CVE-2026-10017
- EPSS 0.19%
- Veröffentlicht 28.05.2026 22:25:56
- Zuletzt bearbeitet 03.06.2026 02:30:29
Out of bounds read in Headless in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-10018
- EPSS 0.19%
- Veröffentlicht 28.05.2026 22:25:56
- Zuletzt bearbeitet 29.05.2026 18:16:30
Integer overflow in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-10013
- EPSS 0.32%
- Veröffentlicht 28.05.2026 22:25:55
- Zuletzt bearbeitet 01.06.2026 17:22:23
Use after free in WebCodecs in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVE-2026-10014
- EPSS 0.19%
- Veröffentlicht 28.05.2026 22:25:55
- Zuletzt bearbeitet 01.06.2026 18:45:22
Use after free in WebMIDI in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CVE-2026-10015
- EPSS 0.25%
- Veröffentlicht 28.05.2026 22:25:55
- Zuletzt bearbeitet 01.06.2026 15:26:03
Integer overflow in WTF in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
- EPSS 0.13%
- Veröffentlicht 28.05.2026 22:25:54
- Zuletzt bearbeitet 03.06.2026 02:31:06
Inappropriate implementation in Input in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)
CVE-2026-10011
- EPSS 0.16%
- Veröffentlicht 28.05.2026 22:25:54
- Zuletzt bearbeitet 03.06.2026 02:30:55
Inappropriate implementation in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
CVE-2026-10012
- EPSS 0.17%
- Veröffentlicht 28.05.2026 22:25:54
- Zuletzt bearbeitet 29.05.2026 17:17:22
Use after free in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CVE-2026-10007
- EPSS 0.25%
- Veröffentlicht 28.05.2026 22:25:53
- Zuletzt bearbeitet 01.06.2026 15:17:43
Use after free in SVG in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVE-2026-10008
- EPSS 0.22%
- Veröffentlicht 28.05.2026 22:25:53
- Zuletzt bearbeitet 03.06.2026 02:31:25
Uninitialized Use in GPU in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)