CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2026-13973
Medium

Inappropriate implementation in UI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page.

CVE-2026-13972
Medium

Inappropriate implementation in the Paint component in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

CVE-2026-13971
Medium

An uninitialized use vulnerability in Skia in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page.

CVE-2026-13970
Medium

An uninitialized use vulnerability in the Media component of Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to read potentially sensitive information from process memory via a crafted HTML page.

CVE-2026-13969
Medium

In Google Chrome on Android prior to version 150.0.7871.47, an uninitialized use in the UI was discovered. A remote attacker who had compromised the renderer process could exploit a crafted HTML page to obtain potentially sensitive information from process memory.

CVE-2026-13968
High

Insufficient validation of untrusted input in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a malicious file.

CVE-2026-13967
High

A heap buffer overflow in V8 in Google Chrome prior to 150.0.7871.47 allows a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

CVE-2026-13966
Medium

Inappropriate implementation in History in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page.

CVE-2026-13965
High

A use-after-free vulnerability was found in the Oilpan component of Google Chrome prior to version 150.0.7871.47. A remote attacker can exploit a crafted HTML page to execute arbitrary code inside a sandbox.

CVE-2026-13964
Medium

Insufficient policy enforcement in WebView in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. The issue is due to inadequate security policy enforcement.

CVE-2026-13963
Low

Inappropriate implementation in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page.

CVE-2026-13962
Medium

Insufficient data validation in PDF in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.

CVE-2026-13961
Medium

Insufficient validation of untrusted input in DevTools in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentially sensitive information from process memory via a crafted HTML page.

CVE-2026-13960
Medium

An inappropriate implementation in Passwords in Google Chrome prior to 150.0.7871.47 allows a remote attacker to perform UI spoofing via a crafted HTML page.

CVE-2026-13959
Medium

Insufficient validation of untrusted input in Blink in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page.

CVE-2026-13958
Medium

An uninitialized use vulnerability in codecs within Google Chrome on Windows prior to version 150.0.7871.47 allows a remote attacker to read potentially sensitive information from process memory via a crafted HTML page.

CVE-2026-13957
Medium

In Google Chrome prior to version 150.0.7871.47, incorrect security UI in Extensions allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.

CVE-2026-13956
Medium

An incorrect security UI in PageInfo in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page.

CVE-2026-13955
Low

Insufficient validation of untrusted input in CustomTabs in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to perform UI spoofing via a malicious file.

CVE-2026-13954
Medium

Insufficient policy enforcement in XML in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

PreviousPage 45 of 4480Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS