CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.16)

CVE-2026-13962
Medium

Insufficient data validation in PDF in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.

CVE-2026-13961
Medium

Insufficient validation of untrusted input in DevTools in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentially sensitive information from process memory via a crafted HTML page.

CVE-2026-13960
Medium

An inappropriate implementation in Passwords in Google Chrome prior to 150.0.7871.47 allows a remote attacker to perform UI spoofing via a crafted HTML page.

CVE-2026-13959
Medium

Insufficient validation of untrusted input in Blink in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page.

CVE-2026-13958
Medium

An uninitialized use vulnerability in codecs within Google Chrome on Windows prior to version 150.0.7871.47 allows a remote attacker to read potentially sensitive information from process memory via a crafted HTML page.

CVE-2026-13957
Medium

In Google Chrome prior to version 150.0.7871.47, incorrect security UI in Extensions allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.

CVE-2026-13956
Medium

An incorrect security UI in PageInfo in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page.

CVE-2026-13955
Low

Insufficient validation of untrusted input in CustomTabs in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to perform UI spoofing via a malicious file.

CVE-2026-13954
Medium

Insufficient policy enforcement in XML in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

CVE-2026-13953
Medium

An inappropriate implementation in SplitView in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.

CVE-2026-13952
Medium

An inappropriate implementation in PerformanceAPIs in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVE-2026-13951
High

Insufficient policy enforcement for USB in Google Chrome prior to 150.0.7871.47 allows a remote attacker who compromised the renderer process to potentially escape the sandbox via a crafted HTML page.

CVE-2026-13950
Medium

An uninitialized use vulnerability in the GPU component of Google Chrome prior to version 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page.

CVE-2026-13949
Medium

Insufficient policy enforcement in Payments in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

CVE-2026-13948
Low

Insufficient policy enforcement in Extensions in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension.

CVE-2026-13947
Medium

An uninitialized use vulnerability in the XR component of Google Chrome prior to version 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page.

CVE-2026-13946
Medium

An inappropriate implementation in ScriptInjections in Google Chrome on iOS before version 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. The issue has been fixed in the mentioned version.

CVE-2026-13945
Low

Insufficient policy enforcement in Extensions in Google Chrome on Linux prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension.

CVE-2026-13944
Low

In Google Chrome on Mac prior to version 150.0.7871.47, an inappropriate implementation in the DataTransfer component allowed a remote attacker who convinced a user to perform specific UI gestures to leak cross-origin data via a crafted HTML page.

CVE-2026-13943
Medium

An uninitialized use vulnerability in CSS in Google Chrome on Android prior to 150.0.7871.47 allows a remote attacker to read potentially sensitive data from process memory via a crafted HTML page.

PreviousPage 246 of 4711Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS