CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.10)
W Google Chrome przed wersją 149.0.7827.53 wystąpił błąd odczytu poza zakresem w GWP-ASan, który umożliwił lokalnemu atakującemu uzyskanie potencjalnie wrażliwych informacji z pamięci procesu za pomocą złośliwego pliku.
Inappropriate implementation in SVG in Google Chrome prior to version 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Inappropriate implementation in Media Session in Google Chrome prior to version 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
Inappropriate implementation in SVG in Google Chrome prior to version 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Insufficient policy enforcement in WebView in Google Chrome on Android prior to version 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Inappropriate implementation in Media in Google Chrome prior to version 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Inappropriate implementation in Site Isolation in Google Chrome prior to version 149.0.7827.53 allowed a remote attacker who compromised the renderer process to bypass site isolation via a crafted HTML page.
Inappropriate implementation in Extensions in Google Chrome prior to version 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page.
Inappropriate implementation in SVG in Google Chrome prior to version 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.
Inappropriate implementation in CSS in Google Chrome prior to version 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Inappropriate implementation in DataTransfer in Google Chrome prior to version 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
In Google Chrome on Linux prior to version 149.0.7827.53, an out of bounds read in the Input module allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
Uninitialized Use in Skia in Google Chrome prior to version 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
In Google Chrome prior to version 149.0.7827.53, there was a script injection vulnerability in the accessibility feature. An attacker could convince a user to install a malicious extension, allowing the injection of arbitrary scripts or HTML.
Inappropriate implementation in CSS in Google Chrome prior to version 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Inappropriate implementation in CSS in Google Chrome prior to version 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Inappropriate implementation in XML in Google Chrome prior to version 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.
Inappropriate implementation in Payments in Google Chrome on Android prior to version 149.0.7827.53 allowed a local attacker to leak cross-origin data via a crafted HTML page.
A race condition in Geolocation in Google Chrome on Android prior to version 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
An out of bounds read in Extensions in Google Chrome on Linux prior to version 149.0.7827.53 allowed an attacker to obtain potentially sensitive information from process memory via a malicious Chrome Extension.

