CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2026-13891
High

Insufficient validation of untrusted input in Extensions in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page.

CVE-2026-13888
High

A use-after-free vulnerability in Extensions in Google Chrome prior to 150.0.7871.47 allows a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

CVE-2026-13885
High

A use-after-free vulnerability in Skia in Google Chrome on Android prior to 150.0.7871.47 allows a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

CVE-2026-13884
High

An integer overflow in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a local attacker to execute arbitrary code via malicious network traffic.

CVE-2026-13870
High

A use-after-free vulnerability in WebView in Google Chrome on Android prior to 150.0.7871.47 allows a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

CVE-2026-13864
High

Insufficient policy enforcement in WebHID in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to perform privilege escalation via a crafted Chrome Extension.

CVE-2026-13863
High

Insufficient validation of untrusted input in CustomTabs in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to perform privilege escalation via a malicious file.

CVE-2026-13856
High

Insufficient validation of untrusted input in the Speech component in Google Chrome on Android prior to version 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page.

CVE-2026-13855
High

A use-after-free vulnerability was found in the Ozone component of Google Chrome on Linux prior to version 150.0.7871.47. A remote attacker, by convincing a user to perform specific UI gestures, can execute arbitrary code via a crafted HTML page.

CVE-2026-13850
High

Insufficient validation of untrusted input in Chrome for iOS prior to version 150.0.7871.47 allows a local attacker to execute arbitrary code inside a sandbox via a malicious file.

CVE-2026-13849
High

Insufficient validation of untrusted input in Chromoting in Google Chrome on Windows prior to 150.0.7871.47 allowed a local attacker to potentially perform a sandbox escape via a malicious file.

CVE-2026-13848
High

A Use-After-Free vulnerability in the Forms component of Google Chrome prior to 150.0.7871.47 allows a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

CVE-2026-13845
High

A use-after-free vulnerability in the DOM component of Google Chrome prior to version 150.0.7871.47 was discovered. A remote attacker can exploit a crafted HTML page to execute arbitrary code within a sandbox.

CVE-2026-13844
High

A use-after-free vulnerability in the Updater component of Google Chrome on Windows prior to version 150.0.7871.47 allows a local attacker to perform OS-level privilege escalation via a malicious file.

CVE-2026-13841
High

An integer overflow in Skia in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

CVE-2026-13835
High

An inappropriate implementation in XML in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. The issue is rated as high severity.

CVE-2026-13834
High

Insufficient validation of untrusted input in the ANGLE component in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. The vulnerability has a Chromium security severity of High.

CVE-2026-13832
High

A Use-After-Free vulnerability in the Headless component of Google Chrome prior to version 150.0.7871.47 allows a remote attacker who has compromised the renderer process to potentially escape the sandbox via a crafted HTML page.

CVE-2026-13831
High

An out-of-bounds read and write vulnerability in the GPU of Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page.

CVE-2026-13830
High

A Use-After-Free vulnerability in the Chromoting component of Google Chrome on Linux prior to version 150.0.7871.47 allows a remote attacker to execute arbitrary code via malicious network traffic. The issue is rated as High severity by the Chromium security team.

PreviousPage 24 of 3334Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS