CVE-2026-7939
- EPSS 0.17%
- Veröffentlicht 06.05.2026 18:12:44
- Zuletzt bearbeitet 06.05.2026 23:33:57
Inappropriate implementation in SanitizerAPI in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-7940
- EPSS 0.2%
- Veröffentlicht 06.05.2026 18:12:44
- Zuletzt bearbeitet 06.05.2026 23:33:48
Use after free in V8 in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code inside a sandbox via a crafted Chrome Extension. (Chromium security severity: Medium)
CVE-2026-7938
- EPSS 0.27%
- Veröffentlicht 06.05.2026 18:12:43
- Zuletzt bearbeitet 06.05.2026 23:34:05
Use after free in CSS in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-7937
- EPSS 0.14%
- Veröffentlicht 06.05.2026 18:12:42
- Zuletzt bearbeitet 06.05.2026 23:34:15
Insufficient policy enforcement in DevTools in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severit...
CVE-2026-7934
- EPSS 0.17%
- Veröffentlicht 06.05.2026 18:12:39
- Zuletzt bearbeitet 06.05.2026 23:34:43
Insufficient validation of untrusted input in Popup Blocker in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. (Chromium security sever...
CVE-2026-7935
- EPSS 0.19%
- Veröffentlicht 06.05.2026 18:12:39
- Zuletzt bearbeitet 06.05.2026 23:34:33
Inappropriate implementation in Speech in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-7936
- EPSS 0.03%
- Veröffentlicht 06.05.2026 18:12:39
- Zuletzt bearbeitet 06.05.2026 23:34:23
Object lifecycle issue in V8 in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-7932
- EPSS 0.12%
- Veröffentlicht 06.05.2026 18:12:38
- Zuletzt bearbeitet 08.05.2026 20:16:32
Insufficient policy enforcement in Downloads in Google Chrome prior to 148.0.7778.96 allowed a local attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-7933
- EPSS 0.18%
- Veröffentlicht 06.05.2026 18:12:38
- Zuletzt bearbeitet 06.05.2026 23:34:54
Out of bounds read in WebCodecs in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform an out of bounds memory read via a crafted video file. (Chromium security severity: Medium)
CVE-2026-7929
- EPSS 0.25%
- Veröffentlicht 06.05.2026 18:12:37
- Zuletzt bearbeitet 06.05.2026 23:37:01
Use after free in MediaRecording in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)