CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.01)
A vulnerability in WebXR in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. The issue stems from inappropriate implementation in WebXR.
Insufficient validation of untrusted input in WebAppInstalls in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page.
An incorrect security UI in the Omnibox of Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. The issue is rated as low severity.
In Google Chrome on Android prior to version 150.0.7871.47, an inappropriate implementation in PreviewTab allowed a remote attacker, by convincing a user to perform specific UI gestures, to perform UI spoofing via a crafted HTML page.
An inappropriate implementation in Chrome for iOS prior to version 150.0.7871.47 allowed a remote attacker to spoof the Omnibox (URL bar) contents via a crafted HTML page. The issue stems from improper handling in the browser.
An inappropriate implementation in the Printing module of Google Chrome prior to version 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. The vulnerability has a Chromium security severity of Low.
In Google Chrome on Android prior to version 150.0.7871.47, an incorrect security UI allows a remote attacker to perform domain spoofing via a crafted HTML page.
An uninitialized use vulnerability in the ANGLE component of Google Chrome prior to version 150.0.7871.47 allows a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
A vulnerability in Chrome for iOS prior to version 150.0.7871.47 allowed a remote attacker to spoof the Omnibox (URL bar) contents via a crafted HTML page due to incorrect security UI.
A type confusion vulnerability in Bluetooth within Google Chrome on Windows (prior to version 150.0.7871.47) allows an attacker on the local network segment to obtain potentially sensitive information from process memory via a malicious peripheral. The issue is rated as Low severity by the Chromium team.
Insufficient data validation in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker, after convincing a user to perform specific UI gestures, to leak cross-origin data via a crafted HTML page.
Insufficient validation of untrusted input in DevTools in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentially sensitive information from process memory via a crafted HTML page.
Insufficient validation of untrusted input in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page.
An inappropriate implementation in the Enterprise component in Google Chrome prior to 150.0.7871.47 allowed a remote attacker, after convincing a user to perform specific UI gestures, to obtain potentially sensitive information from process memory via a crafted HTML page.
An inappropriate implementation in DarkMode in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. The issue is rated as Low severity by the Chromium team.
Insufficient policy enforcement in Speech in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
A use-after-free vulnerability exists in the SSL component of Google Chrome on ChromeOS prior to version 150.0.7871.47. A remote attacker can exploit a crafted HTML page to obtain potentially sensitive information from process memory.
Insufficient data validation in NetworkCache in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. The issue is rated as low severity.
An inappropriate implementation in Input in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page.

