CVE-2026-10014
- EPSS 0.19%
- Veröffentlicht 28.05.2026 22:25:55
- Zuletzt bearbeitet 01.06.2026 18:45:22
Use after free in WebMIDI in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CVE-2026-10015
- EPSS 0.25%
- Veröffentlicht 28.05.2026 22:25:55
- Zuletzt bearbeitet 01.06.2026 15:26:03
Integer overflow in WTF in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
- EPSS 0.13%
- Veröffentlicht 28.05.2026 22:25:54
- Zuletzt bearbeitet 03.06.2026 02:31:06
Inappropriate implementation in Input in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)
CVE-2026-10011
- EPSS 0.16%
- Veröffentlicht 28.05.2026 22:25:54
- Zuletzt bearbeitet 03.06.2026 02:30:55
Inappropriate implementation in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
CVE-2026-10012
- EPSS 0.17%
- Veröffentlicht 28.05.2026 22:25:54
- Zuletzt bearbeitet 29.05.2026 17:17:22
Use after free in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CVE-2026-10007
- EPSS 0.25%
- Veröffentlicht 28.05.2026 22:25:53
- Zuletzt bearbeitet 01.06.2026 15:17:43
Use after free in SVG in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVE-2026-10008
- EPSS 0.22%
- Veröffentlicht 28.05.2026 22:25:53
- Zuletzt bearbeitet 03.06.2026 02:31:25
Uninitialized Use in GPU in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
CVE-2026-10009
- EPSS 0.22%
- Veröffentlicht 28.05.2026 22:25:53
- Zuletzt bearbeitet 01.06.2026 15:13:32
Integer overflow in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVE-2026-10004
- EPSS 0.16%
- Veröffentlicht 28.05.2026 22:25:52
- Zuletzt bearbeitet 29.05.2026 19:16:22
Insufficient validation of untrusted input in Passwords in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High)
CVE-2026-10005
- EPSS 0.26%
- Veröffentlicht 28.05.2026 22:25:52
- Zuletzt bearbeitet 01.06.2026 18:47:08
Use after free in WebAppInstalls in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)