CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2026-13959
Medium

Insufficient validation of untrusted input in Blink in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page.

CVE-2026-13958
Medium

An uninitialized use vulnerability in codecs within Google Chrome on Windows prior to version 150.0.7871.47 allows a remote attacker to read potentially sensitive information from process memory via a crafted HTML page.

CVE-2026-13957
Medium

In Google Chrome prior to version 150.0.7871.47, incorrect security UI in Extensions allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.

CVE-2026-13956
Medium

An incorrect security UI in PageInfo in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page.

CVE-2026-13955
Low

Insufficient validation of untrusted input in CustomTabs in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to perform UI spoofing via a malicious file.

CVE-2026-13954
Medium

Insufficient policy enforcement in XML in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

CVE-2026-13953
Medium

An inappropriate implementation in SplitView in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.

CVE-2026-13952
Medium

An inappropriate implementation in PerformanceAPIs in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVE-2026-13951
High

Insufficient policy enforcement for USB in Google Chrome prior to 150.0.7871.47 allows a remote attacker who compromised the renderer process to potentially escape the sandbox via a crafted HTML page.

CVE-2026-13950
Medium

An uninitialized use vulnerability in the GPU component of Google Chrome prior to version 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page.

CVE-2026-13949
Medium

Insufficient policy enforcement in Payments in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

CVE-2026-13948
Low

Insufficient policy enforcement in Extensions in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension.

CVE-2026-13947
Medium

An uninitialized use vulnerability in the XR component of Google Chrome prior to version 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page.

CVE-2026-13946
Medium

An inappropriate implementation in ScriptInjections in Google Chrome on iOS before version 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. The issue has been fixed in the mentioned version.

CVE-2026-13945
Low

Insufficient policy enforcement in Extensions in Google Chrome on Linux prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension.

CVE-2026-13944
Low

In Google Chrome on Mac prior to version 150.0.7871.47, an inappropriate implementation in the DataTransfer component allowed a remote attacker who convinced a user to perform specific UI gestures to leak cross-origin data via a crafted HTML page.

CVE-2026-13943
Medium

An uninitialized use vulnerability in CSS in Google Chrome on Android prior to 150.0.7871.47 allows a remote attacker to read potentially sensitive data from process memory via a crafted HTML page.

CVE-2026-13942
Low

Inappropriate implementation in Video Capture in Google Chrome on ChromeOS prior to 150.0.7871.47 allowed a local attacker to perform UI spoofing via a crafted HTML page.

CVE-2026-13941
Medium

In Google Chrome on Android prior to version 150.0.7871.47, an inappropriate implementation in SiteSettings allowed a remote attacker to perform UI spoofing via a crafted HTML page.

CVE-2026-13940
Medium

An uninitialized use in Cast in Google Chrome prior to 150.0.7871.47 allowed an attacker on the local network segment to obtain potentially sensitive information from process memory via malicious network traffic.

PreviousPage 52 of 4490Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS