CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2026-13989
Medium

An inappropriate implementation in PageInfo in Google Chrome prior to 150.0.7871.47 allows a remote attacker who has compromised the renderer process to perform UI spoofing via a crafted HTML page.

CVE-2026-13988
Medium

A vulnerability in the Paint component of Google Chrome prior to version 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. The issue stems from an inappropriate implementation in the graphics rendering mechanism.

CVE-2026-13987
Medium

A vulnerability in Google Chrome on Android prior to version 150.0.7871.47 allows a remote attacker to perform UI spoofing via a crafted HTML page. The issue stems from incorrect security UI in mobile mode.

CVE-2026-13986
Medium

An inappropriate implementation in the Media UI component of Google Chrome on ChromeOS prior to version 150.0.7871.47 allowed a remote attacker, after convincing a user to perform specific UI gestures, to conduct UI spoofing via a crafted HTML page.

CVE-2026-13985
Medium

An inappropriate implementation in MediaCapture in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. The issue is rated as medium severity.

CVE-2026-13984
Medium

A vulnerability in the TabStrip component of Google Chrome prior to version 150.0.7871.47 allows a remote attacker to perform UI spoofing via a crafted HTML page. The issue is due to incorrect security UI handling.

CVE-2026-13983
Medium

An inappropriate implementation in Chrome for iOS prior to version 150.0.7871.47 allowed a remote attacker, after convincing a user to perform specific UI gestures, to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

CVE-2026-13982
Low

In Google Chrome prior to version 150.0.7871.47, an incorrect security UI in the Passwords feature allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page.

CVE-2026-13981
Medium

An inappropriate implementation in Chrome for iOS prior to version 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. The issue stems from a flaw in the browser's implementation.

CVE-2026-13980
Medium

A vulnerability in Chrome for iOS prior to version 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. The issue stems from inappropriate implementation in the browser.

CVE-2026-13979
Medium

An inappropriate implementation in the Paint component of Google Chrome prior to version 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. The issue stems from improper handling of Paint functionality.

CVE-2026-13978
Medium

Insufficient policy enforcement in PageInfo in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page.

CVE-2026-13977
Medium

In Google Chrome prior to version 150.0.7871.47, an inappropriate implementation in HTMLParser allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.

CVE-2026-13976
Medium

Insufficient data validation in the Storage component in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

CVE-2026-13975
Medium

An out-of-bounds read vulnerability in the ANGLE component of Google Chrome on Mac allows a remote attacker who has compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page.

CVE-2026-13974
High

An integer overflow in Safe Browsing in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a malicious file.

CVE-2026-13973
Medium

Inappropriate implementation in UI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page.

CVE-2026-13972
Medium

Inappropriate implementation in the Paint component in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

CVE-2026-13971
Medium

An uninitialized use vulnerability in Skia in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page.

CVE-2026-13970
Medium

An uninitialized use vulnerability in the Media component of Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to read potentially sensitive information from process memory via a crafted HTML page.

PreviousPage 75 of 4469Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS