CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.07)
A Use-After-Free vulnerability in the Bluetooth component of Google Chrome on Mac prior to version 150.0.7871.47 allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page.
An inappropriate implementation in the Network component of Google Chrome prior to version 150.0.7871.47 allows an attacker in a privileged network position to bypass Content Security Policy (CSP) via malicious network traffic.
Insufficient validation of untrusted input in the GPU component of Google Chrome on Windows prior to version 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page.
A race condition in DataTransfer in Google Chrome prior to 150.0.7871.47 allows a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
An out-of-bounds read vulnerability in the Layout component of Google Chrome prior to 150.0.7871.47 allows a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to potentially perform a sandbox escape via a malicious file.
Insufficient policy enforcement in GuestView in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.
A use-after-free vulnerability in WebView in Google Chrome on Android prior to 150.0.7871.47 allows a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
A Use-After-Free vulnerability in the Device component in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. The issue is rated as Medium severity in Chromium.
An inappropriate implementation in the Network component of Google Chrome on Android prior to version 150.0.7871.47 allows a remote attacker who has compromised the renderer process to bypass site isolation using a crafted HTML page.
Inappropriate implementation in Geolocation in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Inappropriate implementation in Input in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.
Insufficient validation of untrusted input in the Enterprise component in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page.
Insufficient policy enforcement in WebHID in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to perform privilege escalation via a crafted Chrome Extension.
Insufficient validation of untrusted input in CustomTabs in Google Chrome on Android prior to 150.0.7871.47 allows a local attacker to perform privilege escalation via a malicious file.
Insufficient policy enforcement in Web Authentication (Passkeys & Security Keys) in Google Chrome on iOS prior to 150.0.7871.47 allowed an attacker in a privileged network position to leak cross-origin data via a crafted HTML page.
A Use-After-Free vulnerability in the Core component of Google Chrome prior to 150.0.7871.47 allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. The issue has a medium severity rating according to Chromium.
A vulnerability in the Autofill feature of Google Chrome on Windows prior to version 150.0.7871.47 allowed a remote attacker, after convincing a user to perform specific UI gestures, to perform UI spoofing via a crafted HTML page.
Inappropriate implementation in the ANGLE component in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

