CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.01)
An inappropriate implementation in WebAppInstalls in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same-origin policy via a crafted HTML page.
A Use-After-Free vulnerability in the Bluetooth component of Google Chrome prior to 150.0.7871.47 allowed an attacker on the local network segment to obtain potentially sensitive information from process memory via a malicious peripheral.
Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page.
An inappropriate implementation in the Network component of Google Chrome prior to version 150.0.7871.47 allows an attacker in a privileged network position to bypass Content Security Policy (CSP) via malicious network traffic.
Insufficient validation of untrusted input in the GPU component of Google Chrome on Windows prior to version 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page.
A race condition in DataTransfer in Google Chrome prior to 150.0.7871.47 allows a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
An out-of-bounds read vulnerability in the Layout component of Google Chrome prior to 150.0.7871.47 allows a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
Insufficient policy enforcement in GuestView in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.
Inappropriate implementation in Network in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.
Inappropriate implementation in Geolocation in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Inappropriate implementation in Input in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.
Insufficient validation of untrusted input in the Enterprise component in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page.
Insufficient policy enforcement in Web Authentication (Passkeys & Security Keys) in Google Chrome on iOS prior to 150.0.7871.47 allowed an attacker in a privileged network position to leak cross-origin data via a crafted HTML page.
A vulnerability in the Autofill feature of Google Chrome on Windows prior to version 150.0.7871.47 allowed a remote attacker, after convincing a user to perform specific UI gestures, to perform UI spoofing via a crafted HTML page.
An out-of-bounds read vulnerability in FFmpeg within Google Chrome prior to version 150.0.7871.47 allows a remote attacker to read sensitive information from process memory by crafting a malicious video file.
Inappropriate implementation in Geometry in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page.
Insufficient validation of untrusted input in Chrome for iOS prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
A vulnerability in Google Chrome on iOS prior to version 150.0.7871.47 allows a remote attacker to spoof the Omnibox (URL bar) contents via a crafted HTML page. The issue is due to inappropriate implementation in the Chrome for iOS component.
Insufficient policy enforcement in Canvas in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
An inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. The vulnerability has a high severity rating according to Chromium classification.

