentially sensitive information from process memory via a crafted HTML page.

CVE-2026-14110
Medium

An inappropriate implementation in DarkMode in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. The issue is rated as Low severity by the Chromium team.

CVE-2026-14105
Medium

Insufficient policy enforcement in Speech in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page.

CVE-2026-14103
Medium

A use-after-free vulnerability exists in the SSL component of Google Chrome on ChromeOS prior to version 150.0.7871.47. A remote attacker can exploit a crafted HTML page to obtain potentially sensitive information from process memory.

CVE-2026-14100
Medium

Insufficient data validation in NetworkCache in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVE-2026-14098
Medium

Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. The issue is rated as low severity.

CVE-2026-14096
Medium

An inappropriate implementation in Input in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page.

PreviousPage 21 of 519Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS