CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.10)
An inappropriate implementation in Chrome for iOS prior to version 150.0.7871.47 allowed a remote attacker, after convincing a user to perform specific UI gestures, to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
In Google Chrome prior to version 150.0.7871.47, an incorrect security UI in the Passwords feature allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page.
An inappropriate implementation in Chrome for iOS prior to version 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. The issue stems from a flaw in the browser's implementation.
A vulnerability in Chrome for iOS prior to version 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. The issue stems from inappropriate implementation in the browser.
An inappropriate implementation in the Paint component of Google Chrome prior to version 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. The issue stems from improper handling of Paint functionality.
Insufficient policy enforcement in PageInfo in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page.
In Google Chrome prior to version 150.0.7871.47, an inappropriate implementation in HTMLParser allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.
Insufficient data validation in the Storage component in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
An out-of-bounds read vulnerability in the ANGLE component of Google Chrome on Mac allows a remote attacker who has compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page.
An integer overflow in Safe Browsing in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a malicious file.
Inappropriate implementation in UI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page.
Inappropriate implementation in the Paint component in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
An uninitialized use vulnerability in Skia in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page.
An uninitialized use vulnerability in the Media component of Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to read potentially sensitive information from process memory via a crafted HTML page.
In Google Chrome on Android prior to version 150.0.7871.47, an uninitialized use in the UI was discovered. A remote attacker who had compromised the renderer process could exploit a crafted HTML page to obtain potentially sensitive information from process memory.
Insufficient validation of untrusted input in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a malicious file.
A heap buffer overflow in V8 in Google Chrome prior to 150.0.7871.47 allows a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Inappropriate implementation in History in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page.
A use-after-free vulnerability was found in the Oilpan component of Google Chrome prior to version 150.0.7871.47. A remote attacker can exploit a crafted HTML page to execute arbitrary code inside a sandbox.
Insufficient policy enforcement in WebView in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. The issue is due to inadequate security policy enforcement.

