CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.07)
An inappropriate implementation in PageInfo in Google Chrome prior to 150.0.7871.47 allows a remote attacker who has compromised the renderer process to perform UI spoofing via a crafted HTML page.
A vulnerability in the Paint component of Google Chrome prior to version 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. The issue stems from an inappropriate implementation in the graphics rendering mechanism.
A vulnerability in Google Chrome on Android prior to version 150.0.7871.47 allows a remote attacker to perform UI spoofing via a crafted HTML page. The issue stems from incorrect security UI in mobile mode.
An inappropriate implementation in the Media UI component of Google Chrome on ChromeOS prior to version 150.0.7871.47 allowed a remote attacker, after convincing a user to perform specific UI gestures, to conduct UI spoofing via a crafted HTML page.
An inappropriate implementation in MediaCapture in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. The issue is rated as medium severity.
A vulnerability in the TabStrip component of Google Chrome prior to version 150.0.7871.47 allows a remote attacker to perform UI spoofing via a crafted HTML page. The issue is due to incorrect security UI handling.
An inappropriate implementation in Chrome for iOS prior to version 150.0.7871.47 allowed a remote attacker, after convincing a user to perform specific UI gestures, to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
In Google Chrome prior to version 150.0.7871.47, an incorrect security UI in the Passwords feature allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page.
An inappropriate implementation in Chrome for iOS prior to version 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. The issue stems from a flaw in the browser's implementation.
A vulnerability in Chrome for iOS prior to version 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. The issue stems from inappropriate implementation in the browser.
An inappropriate implementation in the Paint component of Google Chrome prior to version 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. The issue stems from improper handling of Paint functionality.
Insufficient policy enforcement in PageInfo in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page.
In Google Chrome prior to version 150.0.7871.47, an inappropriate implementation in HTMLParser allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.
Insufficient data validation in the Storage component in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
An out-of-bounds read vulnerability in the ANGLE component of Google Chrome on Mac allows a remote attacker who has compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page.
An integer overflow in Safe Browsing in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a malicious file.
Inappropriate implementation in UI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page.
Inappropriate implementation in the Paint component in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
An uninitialized use vulnerability in Skia in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page.
An uninitialized use vulnerability in the Media component of Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to read potentially sensitive information from process memory via a crafted HTML page.

