CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.01)
An inappropriate implementation in Navigation in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Insufficient validation of untrusted input in Dawn in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Insufficient validation of untrusted input in the Media component in Google Chrome on Windows prior to version 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Insufficient policy enforcement in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Insufficient policy enforcement in Serial in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
A type confusion vulnerability in the ANGLE component in Google Chrome prior to version 150.0.7871.47 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. The issue is rated as medium severity.
A race condition in USB handling in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
A Use-After-Free vulnerability in USB implementation in Google Chrome on Mac (prior to 150.0.7871.47) allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
A Use-After-Free vulnerability in the Bluetooth component of Google Chrome on Mac prior to version 150.0.7871.47 allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to potentially perform a sandbox escape via a malicious file.
A Use-After-Free vulnerability in the Device component of Google Chrome on Windows prior to version 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. The issue is rated as Medium severity in Chromium.
A Use-After-Free vulnerability in the Core component of Google Chrome prior to 150.0.7871.47 allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. The issue has a medium severity rating according to Chromium.
Inappropriate implementation in the ANGLE component in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
A Use-After-Free vulnerability in the Ozone component of Google Chrome on Linux prior to version 150.0.7871.47 allows a remote attacker who has compromised the renderer process to potentially escape the sandbox via a crafted HTML page. The issue has a high Chromium security severity.
A Use-After-Free vulnerability in the Journeys component of Google Chrome prior to version 150.0.7871.47 allows a remote attacker who has compromised the renderer process to potentially escape the sandbox via a crafted HTML page.
Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.47 allows a local attacker to bypass discretionary access control via a crafted HTML page.
Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to bypass discretionary access control via a crafted HTML page.
A Use-After-Free vulnerability in USB implementation in Google Chrome on Mac (prior to 150.0.7871.47) allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Insufficient validation of untrusted input in Chrome for iOS prior to version 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
A heap buffer overflow in Chromecast in Google Chrome prior to 150.0.7871.47 allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

