Skip to main content
CVE-2026-11201 HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 149.0.7827.53 stems from a use-after-free condition in the ServiceWorker component that can be triggered by a malicious browser extension. An attacker who convinces a user to install a crafted Chrome Extension can achieve arbitrary code execution within the renderer context. No public exploit has been identified at time of analysis and EPSS exploitation probability is very low at 0.01%, but the high CVSS score (8.8) reflects the severe potential impact.

Google Memory Corruption RCE Use After Free Denial Of Service +3
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-10923 HIGH PATCH This Week

Arbitrary code execution in Google Chrome for Android prior to 149.0.7827.53 stems from a use-after-free flaw in the WebAppInstalls component, triggered when a victim opens a malicious file. Although the CVSS vector lists a network attack vector with high impact across confidentiality, integrity, and availability, exploitation requires user interaction and no public exploit identified at time of analysis. EPSS probability is very low (0.01%) and SSVC indicates no observed exploitation, suggesting the immediate threat is limited despite the High severity rating from Chromium.

Google Memory Corruption RCE Use After Free Denial Of Service +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-11092 HIGH PATCH This Week

Privilege escalation in Google Chrome DevTools versions prior to 149.0.7827.53 allows attackers to abuse insufficient policy enforcement through a malicious browser extension. The flaw requires user interaction to install a crafted extension, after which the attacker can gain elevated privileges within the browser context. No public exploit identified at time of analysis, and EPSS scoring (0.01%) indicates very low near-term exploitation probability despite the high CVSS rating.

Google Privilege Escalation Chrome
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-10926 HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 149.0.7827.53 allows an attacker on the same local network segment (adjacent network) to execute arbitrary code by sending malicious traffic to the browser's Cast component. The flaw stems from a use-after-free memory corruption issue in the Cast feature (used for media streaming to devices like Chromecast) and is rated High severity by Chromium with a CVSS score of 8.8. No public exploit identified at time of analysis, though a vendor patch has been released.

Google Memory Corruption RCE Use After Free Denial Of Service +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-10888 HIGH PATCH This Week

Remote code execution in Google Chrome's Cast Streaming component (versions prior to 149.0.7827.53) allows an attacker on the same local network segment to execute arbitrary code by sending malicious network traffic to a vulnerable browser. The flaw is rated Critical by the Chromium project and carries a CVSS 3.1 score of 8.8, with no public exploit identified at time of analysis.

Google Memory Corruption RCE Use After Free Denial Of Service +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-10890 HIGH PATCH This Week

Heap corruption in Google Chrome's Cast component prior to version 149.0.7827.53 allows adjacent-network attackers to trigger a use-after-free condition through crafted network traffic, potentially leading to arbitrary code execution within the renderer. Chromium rates the underlying severity as Critical, and no public exploit identified at time of analysis, though the AV:A vector means any attacker sharing the victim's LAN or Wi-Fi segment can attempt exploitation without authentication or user interaction.

Denial Of Service Use After Free Memory Corruption Google Red Hat +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-43985 HIGH PATCH This Week

Cross-site request forgery in Tautulli versions prior to 2.17.1 allows remote attackers to hijack administrator accounts by tricking an authenticated admin into visiting a malicious page. The `/configUpdate` endpoint accepts state-changing requests without enforcing POST or validating anti-CSRF tokens, and because the session cookie uses SameSite=Lax it remains attached to top-level cross-site navigations. No public exploit identified at time of analysis, but the fix is explicitly called out in the v2.17.1 release notes.

CSRF Python
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-5228 HIGH This Week

Authorization bypass in Kurt Software Studio WriteUp Mobile App versions 1.3.0 through 04062026 allows authenticated users to access functionality outside their permitted scope, leading to high confidentiality, integrity, and availability impact. The flaw, reported by Turkey's national CERT (TR-CERT), stems from missing ACL enforcement on application functions reachable over the network with low privileges. No public exploit identified at time of analysis, and the CVE is not listed in CISA KEV.

Authentication Bypass Writeup Mobile App
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-49193 HIGH This Week

Public exposure of telemetry data affects Acer Connect M6E 5G Portable WiFi Router, where misconfigured cloud storage containers leave active device telemetry readable from the internet without authentication. Remote unauthenticated parties can harvest sensitive operational data per the CVSS 4.0 vector (AV:N/PR:N/UI:N, VC:H), and no public exploit identified at time of analysis. The 8.7 CVSS score reflects the high confidentiality impact even though integrity and availability are unaffected.

Information Disclosure Connect M6E 5G Portable Wifi Router
NVD VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-49187 HIGH This Week

Information disclosure in the Acer Connect M6E 5G Portable WiFi Router (firmware versions up to and including M6E_AI_1.00.000019) stems from hard-coded, non-expiring credentials embedded in the companion APK that are shared across all deployments. Remote attackers can extract these static secrets from any copy of the application and use them to access sensitive router data without authentication, and no public exploit identified at time of analysis.

Information Disclosure Connect M6E 5G Portable Wifi Router
NVD VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-50213 HIGH This Week

Mass user data harvesting on the Acer Connect M6E 5G Portable WiFi Router is possible because the unauthenticated /v1/User/validate endpoint returns full user profile sheets keyed by predictable identifier strings. Remote attackers can iterate through identifiers to scrape every account's profile data without credentials, and no public exploit identified at time of analysis though the trivial attack pattern makes weaponization straightforward.

Authentication Bypass Connect M6E 5G Portable Wifi Router
NVD VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-49188 HIGH This Week

Unauthenticated root command execution affects the Acer Connect M6E 5G Portable WiFi Router through firmware M6E_AI_1.00.000019, where the ai_cmd utility runs with root privileges and passes socket input directly to popen(). Adjacent-network attackers (anyone on the WiFi or LAN segment) can issue arbitrary shell commands as root with no authentication. No public exploit identified at time of analysis, but the CVSS 4.0 score of 8.7 reflects high confidentiality, integrity, and availability impact on the device itself.

Information Disclosure Connect M6E 5G Portable Wifi Router
NVD VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-41010 HIGH PATCH This Week

Command injection in Cloud Foundry BOSH Director (all versions prior to v282.1.12) allows an authenticated release uploader to achieve arbitrary OS command execution on the Director by embedding shell metacharacters in the jobs[].name field of a release.MF manifest inside an uploaded tarball. The unsafe value flows from ReleaseJob#unpack into a /bin/sh -c invocation via Bosh::Common::Exec.sh, so payloads such as $(...) or ; are interpreted by the shell during release unpacking. No public exploit identified at time of analysis; no CISA KEV listing, but the Cloud Foundry Foundation has published an advisory and a fixed release.

Command Injection Bosh Director
NVD
CVSS 4.0
8.7
EPSS
0.0%
CVE-2025-8873 HIGH This Week

Denial of service in Arista EOS devices with IPsec configured allows remote unauthenticated attackers to halt all IPsec traffic processing by sending a specially crafted packet. The control plane's recovery attempt via pipeline reset may itself fail to restore traffic flow, producing a persistent outage of IPsec-protected communications until manual intervention. No public exploit identified at time of analysis, but the vulnerability was reported by an Arista customer, suggesting it was discovered through real-world operational impact rather than theoretical research.

Information Disclosure
NVD
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-41011 HIGH PATCH This Week

Command injection in Cloud Foundry BOSH versions prior to v282.1.12 allows an attacker who can upload a release tarball to execute arbitrary shell commands on the BOSH Director host by embedding shell metacharacters in the package name field of the release.MF manifest. The flaw stems from PackagePersister.validate_tgz interpolating the unsanitized name into a `tar -tf` invocation executed through `/bin/sh -c`, with model-level validation occurring only after the shell-out. No public exploit identified at time of analysis, and the bug is not listed in CISA KEV.

Command Injection Bosh
NVD VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-45432 HIGH This Week

Credential disclosure in GX Earth ONT (Optical Network Terminal) devices allows remote attackers positioned on the network path to capture administrative authentication material by sniffing the unencrypted HTTP web management interface. The flaw scores CVSS 4.0 8.7 (High) with CWE-319 (Cleartext Transmission of Sensitive Information), and no public exploit identified at time of analysis, though interception techniques are well-understood and trivial to execute on shared media.

Authentication Bypass
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-45431 HIGH This Week

Authenticated remote command injection in GX Earth ONT (Optical Network Terminal) devices allows attackers with valid web management credentials to execute arbitrary OS commands as root via multiple diagnostic functions in the device's web interface. The flaw, reported by CERT-In and tracked as CIVN-2026-0288, carries a CVSS 4.0 score of 8.7 (High) reflecting low attack complexity and high confidentiality, integrity, and availability impact. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.

RCE Command Injection
NVD
CVSS 4.0
8.7
EPSS
0.3%
CVE-2026-45433 HIGH This Week

Hardcoded RSA private key in GX Earth 2022 ONT (Optical Network Terminal) firmware allows remote attackers to extract the embedded cryptographic material and decrypt HTTPS sessions or perform man-in-the-middle attacks against device management traffic. CERT-In disclosed the issue (CIVN-2026-0288) affecting multiple GX India fiber ONT models and firmware versions, with no public exploit identified at time of analysis but SSVC flagging the flaw as fully automatable once the key is recovered.

Information Disclosure Gx Earth 2022 Gx Earth 1010
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-49186 HIGH This Week

Authentication bypass on the local MQTT broker of the Acer Connect M6E 5G Portable WiFi Router (firmware M6E_AI_1.00.000019 and earlier) allows any connected client to subscribe with wildcard topics (# or +) and either enumerate hidden network devices or publish rogue control commands. CVSS 4.0 rates this 8.6 (High) with network attack vector and high confidentiality/integrity/availability impact; no public exploit identified at time of analysis and the issue is not in CISA KEV.

Authentication Bypass Connect M6E 5G Portable Wifi Router
NVD VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2026-11158 HIGH PATCH This Week

Sandbox escape in Google Chrome on macOS prior to 149.0.7827.53 allows a local attacker to break out of the browser sandbox via a crafted AppleScript command targeting the Downloads component. The flaw stems from insufficient input validation (CWE-20) and is rated CVSS 8.6 due to scope change and high impact across confidentiality, integrity, and availability. No public exploit identified at time of analysis, and EPSS exploitation probability is very low at 0.02% (4th percentile).

Information Disclosure Google Chrome
NVD VulDB
CVSS 3.1
8.6
EPSS
0.0%
CVE-2026-50206 HIGH This Week

Command injection in Acer Connect M6E 5G Portable WiFi Router allows authenticated adjacent-network attackers to execute arbitrary OS commands by submitting VPN network profile configuration files containing unsanitized special characters. The CVSS 4.0 base score of 8.5 reflects high impact to confidentiality, integrity, and availability of the router, though exploitation requires high privileges and adjacent (not internet-facing) network access. No public exploit identified at time of analysis and the issue is not on the CISA KEV list.

Command Injection Connect M6E 5G Portable Wifi Router
NVD VulDB
CVSS 4.0
8.5
EPSS
0.3%
CVE-2025-12694 HIGH This Week

Local privilege escalation in Forcepoint VPN Client for Windows versions 6.11.3 and prior allows an authenticated low-privileged local user to elevate to SYSTEM. The flaw stems from execution with unnecessary privileges (CWE-250) and carries a CVSS 4.0 score of 8.5, but no public exploit identified at time of analysis. The vulnerability was reported and disclosed by Forcepoint PSIRT itself rather than a third party.

Microsoft Privilege Escalation Vpn Client
NVD VulDB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-50207 HIGH This Week

Local privilege abuse in the Acer Connect M6E 5G Portable WiFi Router lets installed applications smuggle raw AT commands across the Android system Binder boundary, where they are forwarded to the cellular baseband without verification. Up to and including firmware M6E_AI_1.00.000019, low-privileged local apps can read sensitive baseband files (IMSI, configuration blobs) and disable cellular connectivity, with no public exploit identified at time of analysis and no CISA KEV listing.

Path Traversal Connect M6E 5G Portable Wifi Router
NVD VulDB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-49189 HIGH This Week

Local privilege escalation in the Acer Connect M6E 5G Portable WiFi Router (firmware ≤M6E_AI_1.00.000019) allows low-privileged local software components to invoke administrative operations via an unprotected Broadcast Receiver. CVSS 4.0 scores this 8.5 (High) with local attack vector and low privileges required, and no public exploit has been identified at time of analysis.

Privilege Escalation Connect M6E 5G Portable Wifi Router
NVD VulDB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-10960 HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page exploiting an uninitialized memory use in the Codecs component. Google has rated this Chromium security severity as High, and no public exploit has been identified at time of analysis. The flaw requires chaining with a separate renderer compromise, but combined with a renderer RCE it enables full host code execution outside Chrome's sandbox.

Information Disclosure Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-10967 HIGH PATCH This Week

Sandbox escape in Google Chrome on Android prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the Chrome sandbox via a crafted HTML page that triggers a use-after-free in the SurfaceCapture component. The flaw is rated High severity by Chromium and carries a CVSS 3.1 score of 8.3 with scope change, reflecting that successful exploitation crosses the renderer/browser security boundary. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Denial Of Service Use After Free Memory Corruption Google Red Hat +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-10961 HIGH PATCH This Week

Sandbox escape in Google Chrome for iOS before 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page exploiting a use-after-free condition. The flaw is rated High severity by Chromium and has a CVSS score of 8.3, but no public exploit has been identified at time of analysis and it is not listed in CISA KEV. Successful exploitation typically requires chaining with a separate renderer-compromise primitive, raising the practical bar.

Google Memory Corruption Apple Use After Free Denial Of Service +3
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-10953 HIGH PATCH This Week

Sandbox escape in Google Chrome on Android versions prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. The flaw stems from a use-after-free condition in the Core component and is rated High severity by Chromium with a CVSS of 8.3. No public exploit identified at time of analysis, though the bug enables a critical post-exploitation chain step when paired with a renderer RCE.

Denial Of Service Use After Free Memory Corruption Google Chrome
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-10934 HIGH PATCH This Week

Sandbox escape in Google Chrome on Android prior to 149.0.7827.53 allows a remote attacker who already controls the renderer process to break out of the browser sandbox via a crafted HTML page that triggers a use-after-free in the Autofill component. Chromium rates the severity High and a vendor patch is available; no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Denial Of Service Use After Free Memory Corruption Google Red Hat +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-10933 HIGH PATCH This Week

Sandbox escape in Google Chrome on Windows before 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out via a use-after-free in the Audio component when a victim loads a crafted HTML page. Chromium rates the issue High severity and Google has shipped a stable-channel fix, but no public exploit identified at time of analysis and the bug is not listed in CISA KEV.

Google Memory Corruption Use After Free Microsoft Denial Of Service +3
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-10927 HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 149.0.7827.53 can be achieved by remote attackers who have already compromised the renderer process, leveraging an out-of-bounds read in the Dawn WebGPU implementation via a crafted HTML page. Google rates this as High severity and a vendor patch is available, though no public exploit has been identified at time of analysis. The bug is part of a multi-stage exploitation chain rather than a single-step RCE, but successful chaining yields full escape from Chrome's renderer sandbox.

Information Disclosure Google Buffer Overflow Red Hat Suse +1
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-10925 HIGH PATCH This Week

Sandbox escape in Google Chrome on macOS prior to 149.0.7827.53 lets a remote attacker who has already compromised the renderer process break out of the Chromium sandbox via a crafted HTML page that triggers an out-of-bounds write in Skia. Google rates the underlying Chromium issue High severity and a vendor patch is available, though no public exploit code has been identified at time of analysis.

Google Memory Corruption Buffer Overflow Red Hat Suse +1
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-10924 HIGH PATCH This Week

Sandbox escape in Google Chrome's Chromecast component prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. Rated High severity by the Chromium project with a CVSS of 8.3, the flaw requires a prior renderer compromise and user interaction, and no public exploit identified at time of analysis. Successful exploitation gives attackers code execution outside the renderer's restricted context, dramatically expanding impact on the host.

Google Buffer Overflow Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-10921 HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 149.0.7827.53 is possible via an integer overflow in the Dawn WebGPU implementation, allowing a remote attacker who has already compromised the renderer process to break out of the browser sandbox using a crafted HTML page. Google rates the Chromium severity as High and a vendor patch is available; no public exploit identified at time of analysis and the issue is not currently listed in CISA KEV.

Google Buffer Overflow Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-10919 HIGH PATCH This Week

Sandbox escape in Google Chrome's ANGLE graphics layer (versions prior to 149.0.7827.53) allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. The flaw is a use-after-free (CWE-416) rated High severity by Chromium and CVSS 8.3, and while no public exploit is identified at time of analysis, sandbox escapes in ANGLE have historically been chained with renderer RCE bugs to achieve full system compromise.

Denial Of Service Use After Free Memory Corruption Google Red Hat +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-10918 HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a use-after-free flaw in the Viz compositor component. Exploitation requires a crafted HTML page and victim interaction, and Google has rated the underlying Chromium security severity as High. No public exploit has been identified at time of analysis, but this class of bug is historically chained with renderer RCE bugs to achieve full browser compromise.

Denial Of Service Use After Free Memory Corruption Google Red Hat +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-10915 HIGH PATCH This Week

Sandbox escape in Google Chrome on iOS prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. The flaw is a use-after-free in the Core component rated High severity by Chromium, and no public exploit identified at time of analysis. Exploitation requires user interaction (visiting a malicious page) and chaining with a prior renderer compromise, raising the practical bar despite the 8.3 CVSS score.

Google Memory Corruption Apple Use After Free Denial Of Service +3
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-10909 HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 149.0.7827.53 enables a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a use-after-free flaw in the Dawn WebGPU implementation. Exploitation requires luring a victim to a crafted HTML page and chaining this bug with a prior renderer compromise, but the impact is full sandbox escape with high confidentiality, integrity, and availability consequences. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Denial Of Service Use After Free Memory Corruption Google Red Hat +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-10908 HIGH PATCH This Week

Sandbox escape in Google Chrome on Windows prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page exploiting a use-after-free condition in the FullScreen component. Rated High severity by Chromium with a CVSS of 8.3, the flaw requires user interaction and high attack complexity, and no public exploit identified at time of analysis. The vendor has issued a stable channel update addressing the issue.

Denial Of Service Memory Corruption Use After Free Microsoft Google
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-10905 HIGH PATCH This Week

Sandbox escape in Google Chrome prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a use-after-free in the Network component, triggered by a crafted HTML page. Chromium rates the severity as High and a vendor patch is available; no public exploit identified at time of analysis.

Denial Of Service Use After Free Memory Corruption Google Red Hat +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-10894 HIGH PATCH This Week

Sandbox escape in Google Chrome on Linux prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page that triggers a use-after-free in the Printing component. Google rates the underlying Chromium issue as Critical severity, and no public exploit is identified at time of analysis. The CVSS 8.3 score reflects the chained nature of the attack and the scope change that results when sandbox boundaries are crossed.

Denial Of Service Use After Free Memory Corruption Google Red Hat +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-10889 HIGH PATCH This Week

Out-of-bounds read in the ANGLE graphics layer of Google Chrome before 149.0.7827.53 enables a remote attacker who has already compromised the renderer process to potentially escape the browser sandbox via a crafted HTML page. Chromium rates the underlying issue Critical severity, and while no public exploit has been identified at time of analysis, the bug is in a historically targeted attack surface (GPU/ANGLE) frequently abused in renderer-to-broker escape chains.

Information Disclosure Google Buffer Overflow Red Hat Suse +1
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-10884 HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 149.0.7827.53 enables a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page targeting a use-after-free flaw in the Chromecast component. Google classifies the underlying issue as Critical severity, and no public exploit has been identified at time of analysis. The bug requires chaining with a separate renderer compromise, which lowers standalone exploitability but makes it valuable as the second stage of a full browser exploit chain.

Denial Of Service Use After Free Memory Corruption Google Red Hat +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-10970 HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page abusing the InterestGroups component. Google rates the Chromium severity as High, and CVSS scores it 8.3 with a changed scope reflecting the cross-boundary impact. No public exploit identified at time of analysis, though a vendor patch is available.

Information Disclosure Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-10917 HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page exploiting insufficient input validation in the Media component. Google rates the Chromium security severity as High, and no public exploit has been identified at time of analysis. Successful exploitation requires chaining with a separate renderer compromise plus user interaction, raising attack complexity but yielding full host-level impact if achieved.

Information Disclosure Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-10911 HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page abusing the Media component. Google rates the issue High severity and a vendor patch is available, though no public exploit has been identified at time of analysis.

Information Disclosure Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-10949 HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 149.0.7827.53 stems from a heap buffer overflow in the Video component, allowing a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. Chromium rates the severity as High and a vendor patch is available; no public exploit identified at time of analysis. The CVSS 8.3 score reflects the scope change (S:C) that occurs when sandbox boundaries are crossed, though the attack requires high complexity and user interaction.

Heap Overflow Google Buffer Overflow
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-10929 HIGH PATCH This Week

Sandbox escape in Google Chrome on Android prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page that triggers a heap buffer overflow in ANGLE. Chromium rates the severity as High, and although no public exploit is identified at time of analysis, the CVSS 8.3 score with scope change reflects the cross-boundary impact when chained with a renderer RCE. This is a classic second-stage bug used in browser exploit chains rather than a standalone one-click compromise.

Heap Overflow Google Buffer Overflow Red Hat Suse +1
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-10898 HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 149.0.7827.53 allows remote attackers who have already compromised the renderer process to potentially break out of the sandbox via a stack buffer overflow in the GPU component triggered by a crafted HTML page. Chromium rates this as Critical severity, and while no public exploit has been identified at time of analysis, the vendor has released a patched stable channel build addressing the issue.

Google Stack Overflow Buffer Overflow Red Hat Suse +1
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-10940 HIGH PATCH This Week

Sandbox escape in Google Chrome on Windows prior to 149.0.7827.53 enables a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page that triggers a race condition in the Codecs component. Chromium rates this High severity, and while no public exploit was identified at time of analysis, the bug fits the classic renderer-to-sandbox-escape pattern frequently chained in real-world Chrome exploit kits. CVSS is 8.3 reflecting high attack complexity, required user interaction, and a scope change.

Information Disclosure Google Microsoft Race Condition Chrome
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
Prev Page 5 of 12 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy