CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.10)

CVE-2026-13983
Medium

An inappropriate implementation in Chrome for iOS prior to version 150.0.7871.47 allowed a remote attacker, after convincing a user to perform specific UI gestures, to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

CVE-2026-13982
Low

In Google Chrome prior to version 150.0.7871.47, an incorrect security UI in the Passwords feature allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page.

CVE-2026-13981
Medium

An inappropriate implementation in Chrome for iOS prior to version 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. The issue stems from a flaw in the browser's implementation.

CVE-2026-13980
Medium

A vulnerability in Chrome for iOS prior to version 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. The issue stems from inappropriate implementation in the browser.

CVE-2026-13979
Medium

An inappropriate implementation in the Paint component of Google Chrome prior to version 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. The issue stems from improper handling of Paint functionality.

CVE-2026-13978
Medium

Insufficient policy enforcement in PageInfo in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page.

CVE-2026-13977
Medium

In Google Chrome prior to version 150.0.7871.47, an inappropriate implementation in HTMLParser allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.

CVE-2026-13976
Medium

Insufficient data validation in the Storage component in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

CVE-2026-13975
Medium

An out-of-bounds read vulnerability in the ANGLE component of Google Chrome on Mac allows a remote attacker who has compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page.

CVE-2026-13974
High

An integer overflow in Safe Browsing in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a malicious file.

CVE-2026-13973
Medium

Inappropriate implementation in UI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page.

CVE-2026-13972
Medium

Inappropriate implementation in the Paint component in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

CVE-2026-13971
Medium

An uninitialized use vulnerability in Skia in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page.

CVE-2026-13970
Medium

An uninitialized use vulnerability in the Media component of Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to read potentially sensitive information from process memory via a crafted HTML page.

CVE-2026-13969
Medium

In Google Chrome on Android prior to version 150.0.7871.47, an uninitialized use in the UI was discovered. A remote attacker who had compromised the renderer process could exploit a crafted HTML page to obtain potentially sensitive information from process memory.

CVE-2026-13968
High

Insufficient validation of untrusted input in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a malicious file.

CVE-2026-13967
High

A heap buffer overflow in V8 in Google Chrome prior to 150.0.7871.47 allows a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

CVE-2026-13966
Medium

Inappropriate implementation in History in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page.

CVE-2026-13965
High

A use-after-free vulnerability was found in the Oilpan component of Google Chrome prior to version 150.0.7871.47. A remote attacker can exploit a crafted HTML page to execute arbitrary code inside a sandbox.

CVE-2026-13964
Medium

Insufficient policy enforcement in WebView in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. The issue is due to inadequate security policy enforcement.

PreviousPage 116 of 4565Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS