CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.10)
Integer overflow in WebView in Google Chrome on Android prior to version 149.0.7827.53 allowed a local attacker to cause a denial of service via a malicious file.
A side-channel information leakage vulnerability in Paint in Google Chrome prior to version 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Insufficient policy enforcement in CSS in Google Chrome prior to version 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Insufficient policy enforcement in Navigation in Google Chrome on Android prior to version 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.
Insufficient validation of untrusted input in Wallet in Google Chrome prior to version 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page.
Inappropriate implementation in Chrome for iOS prior to version 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page.
In Google Chrome prior to version 149.0.7827.53, a side-channel information leakage vulnerability in PerformanceAPIs allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Insufficient validation of untrusted input in Shortcuts in Google Chrome on Mac prior to version 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a malicious file.
Integer overflow in Chromoting in Google Chrome on Windows prior to version 149.0.7827.53 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted ETW event.
Inappropriate implementation in Signin in Google Chrome on iOS prior to version 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page.
Inappropriate implementation in CustomTabs in Google Chrome on Android prior to version 149.0.7827.53 allowed a local attacker to leak cross-origin data via a crafted HTML page.
Insufficient policy enforcement in Chrome for iOS prior to version 149.0.7827.53 allows a remote attacker to bypass access control via a crafted HTML page.
Nieodpowiednia implementacja w funkcji Cast w Google Chrome przed wersją 149.0.7827.53 umożliwiała atakującemu w lokalnym segmencie sieci obejście kontrolowania dostępu poprzez złośliwy ruch sieciowy.
Inappropriate implementation in Page Info in Google Chrome on Android prior to version 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.
Inappropriate implementation in DOM Distiller in Google Chrome on iOS prior to version 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
Insufficient validation of untrusted input in Omnibox in Google Chrome prior to version 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.
Inappropriate implementation in Passwords in Google Chrome prior to version 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page.
Inappropriate implementation in UI in Google Chrome on Android prior to version 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
In Google Chrome on Windows prior to version 149.0.7827.53, there is an uninitialized use in ANGLE that allows a remote attacker to leak cross-origin data via a crafted HTML page.
Insufficient policy enforcement in Extensions in Google Chrome prior to version 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension.

