CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2026-14017
Critical

An inappropriate implementation in Navigation in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

CVE-2026-13934
Critical

Insufficient validation of untrusted input in Dawn in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

CVE-2026-13920
Critical

Insufficient validation of untrusted input in the Media component in Google Chrome on Windows prior to version 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

CVE-2026-13909
Critical

Insufficient policy enforcement in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

CVE-2026-13901
Critical

Insufficient policy enforcement in Serial in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

CVE-2026-13883
Critical

A type confusion vulnerability in the ANGLE component in Google Chrome prior to version 150.0.7871.47 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. The issue is rated as medium severity.

CVE-2026-13882
Critical

A race condition in USB handling in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

CVE-2026-13880
Critical

A Use-After-Free vulnerability in USB implementation in Google Chrome on Mac (prior to 150.0.7871.47) allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

CVE-2026-13878
Critical

A Use-After-Free vulnerability in the Bluetooth component of Google Chrome on Mac prior to version 150.0.7871.47 allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

CVE-2026-13872
Critical

Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to potentially perform a sandbox escape via a malicious file.

CVE-2026-13869
Critical

A Use-After-Free vulnerability in the Device component of Google Chrome on Windows prior to version 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. The issue is rated as Medium severity in Chromium.

CVE-2026-13861
Critical

A Use-After-Free vulnerability in the Core component of Google Chrome prior to 150.0.7871.47 allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. The issue has a medium severity rating according to Chromium.

CVE-2026-13859
Critical

Inappropriate implementation in the ANGLE component in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

CVE-2026-13854
Critical

A Use-After-Free vulnerability in the Ozone component of Google Chrome on Linux prior to version 150.0.7871.47 allows a remote attacker who has compromised the renderer process to potentially escape the sandbox via a crafted HTML page. The issue has a high Chromium security severity.

CVE-2026-13853
Critical

A Use-After-Free vulnerability in the Journeys component of Google Chrome prior to version 150.0.7871.47 allows a remote attacker who has compromised the renderer process to potentially escape the sandbox via a crafted HTML page.

CVE-2026-13852
Critical

Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.47 allows a local attacker to bypass discretionary access control via a crafted HTML page.

CVE-2026-13851
Critical

Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to bypass discretionary access control via a crafted HTML page.

CVE-2026-13846
Critical

A Use-After-Free vulnerability in USB implementation in Google Chrome on Mac (prior to 150.0.7871.47) allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

CVE-2026-13843
Critical

Insufficient validation of untrusted input in Chrome for iOS prior to version 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

CVE-2026-13798
Critical

A heap buffer overflow in Chromecast in Google Chrome prior to 150.0.7871.47 allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

PreviousPage 7 of 554Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS