CVE-2026-13870
- EPSS 0.26%
- Veröffentlicht 30.06.2026 23:17:01
- Zuletzt bearbeitet 02.07.2026 05:16:34
Use after free in WebView in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-13871
- EPSS 0.28%
- Veröffentlicht 30.06.2026 23:17:01
- Zuletzt bearbeitet 02.07.2026 16:39:07
Insufficient policy enforcement in GuestView in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-13872
- EPSS 0.27%
- Veröffentlicht 30.06.2026 23:17:01
- Zuletzt bearbeitet 06.07.2026 17:06:17
Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to potentially perform a sandbox escape via a malicious file. (Chromium security severity: Medium)
CVE-2026-13873
- EPSS 0.28%
- Veröffentlicht 30.06.2026 23:17:01
- Zuletzt bearbeitet 01.07.2026 15:43:28
Out of bounds read in Layout in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-13874
- EPSS 0.2%
- Veröffentlicht 30.06.2026 23:17:01
- Zuletzt bearbeitet 01.07.2026 15:43:23
Race in DataTransfer in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-13875
- EPSS 0.28%
- Veröffentlicht 30.06.2026 23:17:01
- Zuletzt bearbeitet 01.07.2026 15:43:18
Insufficient validation of untrusted input in GPU in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML...
CVE-2026-13876
- EPSS 0.24%
- Veröffentlicht 30.06.2026 23:17:01
- Zuletzt bearbeitet 02.07.2026 16:39:15
Inappropriate implementation in Network in Google Chrome prior to 150.0.7871.47 allowed an attacker in a privileged network position to bypass content security policy via malicious network traffic. (Chromium security severity: Medium)
CVE-2026-13877
- EPSS 0.27%
- Veröffentlicht 30.06.2026 23:17:01
- Zuletzt bearbeitet 01.07.2026 15:43:12
Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (C...
CVE-2026-13856
- EPSS 0.21%
- Veröffentlicht 30.06.2026 23:17:00
- Zuletzt bearbeitet 02.07.2026 05:16:34
Insufficient validation of untrusted input in Speech in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security sev...
CVE-2026-13857
- EPSS 0.19%
- Veröffentlicht 30.06.2026 23:17:00
- Zuletzt bearbeitet 01.07.2026 15:38:41
Inappropriate implementation in Geometry in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)