CVE-2026-11164
- EPSS 0.28%
- Veröffentlicht 04.06.2026 23:05:26
- Zuletzt bearbeitet 05.06.2026 20:45:39
Use after free in Blink in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-11165
- EPSS 0.23%
- Veröffentlicht 04.06.2026 23:05:26
- Zuletzt bearbeitet 09.06.2026 14:24:09
Use after free in WebMIDI in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-11161
- EPSS 0.15%
- Veröffentlicht 04.06.2026 23:05:25
- Zuletzt bearbeitet 08.06.2026 14:39:00
Inappropriate implementation in DataTransfer in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-11162
- EPSS 0.19%
- Veröffentlicht 04.06.2026 23:05:25
- Zuletzt bearbeitet 08.06.2026 14:38:41
Inappropriate implementation in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-11158
- EPSS 0.08%
- Veröffentlicht 04.06.2026 23:05:24
- Zuletzt bearbeitet 08.06.2026 14:45:29
Insufficient validation of untrusted input in Downloads in Google Chrome on Mac prior to 149.0.7827.53 allowed a local attacker to potentially perform a sandbox escape via a crafted AppleScript command. (Chromium security severity: Medium)
CVE-2026-11159
- EPSS 0.2%
- Veröffentlicht 04.06.2026 23:05:24
- Zuletzt bearbeitet 08.06.2026 14:40:35
Uninitialized Use in Skia in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-11160
- EPSS 0.23%
- Veröffentlicht 04.06.2026 23:05:24
- Zuletzt bearbeitet 08.06.2026 14:39:43
Out of bounds read in Input in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-11156
- EPSS 0.15%
- Veröffentlicht 04.06.2026 23:05:23
- Zuletzt bearbeitet 08.06.2026 14:46:22
Inappropriate implementation in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-11157
- EPSS 0.12%
- Veröffentlicht 04.06.2026 23:05:23
- Zuletzt bearbeitet 08.06.2026 14:45:48
Script injection in Accessibility in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts or HTML (UXSS) via a crafted Chrome Extension. (Chromium security severity...
CVE-2026-11154
- EPSS 0.21%
- Veröffentlicht 04.06.2026 23:05:22
- Zuletzt bearbeitet 08.06.2026 14:55:58
Use after free in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)