CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.16)
Insufficient data validation in PDF in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.
Insufficient validation of untrusted input in DevTools in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentially sensitive information from process memory via a crafted HTML page.
An inappropriate implementation in Passwords in Google Chrome prior to 150.0.7871.47 allows a remote attacker to perform UI spoofing via a crafted HTML page.
Insufficient validation of untrusted input in Blink in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
An uninitialized use vulnerability in codecs within Google Chrome on Windows prior to version 150.0.7871.47 allows a remote attacker to read potentially sensitive information from process memory via a crafted HTML page.
In Google Chrome prior to version 150.0.7871.47, incorrect security UI in Extensions allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.
An incorrect security UI in PageInfo in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page.
Insufficient validation of untrusted input in CustomTabs in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to perform UI spoofing via a malicious file.
Insufficient policy enforcement in XML in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
An inappropriate implementation in SplitView in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.
An inappropriate implementation in PerformanceAPIs in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Insufficient policy enforcement for USB in Google Chrome prior to 150.0.7871.47 allows a remote attacker who compromised the renderer process to potentially escape the sandbox via a crafted HTML page.
An uninitialized use vulnerability in the GPU component of Google Chrome prior to version 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page.
Insufficient policy enforcement in Payments in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
Insufficient policy enforcement in Extensions in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension.
An uninitialized use vulnerability in the XR component of Google Chrome prior to version 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page.
An inappropriate implementation in ScriptInjections in Google Chrome on iOS before version 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. The issue has been fixed in the mentioned version.
Insufficient policy enforcement in Extensions in Google Chrome on Linux prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension.
In Google Chrome on Mac prior to version 150.0.7871.47, an inappropriate implementation in the DataTransfer component allowed a remote attacker who convinced a user to perform specific UI gestures to leak cross-origin data via a crafted HTML page.
An uninitialized use vulnerability in CSS in Google Chrome on Android prior to 150.0.7871.47 allows a remote attacker to read potentially sensitive data from process memory via a crafted HTML page.

