Chrome
Monthly
Out-of-bounds read in the WebRTC component of Google Chrome prior to 149.0.7827.53 exposes potentially sensitive process memory contents to remote attackers. Exploitation requires no authentication (CVSS PR:N) but does require user interaction - a victim must visit a specially crafted HTML page (CVSS UI:R). The confidentiality impact is rated High (C:H) with no integrity or availability consequence, meaning a successful attack leaks memory contents rather than enabling code execution. No public exploit identified at time of analysis, and EPSS at 0.03% (10th percentile) reflects low observed exploitation probability.
Sandbox escape in Google Chrome versions prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page processed by the codec subsystem. The flaw requires user interaction (visiting a malicious page) and a prior renderer compromise, but if chained successfully it enables full code execution on the host with a scope change. No public exploit identified at time of analysis and EPSS probability is very low (0.05%), but the 9.6 CVSS reflects the high impact of a successful sandbox escape.
Sandbox escape in Google Chrome on Windows prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a use-after-free in the Codecs component triggered by a crafted HTML page. The flaw requires user interaction (visiting a malicious page) and chains with a prior renderer compromise; no public exploit identified at time of analysis and EPSS exploitation probability is very low (0.03%, 11th percentile).
Cross-origin data leakage in Google Chrome's Printing subsystem (all versions prior to 149.0.7827.53) enables a remote attacker who has already compromised the renderer process to exfiltrate sensitive cross-origin data by serving a crafted HTML page. The CVSS vector (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) reflects high confidentiality impact with no integrity or availability loss, though the real-world attack requires a pre-compromised renderer - making this a second-stage chaining vulnerability rather than a standalone initial-access vector. No public exploit code or CISA KEV listing has been identified, and EPSS at 0.05% (15th percentile) confirms low current exploitation probability.
Privilege escalation in Google Chrome DevTools versions prior to 149.0.7827.53 allows attackers to abuse insufficient policy enforcement through a malicious browser extension. The flaw requires user interaction to install a crafted extension, after which the attacker can gain elevated privileges within the browser context. No public exploit identified at time of analysis, and EPSS scoring (0.01%) indicates very low near-term exploitation probability despite the high CVSS rating.
Out-of-bounds memory read in the Dawn WebGPU implementation of Google Chrome prior to 149.0.7827.53 allows a remote attacker to access memory outside intended bounds via a crafted HTML page. Exploitation requires the victim to visit an attacker-controlled page, and no public exploit identified at time of analysis. Google rates the Chromium-internal severity as Medium, while NVD assigns CVSS 8.8 reflecting the broad impact on confidentiality, integrity, and availability if successfully triggered.
Cross-origin data leakage in Google Chrome's ANGLE graphics library (versions prior to 149.0.7827.53) allows a remote unauthenticated attacker to read memory across origin boundaries by luring a victim to a crafted HTML page. The root cause is an uninitialized variable (CWE-457) within ANGLE - Chromium's graphics translation layer - which may retain residual data from prior allocations, exposing sensitive cross-origin content. No public exploit code exists and no active exploitation is confirmed (CISA KEV absent); EPSS is 0.03% (11th percentile), indicating low current real-world exploitation pressure.
Uninitialized memory read in Google Chrome's Media component exposes sensitive process memory contents to attackers who have already compromised the renderer process. Specifically, Chrome versions prior to 149.0.7827.53 fail to initialize memory in the Media subsystem, enabling a secondary attacker-controlled read of arbitrary process memory via a crafted HTML page. EPSS stands at 0.03% (11th percentile), no public exploit has been identified, and this vulnerability is not listed in the CISA KEV catalog; the vendor-released patch is available in Chrome 149.0.7827.53.
Sandbox escape in Google Chrome's ANGLE graphics layer prior to version 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page. The flaw stems from an integer overflow (CWE-472) in ANGLE and requires user interaction (visiting a malicious page) plus a prior renderer compromise to chain into full sandbox escape. No public exploit identified at time of analysis, and EPSS is very low (0.03%), but Google rates the underlying issue as Medium severity within Chromium.
Cross-origin data leakage in Google Chrome's ANGLE graphics component (versions prior to 149.0.7827.53) enables a remote attacker who has already compromised the renderer process to read sensitive data from other origins via a crafted HTML page. The root cause is CWE-457 (Use of Uninitialized Variable) in ANGLE - residual memory contents in the graphics pipeline can be read before proper initialization, exposing data across origin boundaries. EPSS is very low at 0.03% (11th percentile) and no public exploit or CISA KEV listing has been identified, but the cross-origin data access impact makes this relevant in chained exploit scenarios.
Sandbox-confined arbitrary code execution in Google Chrome versions prior to 149.0.7827.53 stems from an inappropriate implementation in the Dawn WebGPU component, enabling a remote attacker who has already compromised the renderer process to run code inside the sandbox via a crafted HTML page. The CVSS 8.8 rating reflects high impact across confidentiality, integrity, and availability when combined with user interaction (visiting a page), though Chromium classified the underlying severity as Medium. No public exploit identified at time of analysis, but a vendor patch is available in the Stable channel update for desktop.
Out-of-bounds memory access in Google Chrome on Android before version 149.0.7827.53 allows remote attackers to corrupt GPU process memory by luring a user to a crafted HTML page that triggers an integer overflow. The flaw carries a CVSS 8.8 (high) rating with high confidentiality, integrity, and availability impact, but EPSS is only 0.03% and no public exploit identified at time of analysis, suggesting low near-term mass-exploitation likelihood despite the severity of the underlying bug class.
Cross-origin data leakage in Google Chrome's Password Manager component (prior to 149.0.7827.53) exposes sensitive credential or form data to remote attackers through a crafted HTML page. The flaw stems from an inappropriate implementation classified under CWE-346 (Origin Validation Error), meaning the Password Manager fails to properly enforce same-origin boundaries when handling data. No privileges are required and exploitation is conditional only on user interaction with a malicious page; CVSS confidentiality impact is rated High, though no public exploit code exists and EPSS is at 0.03%, indicating low observed exploitation pressure at time of analysis.
Cross-origin data leakage via Chrome's Password Manager component affects Google Chrome versions prior to 149.0.7827.53, exploitable when a user visits an attacker-crafted HTML page. The flaw stems from an inappropriate implementation that fails to enforce proper origin boundaries within the Password Manager, allowing a remote, unauthenticated attacker to read sensitive cross-origin data - potentially including credential-related information surfaced by the Password Manager. No public exploit code has been identified and no active exploitation is confirmed (not in CISA KEV), with EPSS at 0.03% (11th percentile), though the high confidentiality impact (C:H) warrants prompt patching given Chrome's massive deployment surface.
Sandbox escape in Google Chrome on Android prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a race condition in the GPU process triggered by a crafted HTML page. The flaw is a use-after-free (CWE-416) reachable through normal web content rendering, and while no public exploit is identified at time of analysis, the EPSS percentile of 11% suggests low near-term opportunistic exploitation likelihood.
Same-Origin Policy bypass in Google Chrome's Canvas implementation affects all versions prior to 149.0.7827.53, allowing a remote unauthenticated attacker to violate cross-origin integrity guarantees through a crafted HTML page. The vulnerability carries a High integrity impact (I:H) with no confidentiality or availability consequence, meaning an attacker can write or manipulate cross-origin data rather than read it. No public exploit code has been identified at time of analysis, and EPSS at 0.02% (4th percentile) suggests minimal observed exploitation pressure currently.
Heap corruption in Google Chrome for Android's WebView component prior to version 149.0.7827.53 allows remote attackers to potentially execute code or crash the browser by luring victims to a crafted HTML page. The flaw is a use-after-free (CWE-416) rated CVSS 8.8 due to network reach and high impact across confidentiality, integrity, and availability, though user interaction is required. No public exploit identified at time of analysis and EPSS exploitation probability is very low (0.03%).
Out-of-bounds memory write in Google Chrome's codec component prior to version 149.0.7827.53 allows a remote attacker to corrupt memory by serving a crafted video file to a victim who visits a malicious page or views attacker-supplied media. The flaw stems from insufficient input validation in media codec parsing and carries a CVSS 8.8 rating reflecting high impact across confidentiality, integrity, and availability, though no public exploit identified at time of analysis and EPSS exploitation probability is very low at 0.05%.
Same-origin policy bypass in Google Chrome's FileSystem API implementation affects all desktop versions prior to 149.0.7827.53, exploitable by a remote attacker who has already achieved renderer process compromise. Delivering a crafted HTML page to a victim who interacts with it triggers the flaw, resulting in high-integrity cross-origin impact with no confidentiality or availability consequence. No public exploit code exists and EPSS sits at 0.02% (6th percentile), but the integrity impact and its role as a renderer-escape pivot make it relevant to multi-stage exploitation chains.
Remote code execution in Google Chrome versions prior to 149.0.7827.53 allows a remote attacker to execute arbitrary code within the renderer sandbox by serving a crafted HTML page that triggers a bad cast in the Dawn WebGPU implementation. The flaw carries a CVSS 8.8 rating with user interaction required (visiting a malicious page), and no public exploit has been identified at time of analysis despite Google rating the underlying Chromium severity as Medium. The vendor has released a patched stable channel build addressing this issue alongside other fixes.
Remote code execution in Google Chrome versions prior to 149.0.7827.53 stems from a type confusion flaw in the CSS engine that lets a remote attacker run arbitrary code within the renderer sandbox by enticing a victim to load a crafted HTML page. The CVSS 8.8 score reflects network reach with low attack complexity but requires user interaction (UI:R) to visit the malicious page, and no public exploit identified at time of analysis. A vendor patch is available via the Chrome Stable channel update published in June 2026.
Out-of-bounds read in Chrome's V8 JavaScript engine (versions prior to 149.0.7827.53) exposes sensitive process memory to remote attackers who can lure a victim to a crafted HTML page. The CVSS vector (PR:N/UI:R/C:H) confirms unauthenticated remote triggering with high confidentiality impact, though exploitation requires one click of user interaction. No public exploit identified at time of analysis, and EPSS sits at the 11th percentile (0.03%), suggesting low observed exploitation pressure despite the medium-severity classification.
Remote code execution in Google Chrome on Linux prior to version 149.0.7827.53 allows a remote attacker to exploit a use-after-free condition in the WebRTC component via a crafted HTML page. The flaw carries a CVSS 3.1 score of 8.8 with user interaction required, and while no public exploit has been identified at time of analysis, Chromium-class memory corruption bugs in WebRTC are historically high-value targets. Google has released a patched stable channel build, and Chromium itself rates the severity as Medium despite the higher NVD CVSS.
Use-after-free in Google Chrome's WebGL component (prior to 149.0.7827.53) exposes process memory to remote attackers who can lure a user to a crafted HTML page. The vulnerability is limited to confidentiality - CVSS C:H/I:N/A:N - meaning an attacker can read potentially sensitive data from Chrome's process memory but cannot write or crash the process per the scored vector. No public exploit has been identified at time of analysis, and EPSS sits at 0.03% (10th percentile), indicating low observed exploitation pressure. Google has shipped a fix in the stable channel release 149.0.7827.53.
Local code execution in Google Chrome for Android prior to 149.0.7827.53 stems from a use-after-free in the WebView component, triggered when a victim opens a malicious file. Per CVSS 7.8 (AV:L/UI:R), exploitation requires local delivery plus user interaction, and there is no public exploit identified at time of analysis (EPSS 0.01%, not in CISA KEV).
Information disclosure in Google Chrome on Linux prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to read sensitive data from process memory by serving a crafted HTML page that triggers a use-after-free in the Base component. The flaw is rated Medium by Chromium but scored CVSS 8.8 in NVD, and no public exploit identified at time of analysis with an EPSS of 0.03%.
Sandbox escape in Google Chrome on Windows versions prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer/network process to break out of the browser sandbox via crafted Chromoting (Chrome Remote Desktop) network traffic. The flaw is rated CVSS 9.6 due to the scope change from sandboxed process to host, though Google classifies the Chromium severity as Medium. EPSS is very low (0.05%) and no public exploit identified at time of analysis, but a vendor patch is available.
Same-origin policy bypass in the Cast component of Google Chrome (prior to 149.0.7827.53) enables a remote unauthenticated attacker to violate cross-origin integrity protections via a crafted HTML page, requiring only that the target user visit the attacker-controlled page. The CVSS vector confirms high integrity impact with no confidentiality or availability consequence, indicating the attack allows unauthorized cross-origin writes or data manipulation rather than information disclosure. No public exploit code has been identified at time of analysis, and the EPSS score of 0.02% (6th percentile) signals low observed exploitation interest despite the medium-severity Chromium classification.
Remote code execution in Google Chrome desktop versions prior to 149.0.7827.53 stems from a use-after-free flaw in the WebSockets implementation that an attacker can trigger by luring a victim to a crafted HTML page. Although code execution is constrained to Chrome's renderer sandbox, the CVSS 8.8 rating reflects high impact across confidentiality, integrity, and availability, and no public exploit identified at time of analysis. Google has shipped a fix in the stable channel, but the bug typically becomes a building block for full chain exploits when combined with a sandbox escape.
Uninitialized memory read in Chrome's Dawn (WebGPU) component exposes process memory contents to remote unauthenticated attackers who can entice a user to visit a crafted HTML page. All Chrome desktop versions prior to 149.0.7827.53 are affected, with confidentiality impact rated High (C:H) due to potential exposure of sensitive in-process data such as credentials or session tokens. No public exploit code or active exploitation has been identified at time of analysis; EPSS at 0.03% (11th percentile) reflects low current exploitation pressure.
Sandbox escape in Google Chrome prior to 149.0.7827.53 allows remote attackers to break out of the renderer sandbox via a crafted HTML page that exploits insufficient input validation in the ANGLE graphics layer. The flaw requires the victim to visit attacker-controlled content (UI:R) but no authentication, and the scope-changing CVSS 9.6 reflects the impact of escaping browser process isolation. EPSS is very low (0.05%, 15th percentile) and there is no public exploit identified at time of analysis.
Sandbox escape in Google Chrome versions prior to 149.0.7827.53 enables a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page targeting a use-after-free in the ANGLE graphics layer. The flaw requires user interaction (visiting a malicious page) and changes scope, yielding high confidentiality, integrity, and availability impact on the host. No public exploit identified at time of analysis and EPSS probability is very low (0.03%, 11th percentile), but a vendor patch is available.
Cross-origin data leakage in Google Chrome for Android (prior to 149.0.7827.53) is enabled by a race condition in the GPU component, exploitable only after the attacker has already achieved renderer process compromise. Using a crafted HTML page, the attacker can then trigger the GPU race to read cross-origin data, constituting a second-stage information disclosure step in a broader attack chain. No public exploit code or CISA KEV listing exists at time of analysis; EPSS sits at 0.03% (11th percentile), consistent with limited real-world exploitation activity.
Sandbox escape in Google Chrome on Windows before 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page that abuses the WebNN (Web Neural Network) API. The flaw stems from insufficient validation of untrusted input (CWE-20) reaching the WebNN component, and exploitation requires user interaction (visiting an attacker-controlled page) plus a prior renderer-compromise primitive. There is no public exploit identified at time of analysis, and the EPSS probability is very low (0.04%).
Script and HTML injection into privileged Chrome pages is possible in Google Chrome prior to 149.0.7827.53 through insufficient policy enforcement in the Extensions subsystem. An attacker who convinces a user to install a crafted malicious extension can leverage this to inject content into otherwise-restricted privileged pages, compromising page integrity. EPSS is 0.01% (1st percentile), no KEV listing exists, and no public exploit has been identified at time of analysis - indicating low observed exploitation pressure despite the network-accessible attack vector.
Sandbox escape in Google Chrome versions prior to 149.0.7827.53 stems from a type confusion bug in the ANGLE graphics translation layer that a remote attacker can trigger via a crafted HTML page. Despite a CVSS of 9.6 and a vendor-released patch, EPSS is only 0.03% and no public exploit identified at time of analysis, though Chromium-rated Medium browser bugs are routinely targeted once details are public.
Remote code execution in Google Chrome on Windows prior to version 149.0.7827.53 allows a remote attacker to escape memory safety boundaries within the renderer sandbox via a crafted HTML page. The flaw stems from a use-after-free condition in the Media component and requires user interaction (visiting a malicious page); no public exploit has been identified at time of analysis. With a CVSS of 8.8 and confirmed Chromium classification, this is a typical browser memory-corruption bug that historically attracts exploit chains.
Remote code execution in Google Chrome's Blink rendering engine prior to version 149.0.7827.53 allows a remote attacker to execute arbitrary code within the renderer sandbox by enticing a user to visit a crafted HTML page. The flaw is a use-after-free memory corruption issue (CWE-416) carrying a CVSS 8.8 score, with a vendor patch already shipped via the Chrome stable channel and no public exploit identified at time of analysis.
Privilege escalation in Google Chrome on Windows prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via an integer overflow in the CredentialProvider component. Exploitation requires user interaction with a crafted HTML page and a prior renderer compromise, and no public exploit has been identified at time of analysis. Chromium rates the security severity as Medium despite the CVSS 7.5 score.
Uninitialized memory use in Skia, Chrome's 2D graphics library, exposes process memory contents to a remote attacker who has already compromised the renderer process. Affected versions are all Chrome releases prior to 149.0.7827.53 on desktop platforms. An attacker leveraging this flaw can read potentially sensitive data from process memory - such as credentials, tokens, or page content - by delivering a crafted HTML page that triggers Skia's uninitialized memory path. No public exploit identified at time of analysis and EPSS stands at 0.03% (11th percentile), indicating low current exploitation pressure; however, the confidentiality impact is rated High by NVD.
Sandbox escape in Google Chrome on Windows prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the Site Isolation sandbox via a crafted HTML page. The flaw stems from insufficient validation of untrusted input in the Site Isolation component (CWE-20) and is rated CVSS 9.6 due to scope change, though Chromium itself classifies the underlying severity as Medium. No public exploit has been identified at time of analysis and EPSS is very low (0.05%, 15th percentile), but the chained-exploit potential makes it a meaningful browser-security risk.
Remote code execution in Google Chrome on Windows prior to 149.0.7827.53 allows attackers to run arbitrary code inside the renderer sandbox by luring a user to a crafted HTML page that triggers a use-after-free in the ANGLE graphics layer. The flaw carries a CVSS 8.8 score and requires user interaction (visiting a malicious page), and no public exploit identified at time of analysis. The sandbox containment limits direct system impact, but the bug is a strong candidate for chaining with a sandbox escape.
Remote code execution in Google Chrome versions prior to 149.0.7827.53 allows a remote attacker to execute arbitrary code inside the renderer sandbox by enticing a victim to visit a crafted HTML page that triggers a use-after-free condition in the WebRTC component. No public exploit identified at time of analysis, though the high CVSS score of 8.8 and the memory corruption class make this a priority browser patch. Chromium rates the security severity as Medium despite the CVSS score, suggesting sandbox containment limits real-world impact.
Sandbox escape in Google Chrome on Windows versions prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page that triggers a type confusion in the GPU process. The CVSS score of 9.6 reflects the scope-changing nature of escaping the sandbox boundary, though exploitation requires user interaction (visiting a malicious page) and a pre-existing renderer compromise. No public exploit identified at time of analysis, and EPSS is low at 0.03%.
Out-of-bounds read in ANGLE (Google's graphics abstraction layer) within Chrome on Linux exposes sensitive process memory to remote attackers via a crafted HTML page. All Chrome for Linux versions prior to 149.0.7827.53 are affected; Windows and macOS are not in scope. The CVSS vector confirms unauthenticated remote exploitability at low complexity, though user interaction is required, and no public exploit has been identified at time of analysis - EPSS at 0.03% (11th percentile) signals minimal current exploitation pressure.
Remote code execution in Google Chrome's V8 JavaScript engine before version 149.0.7827.53 allows a remote attacker to execute arbitrary code within the renderer sandbox when a victim visits a crafted HTML page. The flaw is a use-after-free memory corruption issue rated CVSS 8.8 (High), and while no public exploit has been identified at time of analysis, V8 bugs of this class are historically high-value targets for exploit chains. SSVC indicates no observed exploitation, but technical impact is total within the sandbox boundary.
Remote code execution in Google Chrome's Password Manager component (versions prior to 149.0.7827.53) allows a remote attacker to execute arbitrary code within the renderer sandbox by luring a victim to a crafted HTML page. The flaw stems from a use-after-free memory corruption condition (CWE-416) and carries a CVSS 3.1 score of 8.8. No public exploit identified at time of analysis, but a vendor patch has been released by Google.
Same-origin policy bypass in Google Chrome's Extensions subsystem (versions prior to 149.0.7827.53) allows an attacker who socially engineers a user into installing a crafted malicious extension to violate cross-origin boundaries, enabling unauthorized integrity impact against content from other origins. The CVSS vector (I:H, C:N) confirms the impact is write/modify-only - sensitive data exfiltration is not a direct consequence. No public exploit code or active exploitation has been identified at time of analysis; EPSS is negligible at 0.01% (1st percentile), consistent with the social-engineering prerequisite limiting mass exploitation.
Sandbox escape in Google Chrome on Windows prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. The flaw resides in the Base component and is rated Medium severity by Chromium despite the CVSS 9.6 score, reflecting the prerequisite of a prior renderer compromise. No public exploit identified at time of analysis, and EPSS exploitation probability is very low at 0.05%.
Sandboxed arbitrary code execution in Google Chrome prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to run arbitrary code within the Chrome sandbox via a crafted HTML page processed by the Media component. The flaw stems from insufficient validation of untrusted input (CWE-20) and is rated Medium severity by Chromium despite an 8.8 CVSS, reflecting that it serves as a second-stage primitive rather than a standalone RCE; no public exploit identified at time of analysis.
Memory disclosure in Google Chrome's GPU component (versions prior to 149.0.7827.53) enables a remote attacker who has already compromised the renderer process to read sensitive data from process memory by delivering a crafted HTML page. The vulnerability stems from insufficient validation of untrusted input passed to the GPU subsystem, classified as CWE-20 (Improper Input Validation), and is rated Medium severity by the Chromium security team despite a CVSS Confidentiality impact of High - reflecting that successful exploitation requires a prior renderer compromise as a prerequisite. No public exploit code has been identified and EPSS probability stands at just 0.05% (15th percentile), indicating low current exploitation likelihood.
Integer overflow in ANGLE (Google's graphics abstraction layer) within Chrome on macOS prior to 149.0.7827.53 enables remote information disclosure from process memory via crafted HTML pages. An unauthenticated remote attacker who induces user interaction can trigger out-of-bounds memory reads through a malicious webpage, potentially exposing credentials, session tokens, or other sensitive in-memory data. No active exploitation is confirmed (not listed in CISA KEV) and EPSS of 0.03% (11th percentile) reflects low real-world exploitation probability at time of analysis.
Sandbox escape in Google Chrome on macOS prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via an out-of-bounds write in ANGLE triggered by a crafted HTML page. The flaw carries a high CVSS of 9.6 due to scope change and full CIA impact, though no public exploit has been identified and EPSS exploitation probability remains very low at 0.03%.
Heap corruption in Google Chrome's Views component prior to version 149.0.7827.53 allows a remote attacker to potentially execute code in the renderer when a user is convinced to perform specific UI gestures on a crafted HTML page. The flaw is a use-after-free (CWE-416) carrying a CVSS 8.8 rating, but EPSS is very low at 0.03% (11th percentile) and no public exploit is identified at time of analysis. Google has shipped a patched stable channel build, and Chromium rates the underlying issue as Medium severity.
Sandbox escape in Google Chrome on Windows prior to 149.0.7827.53 enables a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page that exploits insufficient input validation in the Media component. The flaw requires user interaction (visiting a malicious page) and a prior renderer compromise, making it a second-stage capability typically chained with another bug; no public exploit identified at time of analysis and EPSS exploitation probability is low at 0.05%.
Sandbox escape in Google Chrome's ANGLE graphics layer prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. The flaw is a use-after-free (CWE-416) requiring user interaction to visit the malicious page, and no public exploit has been identified at time of analysis despite an EPSS score of 0.03% indicating very low near-term exploitation probability.
Cross-origin data leakage in Google Chrome's Skia graphics library (prior to 149.0.7827.53) enables a remote attacker to read sensitive data from other origins by enticing a user to visit a crafted HTML page. The flaw stems from uninitialized memory use (CWE-457) in Skia, Chrome's 2D rendering engine, where residual memory contents can be exposed across security boundaries. No active exploitation has been confirmed (not in CISA KEV) and EPSS sits at 0.03% (11th percentile), indicating low real-world exploitation probability at time of analysis, though the confidentiality impact is rated High by CVSS.
Subresource Integrity (SRI) policy enforcement failure in Google Chrome prior to 149.0.7827.53 enables remote attackers to bypass Content Security Policy protections via malicious network traffic. Affected users who visit attacker-influenced pages may have tampered scripts or resources loaded without the expected cryptographic hash validation that SRI is designed to enforce, undermining integrity guarantees that web applications depend on as a security boundary. No active exploitation is confirmed (not in CISA KEV), EPSS is very low at 0.02% (6th percentile), and a vendor patch is available at 149.0.7827.53.
Out-of-bounds write in Google Chrome's media Codecs component prior to version 149.0.7827.53 allows a remote attacker to potentially escape the renderer sandbox via a crafted video file. Successful exploitation requires the victim to load attacker-controlled video content, but the resulting scope change (S:C) means the attacker can break out of Chrome's renderer sandbox and impact resources beyond it. No public exploit has been identified at time of analysis and EPSS is very low (0.03%), but the high CVSS reflects the severe impact of a successful sandbox escape.
Same-origin policy bypass in Google Chrome prior to 149.0.7827.53 enables remote unauthenticated attackers to violate cross-origin isolation boundaries through a crafted HTML page, producing high integrity impact with no confidentiality or availability loss. Rooted in an inappropriate DOM implementation (CWE-346: Origin Validation Error), the flaw allows a malicious page to cross origin boundaries and manipulate content or state belonging to a different origin. No public exploit code and no CISA KEV listing exist at time of analysis; the EPSS score of 0.02% (4th percentile) reinforces limited real-world exploitation pressure despite the medium CVSS 6.5 rating.
Local privilege escalation in Google Chrome for Android prior to 149.0.7827.53 stems from an inappropriate implementation in the Custom Tabs component, where a crafted XML file processed by a local attacker can elevate privileges within the browser context. The flaw is rated CVSS 7.3 (Chromium severity Medium) and requires user interaction, with no public exploit identified at time of analysis and a very low EPSS score (0.02%, 4th percentile). A vendor patch is available in the Stable channel update referenced by the Chrome Releases advisory.
Universal Cross-Site Scripting (UXSS) in Google Chrome for Android's Tab Group Sync feature allows remote unauthenticated attackers to inject arbitrary scripts or HTML via malicious network traffic against Chrome versions prior to 149.0.7827.53. The CVSS Changed Scope (S:C) confirms that injected content escapes the vulnerable component's origin boundary, affecting other origins - the defining characteristic of UXSS, which is more severe than conventional XSS because it bypasses the browser-level same-origin policy rather than just application-level controls. No public exploit has been identified at time of analysis, and EPSS at 0.07% (22nd percentile) reflects low current exploitation probability; the vulnerability is not listed in CISA KEV.
Uninitialized memory read in Chrome's WebML component on macOS exposes potentially sensitive process memory contents to remote attackers. Affected are all Chrome versions prior to 149.0.7827.53 on Mac; exploitation requires convincing a user to visit a specially crafted HTML page. No public exploit code or active exploitation (CISA KEV) has been identified, and the EPSS score of 0.03% (10th percentile) reflects low real-world exploitation likelihood at time of analysis.
Cross-origin data leakage in Google Chrome's Password Manager component (versions prior to 149.0.7827.53) enables unauthenticated remote attackers to access sensitive data across security origin boundaries when a victim visits a specially crafted HTML page. The flaw involves an inappropriate implementation of origin validation (CWE-346) within the Password Manager subsystem, potentially exposing saved credentials or autofill data to a malicious origin. No active exploitation has been confirmed - SSVC classifies exploitation as none and EPSS places this in the 11th percentile - though the High confidentiality impact in the CVSS vector reflects meaningful data exposure if triggered.
UI spoofing in Google Chrome's Password Manager component (versions prior to 149.0.7827.53) allows remote unauthenticated attackers to manipulate browser interface elements via crafted malicious network traffic. The flaw stems from insufficient input validation (CWE-20) in the Password Manager subsystem, enabling an attacker to deceive victims about the legitimacy of password prompts or credential states. No public exploit code or active exploitation has been identified; EPSS at 0.05% (15th percentile) reflects low community-assessed exploitation probability, and the mandatory user interaction requirement prevents automated mass exploitation.
Remote heap corruption in Google Chrome prior to 149.0.7827.53 allows attackers to exploit a use-after-free condition in the Network component via crafted network traffic when a user visits or interacts with attacker-controlled content. Rated CVSS 8.8 with a patch available from Google, though EPSS exploitation probability is currently very low (0.03%, 11th percentile) and no public exploit has been identified at time of analysis.
Sandbox-contained arbitrary code execution in Google Chrome's Media component affects Linux and ChromeOS builds prior to 149.0.7827.53, where a use-after-free flaw can be triggered via a crafted HTML page. Exploitation requires that the attacker has already compromised the renderer process, meaning this bug functions as a second-stage primitive in a multi-vulnerability chain rather than a standalone RCE. No public exploit identified at time of analysis, and Chromium rates the internal severity as Medium despite the NVD CVSS of 8.8.
Cross-origin data leakage in the Glic component of Google Chrome (prior to 149.0.7827.53) can be triggered by a remote attacker who has already compromised the renderer process, using a crafted HTML page to exfiltrate sensitive cross-origin content. The CVSS vector (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) reflects high confidentiality impact but masks the realistic complexity: renderer compromise is an explicit prerequisite, making this a chained exploit rather than a standalone attack. No active exploitation has been confirmed (CISA KEV absent, SSVC exploitation=none, EPSS 0.05% at 15th percentile), and a vendor-released patch is available.
Navigation restriction bypass in Google Chrome's Extensions subsystem (all versions prior to 149.0.7827.53) enables circumvention of browser-enforced navigation controls when a user installs a crafted malicious extension. Rooted in CWE-284 (Improper Access Control), the flaw allows the extension to override navigation guards - potentially enabling unauthorized redirects or bypass of URL-based security policies - with a high integrity impact per CVSS (I:H). No public exploit has been identified at time of analysis, EPSS is 0.01% (1st percentile), and the vulnerability is not listed in CISA's KEV catalog, indicating low current exploitation momentum despite a medium CVSS score of 6.5.
Content Security Policy bypass in Google Chrome for Android prior to 149.0.7827.53 allows a remote attacker to circumvent CSP restrictions by delivering a crafted HTML page to a victim user. The flaw resides in Chrome's Navigation subsystem, where policy enforcement is insufficient, enabling injection or execution of content that CSP headers would otherwise block. No public exploit has been identified at time of analysis, and EPSS sits at the 4th percentile, but the zero-privilege-required, network-accessible attack surface warrants prompt patching on Android deployments.
Stack-based buffer overflow in the Skia graphics library shipped with Google Chrome versions prior to 149.0.7827.53 lets a remote attacker corrupt the renderer process stack by serving a crafted HTML page, with potential for arbitrary code execution within the sandbox. The flaw carries a CVSS 3.1 base score of 8.8 (network vector, user interaction required) and no public exploit identified at time of analysis, while a very low EPSS score of 0.03% (10th percentile) suggests no current mass-exploitation pressure despite the high impact rating.
Same-origin policy bypass in Google Chrome's WebAppInstalls component allows a remote attacker who has already compromised the renderer process to circumvent cross-origin protections via a crafted HTML page, yielding high integrity impact with no confidentiality or availability loss. All Chrome versions prior to 149.0.7827.53 are affected. No public exploit code has been identified and EPSS places this at the 6th percentile (0.02%), indicating very low observed exploitation probability; this is not listed in CISA KEV.
Same-origin policy bypass in Google Chrome DevTools (versions prior to 149.0.7827.53) enables a remote attacker who has already compromised the renderer process to cross origin boundaries via a crafted HTML page. The flaw stems from insufficient input validation (CWE-20) within the DevTools component, yielding a High integrity impact while leaving confidentiality and availability unaffected. No public exploit code exists at time of analysis, and EPSS sits at 0.02% (6th percentile), indicating low observed exploitation pressure; this vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog.
Sandbox escape in Google Chrome on Windows prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page that exploits insufficient input validation in the GPU component. The CVSS 9.6 score reflects the scope change from renderer to host, but real-world exploitation requires chaining with a separate renderer compromise and user interaction. EPSS is low at 0.05% and no public exploit is identified at time of analysis.
Cross-origin data disclosure in Google Chrome's Extensions component (versions prior to 149.0.7827.53) enables a remote attacker to read sensitive data belonging to other origins by delivering a crafted XML file to a victim. The CVSS vector confirms network-reachable, unauthenticated access (AV:N/PR:N) with High confidentiality impact, though user interaction is required (UI:R). No public exploit has been identified at time of analysis and EPSS probability sits at a low 0.03% (11th percentile), indicating limited exploitation likelihood despite the meaningful confidentiality impact.
Domain spoofing in the Google Chrome Payments component on Android (versions prior to 149.0.7827.53) enables integrity manipulation of payment flows when an attacker has already compromised the renderer process. By serving a crafted HTML page, the attacker can make the Chrome Payments UI display a spoofed domain, potentially deceiving users into authorizing payments to attacker-controlled origins. EPSS stands at 0.03% (11th percentile), no public exploit code has been identified, and this CVE does not appear in the CISA KEV catalog.
Navigation restriction bypass in Google Chrome prior to version 149.0.7827.53 enables a remote, unauthenticated attacker to circumvent browser navigation policies by delivering a crafted HTML page to a victim. The flaw resides in the 'Actor' component of the Chromium engine, where policy enforcement is insufficient, leading to a high-integrity-impact breach (CVSS I:H) without any compromise of confidentiality or availability. No public exploit code and no active exploitation have been identified at time of analysis; EPSS stands at 0.02% (4th percentile), reinforcing a currently low real-world exploitation probability.
Navigation restriction bypass in Google Chrome's Link Preview feature allows a remote attacker who has already compromised the renderer process to circumvent intended browsing boundaries via a crafted HTML page. All Chrome versions prior to 149.0.7827.53 on desktop are affected. The real-world threat is as a second-stage exploitation primitive within a browser attack chain - an attacker leverages this CWE-284 flaw to escape navigation controls after gaining an initial foothold in the renderer, achieving high integrity impact with no confidentiality or availability loss. No public exploit code has been identified and EPSS stands at 0.02% (4th percentile), indicating low observed exploitation probability at time of analysis.
Same origin policy bypass in Google Chrome's Network component (prior to 149.0.7827.53) enables an attacker who has already compromised the renderer process to exfiltrate or manipulate cross-origin data via a crafted HTML page. The integrity impact is rated High (I:H) with no confidentiality or availability impact, meaning the primary risk is unauthorized cross-origin writes or request forgery rather than data theft. No public exploit code has been identified at time of analysis, and EPSS sits at 0.02% (6th percentile), indicating low observed exploitation probability despite the medium CVSS score.
Out-of-bounds memory read in the WebGPU component of Google Chrome before 149.0.7827.53 allows a remote attacker to read memory outside intended buffer boundaries when a victim visits a crafted HTML page. The flaw carries a CVSS 8.1 score due to network reachability and high confidentiality/availability impact, but EPSS sits at 0.03% and SSVC reports no observed exploitation, so the practical risk is currently low despite the high CVSS. No public exploit identified at time of analysis.
Site isolation bypass in Google Chrome prior to version 149.0.7827.53 enables an attacker to circumvent Chrome's site isolation security boundary through a crafted malicious extension, resulting in high integrity impact (I:H per CVSS). The attack is gated by user interaction - specifically, the victim must be convinced to install the malicious extension - after which the extension exploits insufficient policy enforcement in Chrome's Extensions subsystem to cross site isolation boundaries without authorization. No public exploit has been identified at time of analysis, and the EPSS score of 0.01% (1st percentile) indicates negligible current exploitation interest.
Memory disclosure in Google Chrome's Network component (versions prior to 149.0.7827.53) allows an attacker who has already compromised the renderer process to read potentially sensitive data from process memory by delivering a crafted HTML page to the victim. This is a chained, two-stage attack: exploitation requires a prior renderer process compromise as an explicit prerequisite, which substantially elevates the real-world difficulty beyond what the CVSS 6.5 score alone implies. No active exploitation has been identified (SSVC Exploitation: none; EPSS: 0.05% at the 15th percentile), and no public exploit code exists at time of analysis.
Sandbox escape in Google Chrome on Android before 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a use-after-free in the Serial component. Exploitation requires user interaction with a crafted HTML page and a prior renderer compromise, making this a second-stage vulnerability typically chained with another bug. No public exploit identified at time of analysis and EPSS is very low (0.03%), but Google has shipped a patched stable channel build.
Site isolation bypass in Google Chrome's Password Manager prior to version 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to escape cross-origin protections via a crafted HTML page. The flaw stems from insufficient policy enforcement (CWE-602) and chains with a prior renderer compromise, making it a post-exploitation primitive rather than a standalone entry point. EPSS is very low (0.02%, 4th percentile) and no public exploit identified at time of analysis, though Google rates the underlying Chromium severity as Medium.
Sandbox escape in Google Chrome on Android prior to 149.0.7827.53 allows remote attackers who have already compromised the renderer process to break out of the sandbox via a crafted HTML page that triggers a use-after-free in the WebShare component. The flaw requires a pre-existing renderer compromise plus user interaction, and no public exploit identified at time of analysis, though Chromium-rated Medium severity and the patch availability suggest defenders should treat it as part of the standard Chrome update cycle.
Sandbox escape in Google Chrome on Windows versions prior to 149.0.7827.53 can be triggered by a remote attacker via a crafted HTML page that exploits a use-after-free condition in the USB component. The flaw carries a CVSS score of 9.6 due to its scope-changing impact, though Google rated the underlying Chromium security severity as Medium, and no public exploit has been identified at time of analysis with an EPSS score of just 0.03%.
Cross-origin data leakage in Google Chrome's WebAppInstalls component (versions prior to 149.0.7827.53) enables a remote attacker who has already compromised the renderer process to exfiltrate sensitive cross-origin data via a crafted HTML page. The CVSS 6.5 score captures the high confidentiality impact and network accessibility, but understates effective exploitation complexity because a prior renderer compromise is an explicit prerequisite. EPSS is very low at 0.04% (13th percentile), no public exploit code has been identified, and no CISA KEV listing exists at time of analysis, positioning this as a chained exploitation primitive rather than a standalone critical threat.
Cross-origin data leakage in Google Chrome's WebView component on Android exposes sensitive information to attackers who have already achieved renderer process compromise. Affected versions are all Chrome for Android releases prior to 149.0.7827.53. A remote attacker, operating from a compromised renderer context, can exfiltrate cross-origin data by delivering a specially crafted HTML page to the victim, bypassing same-origin policy protections. No public exploit code exists and EPSS stands at 0.04% (13th percentile), indicating low observed exploitation pressure at time of analysis; however, the high confidentiality impact (C:H) makes this a meaningful second-stage primitive in multi-vulnerability attack chains.
Out-of-bounds read in Chrome's Dawn WebGPU subsystem (versions prior to 149.0.7827.53) allows unauthenticated remote attackers to read arbitrary memory contents by tricking a user into visiting a crafted HTML page. The vulnerability carries a CVSS 6.5 (Medium) with high confidentiality impact and no integrity or availability impact, indicating targeted data-disclosure potential rather than code execution. EPSS is 0.03% (11th percentile) and the vulnerability is not listed in the CISA KEV catalog - no public exploit has been identified at time of analysis.
Out-of-bounds read in ANGLE (Almost Native Graphics Layer Engine) within Google Chrome prior to 149.0.7827.53 enables an attacker who has already compromised the renderer process to leak potentially sensitive data from process memory via a crafted HTML page. The CVSS vector (AC:H, UI:R) reflects a two-stage exploitation requirement: the attacker must first achieve renderer compromise through a separate vulnerability, then chain this ANGLE flaw as a second-stage information disclosure primitive. No public exploit code has been identified and EPSS sits at 0.03% (11th percentile), indicating low real-world exploitation probability at time of analysis.
Out-of-bounds read in the WebRTC component of Google Chrome prior to 149.0.7827.53 exposes potentially sensitive process memory contents to remote attackers. Exploitation requires no authentication (CVSS PR:N) but does require user interaction - a victim must visit a specially crafted HTML page (CVSS UI:R). The confidentiality impact is rated High (C:H) with no integrity or availability consequence, meaning a successful attack leaks memory contents rather than enabling code execution. No public exploit identified at time of analysis, and EPSS at 0.03% (10th percentile) reflects low observed exploitation probability.
Sandbox escape in Google Chrome versions prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page processed by the codec subsystem. The flaw requires user interaction (visiting a malicious page) and a prior renderer compromise, but if chained successfully it enables full code execution on the host with a scope change. No public exploit identified at time of analysis and EPSS probability is very low (0.05%), but the 9.6 CVSS reflects the high impact of a successful sandbox escape.
Sandbox escape in Google Chrome on Windows prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a use-after-free in the Codecs component triggered by a crafted HTML page. The flaw requires user interaction (visiting a malicious page) and chains with a prior renderer compromise; no public exploit identified at time of analysis and EPSS exploitation probability is very low (0.03%, 11th percentile).
Cross-origin data leakage in Google Chrome's Printing subsystem (all versions prior to 149.0.7827.53) enables a remote attacker who has already compromised the renderer process to exfiltrate sensitive cross-origin data by serving a crafted HTML page. The CVSS vector (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) reflects high confidentiality impact with no integrity or availability loss, though the real-world attack requires a pre-compromised renderer - making this a second-stage chaining vulnerability rather than a standalone initial-access vector. No public exploit code or CISA KEV listing has been identified, and EPSS at 0.05% (15th percentile) confirms low current exploitation probability.
Privilege escalation in Google Chrome DevTools versions prior to 149.0.7827.53 allows attackers to abuse insufficient policy enforcement through a malicious browser extension. The flaw requires user interaction to install a crafted extension, after which the attacker can gain elevated privileges within the browser context. No public exploit identified at time of analysis, and EPSS scoring (0.01%) indicates very low near-term exploitation probability despite the high CVSS rating.
Out-of-bounds memory read in the Dawn WebGPU implementation of Google Chrome prior to 149.0.7827.53 allows a remote attacker to access memory outside intended bounds via a crafted HTML page. Exploitation requires the victim to visit an attacker-controlled page, and no public exploit identified at time of analysis. Google rates the Chromium-internal severity as Medium, while NVD assigns CVSS 8.8 reflecting the broad impact on confidentiality, integrity, and availability if successfully triggered.
Cross-origin data leakage in Google Chrome's ANGLE graphics library (versions prior to 149.0.7827.53) allows a remote unauthenticated attacker to read memory across origin boundaries by luring a victim to a crafted HTML page. The root cause is an uninitialized variable (CWE-457) within ANGLE - Chromium's graphics translation layer - which may retain residual data from prior allocations, exposing sensitive cross-origin content. No public exploit code exists and no active exploitation is confirmed (CISA KEV absent); EPSS is 0.03% (11th percentile), indicating low current real-world exploitation pressure.
Uninitialized memory read in Google Chrome's Media component exposes sensitive process memory contents to attackers who have already compromised the renderer process. Specifically, Chrome versions prior to 149.0.7827.53 fail to initialize memory in the Media subsystem, enabling a secondary attacker-controlled read of arbitrary process memory via a crafted HTML page. EPSS stands at 0.03% (11th percentile), no public exploit has been identified, and this vulnerability is not listed in the CISA KEV catalog; the vendor-released patch is available in Chrome 149.0.7827.53.
Sandbox escape in Google Chrome's ANGLE graphics layer prior to version 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page. The flaw stems from an integer overflow (CWE-472) in ANGLE and requires user interaction (visiting a malicious page) plus a prior renderer compromise to chain into full sandbox escape. No public exploit identified at time of analysis, and EPSS is very low (0.03%), but Google rates the underlying issue as Medium severity within Chromium.
Cross-origin data leakage in Google Chrome's ANGLE graphics component (versions prior to 149.0.7827.53) enables a remote attacker who has already compromised the renderer process to read sensitive data from other origins via a crafted HTML page. The root cause is CWE-457 (Use of Uninitialized Variable) in ANGLE - residual memory contents in the graphics pipeline can be read before proper initialization, exposing data across origin boundaries. EPSS is very low at 0.03% (11th percentile) and no public exploit or CISA KEV listing has been identified, but the cross-origin data access impact makes this relevant in chained exploit scenarios.
Sandbox-confined arbitrary code execution in Google Chrome versions prior to 149.0.7827.53 stems from an inappropriate implementation in the Dawn WebGPU component, enabling a remote attacker who has already compromised the renderer process to run code inside the sandbox via a crafted HTML page. The CVSS 8.8 rating reflects high impact across confidentiality, integrity, and availability when combined with user interaction (visiting a page), though Chromium classified the underlying severity as Medium. No public exploit identified at time of analysis, but a vendor patch is available in the Stable channel update for desktop.
Out-of-bounds memory access in Google Chrome on Android before version 149.0.7827.53 allows remote attackers to corrupt GPU process memory by luring a user to a crafted HTML page that triggers an integer overflow. The flaw carries a CVSS 8.8 (high) rating with high confidentiality, integrity, and availability impact, but EPSS is only 0.03% and no public exploit identified at time of analysis, suggesting low near-term mass-exploitation likelihood despite the severity of the underlying bug class.
Cross-origin data leakage in Google Chrome's Password Manager component (prior to 149.0.7827.53) exposes sensitive credential or form data to remote attackers through a crafted HTML page. The flaw stems from an inappropriate implementation classified under CWE-346 (Origin Validation Error), meaning the Password Manager fails to properly enforce same-origin boundaries when handling data. No privileges are required and exploitation is conditional only on user interaction with a malicious page; CVSS confidentiality impact is rated High, though no public exploit code exists and EPSS is at 0.03%, indicating low observed exploitation pressure at time of analysis.
Cross-origin data leakage via Chrome's Password Manager component affects Google Chrome versions prior to 149.0.7827.53, exploitable when a user visits an attacker-crafted HTML page. The flaw stems from an inappropriate implementation that fails to enforce proper origin boundaries within the Password Manager, allowing a remote, unauthenticated attacker to read sensitive cross-origin data - potentially including credential-related information surfaced by the Password Manager. No public exploit code has been identified and no active exploitation is confirmed (not in CISA KEV), with EPSS at 0.03% (11th percentile), though the high confidentiality impact (C:H) warrants prompt patching given Chrome's massive deployment surface.
Sandbox escape in Google Chrome on Android prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a race condition in the GPU process triggered by a crafted HTML page. The flaw is a use-after-free (CWE-416) reachable through normal web content rendering, and while no public exploit is identified at time of analysis, the EPSS percentile of 11% suggests low near-term opportunistic exploitation likelihood.
Same-Origin Policy bypass in Google Chrome's Canvas implementation affects all versions prior to 149.0.7827.53, allowing a remote unauthenticated attacker to violate cross-origin integrity guarantees through a crafted HTML page. The vulnerability carries a High integrity impact (I:H) with no confidentiality or availability consequence, meaning an attacker can write or manipulate cross-origin data rather than read it. No public exploit code has been identified at time of analysis, and EPSS at 0.02% (4th percentile) suggests minimal observed exploitation pressure currently.
Heap corruption in Google Chrome for Android's WebView component prior to version 149.0.7827.53 allows remote attackers to potentially execute code or crash the browser by luring victims to a crafted HTML page. The flaw is a use-after-free (CWE-416) rated CVSS 8.8 due to network reach and high impact across confidentiality, integrity, and availability, though user interaction is required. No public exploit identified at time of analysis and EPSS exploitation probability is very low (0.03%).
Out-of-bounds memory write in Google Chrome's codec component prior to version 149.0.7827.53 allows a remote attacker to corrupt memory by serving a crafted video file to a victim who visits a malicious page or views attacker-supplied media. The flaw stems from insufficient input validation in media codec parsing and carries a CVSS 8.8 rating reflecting high impact across confidentiality, integrity, and availability, though no public exploit identified at time of analysis and EPSS exploitation probability is very low at 0.05%.
Same-origin policy bypass in Google Chrome's FileSystem API implementation affects all desktop versions prior to 149.0.7827.53, exploitable by a remote attacker who has already achieved renderer process compromise. Delivering a crafted HTML page to a victim who interacts with it triggers the flaw, resulting in high-integrity cross-origin impact with no confidentiality or availability consequence. No public exploit code exists and EPSS sits at 0.02% (6th percentile), but the integrity impact and its role as a renderer-escape pivot make it relevant to multi-stage exploitation chains.
Remote code execution in Google Chrome versions prior to 149.0.7827.53 allows a remote attacker to execute arbitrary code within the renderer sandbox by serving a crafted HTML page that triggers a bad cast in the Dawn WebGPU implementation. The flaw carries a CVSS 8.8 rating with user interaction required (visiting a malicious page), and no public exploit has been identified at time of analysis despite Google rating the underlying Chromium severity as Medium. The vendor has released a patched stable channel build addressing this issue alongside other fixes.
Remote code execution in Google Chrome versions prior to 149.0.7827.53 stems from a type confusion flaw in the CSS engine that lets a remote attacker run arbitrary code within the renderer sandbox by enticing a victim to load a crafted HTML page. The CVSS 8.8 score reflects network reach with low attack complexity but requires user interaction (UI:R) to visit the malicious page, and no public exploit identified at time of analysis. A vendor patch is available via the Chrome Stable channel update published in June 2026.
Out-of-bounds read in Chrome's V8 JavaScript engine (versions prior to 149.0.7827.53) exposes sensitive process memory to remote attackers who can lure a victim to a crafted HTML page. The CVSS vector (PR:N/UI:R/C:H) confirms unauthenticated remote triggering with high confidentiality impact, though exploitation requires one click of user interaction. No public exploit identified at time of analysis, and EPSS sits at the 11th percentile (0.03%), suggesting low observed exploitation pressure despite the medium-severity classification.
Remote code execution in Google Chrome on Linux prior to version 149.0.7827.53 allows a remote attacker to exploit a use-after-free condition in the WebRTC component via a crafted HTML page. The flaw carries a CVSS 3.1 score of 8.8 with user interaction required, and while no public exploit has been identified at time of analysis, Chromium-class memory corruption bugs in WebRTC are historically high-value targets. Google has released a patched stable channel build, and Chromium itself rates the severity as Medium despite the higher NVD CVSS.
Use-after-free in Google Chrome's WebGL component (prior to 149.0.7827.53) exposes process memory to remote attackers who can lure a user to a crafted HTML page. The vulnerability is limited to confidentiality - CVSS C:H/I:N/A:N - meaning an attacker can read potentially sensitive data from Chrome's process memory but cannot write or crash the process per the scored vector. No public exploit has been identified at time of analysis, and EPSS sits at 0.03% (10th percentile), indicating low observed exploitation pressure. Google has shipped a fix in the stable channel release 149.0.7827.53.
Local code execution in Google Chrome for Android prior to 149.0.7827.53 stems from a use-after-free in the WebView component, triggered when a victim opens a malicious file. Per CVSS 7.8 (AV:L/UI:R), exploitation requires local delivery plus user interaction, and there is no public exploit identified at time of analysis (EPSS 0.01%, not in CISA KEV).
Information disclosure in Google Chrome on Linux prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to read sensitive data from process memory by serving a crafted HTML page that triggers a use-after-free in the Base component. The flaw is rated Medium by Chromium but scored CVSS 8.8 in NVD, and no public exploit identified at time of analysis with an EPSS of 0.03%.
Sandbox escape in Google Chrome on Windows versions prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer/network process to break out of the browser sandbox via crafted Chromoting (Chrome Remote Desktop) network traffic. The flaw is rated CVSS 9.6 due to the scope change from sandboxed process to host, though Google classifies the Chromium severity as Medium. EPSS is very low (0.05%) and no public exploit identified at time of analysis, but a vendor patch is available.
Same-origin policy bypass in the Cast component of Google Chrome (prior to 149.0.7827.53) enables a remote unauthenticated attacker to violate cross-origin integrity protections via a crafted HTML page, requiring only that the target user visit the attacker-controlled page. The CVSS vector confirms high integrity impact with no confidentiality or availability consequence, indicating the attack allows unauthorized cross-origin writes or data manipulation rather than information disclosure. No public exploit code has been identified at time of analysis, and the EPSS score of 0.02% (6th percentile) signals low observed exploitation interest despite the medium-severity Chromium classification.
Remote code execution in Google Chrome desktop versions prior to 149.0.7827.53 stems from a use-after-free flaw in the WebSockets implementation that an attacker can trigger by luring a victim to a crafted HTML page. Although code execution is constrained to Chrome's renderer sandbox, the CVSS 8.8 rating reflects high impact across confidentiality, integrity, and availability, and no public exploit identified at time of analysis. Google has shipped a fix in the stable channel, but the bug typically becomes a building block for full chain exploits when combined with a sandbox escape.
Uninitialized memory read in Chrome's Dawn (WebGPU) component exposes process memory contents to remote unauthenticated attackers who can entice a user to visit a crafted HTML page. All Chrome desktop versions prior to 149.0.7827.53 are affected, with confidentiality impact rated High (C:H) due to potential exposure of sensitive in-process data such as credentials or session tokens. No public exploit code or active exploitation has been identified at time of analysis; EPSS at 0.03% (11th percentile) reflects low current exploitation pressure.
Sandbox escape in Google Chrome prior to 149.0.7827.53 allows remote attackers to break out of the renderer sandbox via a crafted HTML page that exploits insufficient input validation in the ANGLE graphics layer. The flaw requires the victim to visit attacker-controlled content (UI:R) but no authentication, and the scope-changing CVSS 9.6 reflects the impact of escaping browser process isolation. EPSS is very low (0.05%, 15th percentile) and there is no public exploit identified at time of analysis.
Sandbox escape in Google Chrome versions prior to 149.0.7827.53 enables a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page targeting a use-after-free in the ANGLE graphics layer. The flaw requires user interaction (visiting a malicious page) and changes scope, yielding high confidentiality, integrity, and availability impact on the host. No public exploit identified at time of analysis and EPSS probability is very low (0.03%, 11th percentile), but a vendor patch is available.
Cross-origin data leakage in Google Chrome for Android (prior to 149.0.7827.53) is enabled by a race condition in the GPU component, exploitable only after the attacker has already achieved renderer process compromise. Using a crafted HTML page, the attacker can then trigger the GPU race to read cross-origin data, constituting a second-stage information disclosure step in a broader attack chain. No public exploit code or CISA KEV listing exists at time of analysis; EPSS sits at 0.03% (11th percentile), consistent with limited real-world exploitation activity.
Sandbox escape in Google Chrome on Windows before 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page that abuses the WebNN (Web Neural Network) API. The flaw stems from insufficient validation of untrusted input (CWE-20) reaching the WebNN component, and exploitation requires user interaction (visiting an attacker-controlled page) plus a prior renderer-compromise primitive. There is no public exploit identified at time of analysis, and the EPSS probability is very low (0.04%).
Script and HTML injection into privileged Chrome pages is possible in Google Chrome prior to 149.0.7827.53 through insufficient policy enforcement in the Extensions subsystem. An attacker who convinces a user to install a crafted malicious extension can leverage this to inject content into otherwise-restricted privileged pages, compromising page integrity. EPSS is 0.01% (1st percentile), no KEV listing exists, and no public exploit has been identified at time of analysis - indicating low observed exploitation pressure despite the network-accessible attack vector.
Sandbox escape in Google Chrome versions prior to 149.0.7827.53 stems from a type confusion bug in the ANGLE graphics translation layer that a remote attacker can trigger via a crafted HTML page. Despite a CVSS of 9.6 and a vendor-released patch, EPSS is only 0.03% and no public exploit identified at time of analysis, though Chromium-rated Medium browser bugs are routinely targeted once details are public.
Remote code execution in Google Chrome on Windows prior to version 149.0.7827.53 allows a remote attacker to escape memory safety boundaries within the renderer sandbox via a crafted HTML page. The flaw stems from a use-after-free condition in the Media component and requires user interaction (visiting a malicious page); no public exploit has been identified at time of analysis. With a CVSS of 8.8 and confirmed Chromium classification, this is a typical browser memory-corruption bug that historically attracts exploit chains.
Remote code execution in Google Chrome's Blink rendering engine prior to version 149.0.7827.53 allows a remote attacker to execute arbitrary code within the renderer sandbox by enticing a user to visit a crafted HTML page. The flaw is a use-after-free memory corruption issue (CWE-416) carrying a CVSS 8.8 score, with a vendor patch already shipped via the Chrome stable channel and no public exploit identified at time of analysis.
Privilege escalation in Google Chrome on Windows prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via an integer overflow in the CredentialProvider component. Exploitation requires user interaction with a crafted HTML page and a prior renderer compromise, and no public exploit has been identified at time of analysis. Chromium rates the security severity as Medium despite the CVSS 7.5 score.
Uninitialized memory use in Skia, Chrome's 2D graphics library, exposes process memory contents to a remote attacker who has already compromised the renderer process. Affected versions are all Chrome releases prior to 149.0.7827.53 on desktop platforms. An attacker leveraging this flaw can read potentially sensitive data from process memory - such as credentials, tokens, or page content - by delivering a crafted HTML page that triggers Skia's uninitialized memory path. No public exploit identified at time of analysis and EPSS stands at 0.03% (11th percentile), indicating low current exploitation pressure; however, the confidentiality impact is rated High by NVD.
Sandbox escape in Google Chrome on Windows prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the Site Isolation sandbox via a crafted HTML page. The flaw stems from insufficient validation of untrusted input in the Site Isolation component (CWE-20) and is rated CVSS 9.6 due to scope change, though Chromium itself classifies the underlying severity as Medium. No public exploit has been identified at time of analysis and EPSS is very low (0.05%, 15th percentile), but the chained-exploit potential makes it a meaningful browser-security risk.
Remote code execution in Google Chrome on Windows prior to 149.0.7827.53 allows attackers to run arbitrary code inside the renderer sandbox by luring a user to a crafted HTML page that triggers a use-after-free in the ANGLE graphics layer. The flaw carries a CVSS 8.8 score and requires user interaction (visiting a malicious page), and no public exploit identified at time of analysis. The sandbox containment limits direct system impact, but the bug is a strong candidate for chaining with a sandbox escape.
Remote code execution in Google Chrome versions prior to 149.0.7827.53 allows a remote attacker to execute arbitrary code inside the renderer sandbox by enticing a victim to visit a crafted HTML page that triggers a use-after-free condition in the WebRTC component. No public exploit identified at time of analysis, though the high CVSS score of 8.8 and the memory corruption class make this a priority browser patch. Chromium rates the security severity as Medium despite the CVSS score, suggesting sandbox containment limits real-world impact.
Sandbox escape in Google Chrome on Windows versions prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page that triggers a type confusion in the GPU process. The CVSS score of 9.6 reflects the scope-changing nature of escaping the sandbox boundary, though exploitation requires user interaction (visiting a malicious page) and a pre-existing renderer compromise. No public exploit identified at time of analysis, and EPSS is low at 0.03%.
Out-of-bounds read in ANGLE (Google's graphics abstraction layer) within Chrome on Linux exposes sensitive process memory to remote attackers via a crafted HTML page. All Chrome for Linux versions prior to 149.0.7827.53 are affected; Windows and macOS are not in scope. The CVSS vector confirms unauthenticated remote exploitability at low complexity, though user interaction is required, and no public exploit has been identified at time of analysis - EPSS at 0.03% (11th percentile) signals minimal current exploitation pressure.
Remote code execution in Google Chrome's V8 JavaScript engine before version 149.0.7827.53 allows a remote attacker to execute arbitrary code within the renderer sandbox when a victim visits a crafted HTML page. The flaw is a use-after-free memory corruption issue rated CVSS 8.8 (High), and while no public exploit has been identified at time of analysis, V8 bugs of this class are historically high-value targets for exploit chains. SSVC indicates no observed exploitation, but technical impact is total within the sandbox boundary.
Remote code execution in Google Chrome's Password Manager component (versions prior to 149.0.7827.53) allows a remote attacker to execute arbitrary code within the renderer sandbox by luring a victim to a crafted HTML page. The flaw stems from a use-after-free memory corruption condition (CWE-416) and carries a CVSS 3.1 score of 8.8. No public exploit identified at time of analysis, but a vendor patch has been released by Google.
Same-origin policy bypass in Google Chrome's Extensions subsystem (versions prior to 149.0.7827.53) allows an attacker who socially engineers a user into installing a crafted malicious extension to violate cross-origin boundaries, enabling unauthorized integrity impact against content from other origins. The CVSS vector (I:H, C:N) confirms the impact is write/modify-only - sensitive data exfiltration is not a direct consequence. No public exploit code or active exploitation has been identified at time of analysis; EPSS is negligible at 0.01% (1st percentile), consistent with the social-engineering prerequisite limiting mass exploitation.
Sandbox escape in Google Chrome on Windows prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. The flaw resides in the Base component and is rated Medium severity by Chromium despite the CVSS 9.6 score, reflecting the prerequisite of a prior renderer compromise. No public exploit identified at time of analysis, and EPSS exploitation probability is very low at 0.05%.
Sandboxed arbitrary code execution in Google Chrome prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to run arbitrary code within the Chrome sandbox via a crafted HTML page processed by the Media component. The flaw stems from insufficient validation of untrusted input (CWE-20) and is rated Medium severity by Chromium despite an 8.8 CVSS, reflecting that it serves as a second-stage primitive rather than a standalone RCE; no public exploit identified at time of analysis.
Memory disclosure in Google Chrome's GPU component (versions prior to 149.0.7827.53) enables a remote attacker who has already compromised the renderer process to read sensitive data from process memory by delivering a crafted HTML page. The vulnerability stems from insufficient validation of untrusted input passed to the GPU subsystem, classified as CWE-20 (Improper Input Validation), and is rated Medium severity by the Chromium security team despite a CVSS Confidentiality impact of High - reflecting that successful exploitation requires a prior renderer compromise as a prerequisite. No public exploit code has been identified and EPSS probability stands at just 0.05% (15th percentile), indicating low current exploitation likelihood.
Integer overflow in ANGLE (Google's graphics abstraction layer) within Chrome on macOS prior to 149.0.7827.53 enables remote information disclosure from process memory via crafted HTML pages. An unauthenticated remote attacker who induces user interaction can trigger out-of-bounds memory reads through a malicious webpage, potentially exposing credentials, session tokens, or other sensitive in-memory data. No active exploitation is confirmed (not listed in CISA KEV) and EPSS of 0.03% (11th percentile) reflects low real-world exploitation probability at time of analysis.
Sandbox escape in Google Chrome on macOS prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via an out-of-bounds write in ANGLE triggered by a crafted HTML page. The flaw carries a high CVSS of 9.6 due to scope change and full CIA impact, though no public exploit has been identified and EPSS exploitation probability remains very low at 0.03%.
Heap corruption in Google Chrome's Views component prior to version 149.0.7827.53 allows a remote attacker to potentially execute code in the renderer when a user is convinced to perform specific UI gestures on a crafted HTML page. The flaw is a use-after-free (CWE-416) carrying a CVSS 8.8 rating, but EPSS is very low at 0.03% (11th percentile) and no public exploit is identified at time of analysis. Google has shipped a patched stable channel build, and Chromium rates the underlying issue as Medium severity.
Sandbox escape in Google Chrome on Windows prior to 149.0.7827.53 enables a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page that exploits insufficient input validation in the Media component. The flaw requires user interaction (visiting a malicious page) and a prior renderer compromise, making it a second-stage capability typically chained with another bug; no public exploit identified at time of analysis and EPSS exploitation probability is low at 0.05%.
Sandbox escape in Google Chrome's ANGLE graphics layer prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. The flaw is a use-after-free (CWE-416) requiring user interaction to visit the malicious page, and no public exploit has been identified at time of analysis despite an EPSS score of 0.03% indicating very low near-term exploitation probability.
Cross-origin data leakage in Google Chrome's Skia graphics library (prior to 149.0.7827.53) enables a remote attacker to read sensitive data from other origins by enticing a user to visit a crafted HTML page. The flaw stems from uninitialized memory use (CWE-457) in Skia, Chrome's 2D rendering engine, where residual memory contents can be exposed across security boundaries. No active exploitation has been confirmed (not in CISA KEV) and EPSS sits at 0.03% (11th percentile), indicating low real-world exploitation probability at time of analysis, though the confidentiality impact is rated High by CVSS.
Subresource Integrity (SRI) policy enforcement failure in Google Chrome prior to 149.0.7827.53 enables remote attackers to bypass Content Security Policy protections via malicious network traffic. Affected users who visit attacker-influenced pages may have tampered scripts or resources loaded without the expected cryptographic hash validation that SRI is designed to enforce, undermining integrity guarantees that web applications depend on as a security boundary. No active exploitation is confirmed (not in CISA KEV), EPSS is very low at 0.02% (6th percentile), and a vendor patch is available at 149.0.7827.53.
Out-of-bounds write in Google Chrome's media Codecs component prior to version 149.0.7827.53 allows a remote attacker to potentially escape the renderer sandbox via a crafted video file. Successful exploitation requires the victim to load attacker-controlled video content, but the resulting scope change (S:C) means the attacker can break out of Chrome's renderer sandbox and impact resources beyond it. No public exploit has been identified at time of analysis and EPSS is very low (0.03%), but the high CVSS reflects the severe impact of a successful sandbox escape.
Same-origin policy bypass in Google Chrome prior to 149.0.7827.53 enables remote unauthenticated attackers to violate cross-origin isolation boundaries through a crafted HTML page, producing high integrity impact with no confidentiality or availability loss. Rooted in an inappropriate DOM implementation (CWE-346: Origin Validation Error), the flaw allows a malicious page to cross origin boundaries and manipulate content or state belonging to a different origin. No public exploit code and no CISA KEV listing exist at time of analysis; the EPSS score of 0.02% (4th percentile) reinforces limited real-world exploitation pressure despite the medium CVSS 6.5 rating.
Local privilege escalation in Google Chrome for Android prior to 149.0.7827.53 stems from an inappropriate implementation in the Custom Tabs component, where a crafted XML file processed by a local attacker can elevate privileges within the browser context. The flaw is rated CVSS 7.3 (Chromium severity Medium) and requires user interaction, with no public exploit identified at time of analysis and a very low EPSS score (0.02%, 4th percentile). A vendor patch is available in the Stable channel update referenced by the Chrome Releases advisory.
Universal Cross-Site Scripting (UXSS) in Google Chrome for Android's Tab Group Sync feature allows remote unauthenticated attackers to inject arbitrary scripts or HTML via malicious network traffic against Chrome versions prior to 149.0.7827.53. The CVSS Changed Scope (S:C) confirms that injected content escapes the vulnerable component's origin boundary, affecting other origins - the defining characteristic of UXSS, which is more severe than conventional XSS because it bypasses the browser-level same-origin policy rather than just application-level controls. No public exploit has been identified at time of analysis, and EPSS at 0.07% (22nd percentile) reflects low current exploitation probability; the vulnerability is not listed in CISA KEV.
Uninitialized memory read in Chrome's WebML component on macOS exposes potentially sensitive process memory contents to remote attackers. Affected are all Chrome versions prior to 149.0.7827.53 on Mac; exploitation requires convincing a user to visit a specially crafted HTML page. No public exploit code or active exploitation (CISA KEV) has been identified, and the EPSS score of 0.03% (10th percentile) reflects low real-world exploitation likelihood at time of analysis.
Cross-origin data leakage in Google Chrome's Password Manager component (versions prior to 149.0.7827.53) enables unauthenticated remote attackers to access sensitive data across security origin boundaries when a victim visits a specially crafted HTML page. The flaw involves an inappropriate implementation of origin validation (CWE-346) within the Password Manager subsystem, potentially exposing saved credentials or autofill data to a malicious origin. No active exploitation has been confirmed - SSVC classifies exploitation as none and EPSS places this in the 11th percentile - though the High confidentiality impact in the CVSS vector reflects meaningful data exposure if triggered.
UI spoofing in Google Chrome's Password Manager component (versions prior to 149.0.7827.53) allows remote unauthenticated attackers to manipulate browser interface elements via crafted malicious network traffic. The flaw stems from insufficient input validation (CWE-20) in the Password Manager subsystem, enabling an attacker to deceive victims about the legitimacy of password prompts or credential states. No public exploit code or active exploitation has been identified; EPSS at 0.05% (15th percentile) reflects low community-assessed exploitation probability, and the mandatory user interaction requirement prevents automated mass exploitation.
Remote heap corruption in Google Chrome prior to 149.0.7827.53 allows attackers to exploit a use-after-free condition in the Network component via crafted network traffic when a user visits or interacts with attacker-controlled content. Rated CVSS 8.8 with a patch available from Google, though EPSS exploitation probability is currently very low (0.03%, 11th percentile) and no public exploit has been identified at time of analysis.
Sandbox-contained arbitrary code execution in Google Chrome's Media component affects Linux and ChromeOS builds prior to 149.0.7827.53, where a use-after-free flaw can be triggered via a crafted HTML page. Exploitation requires that the attacker has already compromised the renderer process, meaning this bug functions as a second-stage primitive in a multi-vulnerability chain rather than a standalone RCE. No public exploit identified at time of analysis, and Chromium rates the internal severity as Medium despite the NVD CVSS of 8.8.
Cross-origin data leakage in the Glic component of Google Chrome (prior to 149.0.7827.53) can be triggered by a remote attacker who has already compromised the renderer process, using a crafted HTML page to exfiltrate sensitive cross-origin content. The CVSS vector (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) reflects high confidentiality impact but masks the realistic complexity: renderer compromise is an explicit prerequisite, making this a chained exploit rather than a standalone attack. No active exploitation has been confirmed (CISA KEV absent, SSVC exploitation=none, EPSS 0.05% at 15th percentile), and a vendor-released patch is available.
Navigation restriction bypass in Google Chrome's Extensions subsystem (all versions prior to 149.0.7827.53) enables circumvention of browser-enforced navigation controls when a user installs a crafted malicious extension. Rooted in CWE-284 (Improper Access Control), the flaw allows the extension to override navigation guards - potentially enabling unauthorized redirects or bypass of URL-based security policies - with a high integrity impact per CVSS (I:H). No public exploit has been identified at time of analysis, EPSS is 0.01% (1st percentile), and the vulnerability is not listed in CISA's KEV catalog, indicating low current exploitation momentum despite a medium CVSS score of 6.5.
Content Security Policy bypass in Google Chrome for Android prior to 149.0.7827.53 allows a remote attacker to circumvent CSP restrictions by delivering a crafted HTML page to a victim user. The flaw resides in Chrome's Navigation subsystem, where policy enforcement is insufficient, enabling injection or execution of content that CSP headers would otherwise block. No public exploit has been identified at time of analysis, and EPSS sits at the 4th percentile, but the zero-privilege-required, network-accessible attack surface warrants prompt patching on Android deployments.
Stack-based buffer overflow in the Skia graphics library shipped with Google Chrome versions prior to 149.0.7827.53 lets a remote attacker corrupt the renderer process stack by serving a crafted HTML page, with potential for arbitrary code execution within the sandbox. The flaw carries a CVSS 3.1 base score of 8.8 (network vector, user interaction required) and no public exploit identified at time of analysis, while a very low EPSS score of 0.03% (10th percentile) suggests no current mass-exploitation pressure despite the high impact rating.
Same-origin policy bypass in Google Chrome's WebAppInstalls component allows a remote attacker who has already compromised the renderer process to circumvent cross-origin protections via a crafted HTML page, yielding high integrity impact with no confidentiality or availability loss. All Chrome versions prior to 149.0.7827.53 are affected. No public exploit code has been identified and EPSS places this at the 6th percentile (0.02%), indicating very low observed exploitation probability; this is not listed in CISA KEV.
Same-origin policy bypass in Google Chrome DevTools (versions prior to 149.0.7827.53) enables a remote attacker who has already compromised the renderer process to cross origin boundaries via a crafted HTML page. The flaw stems from insufficient input validation (CWE-20) within the DevTools component, yielding a High integrity impact while leaving confidentiality and availability unaffected. No public exploit code exists at time of analysis, and EPSS sits at 0.02% (6th percentile), indicating low observed exploitation pressure; this vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog.
Sandbox escape in Google Chrome on Windows prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page that exploits insufficient input validation in the GPU component. The CVSS 9.6 score reflects the scope change from renderer to host, but real-world exploitation requires chaining with a separate renderer compromise and user interaction. EPSS is low at 0.05% and no public exploit is identified at time of analysis.
Cross-origin data disclosure in Google Chrome's Extensions component (versions prior to 149.0.7827.53) enables a remote attacker to read sensitive data belonging to other origins by delivering a crafted XML file to a victim. The CVSS vector confirms network-reachable, unauthenticated access (AV:N/PR:N) with High confidentiality impact, though user interaction is required (UI:R). No public exploit has been identified at time of analysis and EPSS probability sits at a low 0.03% (11th percentile), indicating limited exploitation likelihood despite the meaningful confidentiality impact.
Domain spoofing in the Google Chrome Payments component on Android (versions prior to 149.0.7827.53) enables integrity manipulation of payment flows when an attacker has already compromised the renderer process. By serving a crafted HTML page, the attacker can make the Chrome Payments UI display a spoofed domain, potentially deceiving users into authorizing payments to attacker-controlled origins. EPSS stands at 0.03% (11th percentile), no public exploit code has been identified, and this CVE does not appear in the CISA KEV catalog.
Navigation restriction bypass in Google Chrome prior to version 149.0.7827.53 enables a remote, unauthenticated attacker to circumvent browser navigation policies by delivering a crafted HTML page to a victim. The flaw resides in the 'Actor' component of the Chromium engine, where policy enforcement is insufficient, leading to a high-integrity-impact breach (CVSS I:H) without any compromise of confidentiality or availability. No public exploit code and no active exploitation have been identified at time of analysis; EPSS stands at 0.02% (4th percentile), reinforcing a currently low real-world exploitation probability.
Navigation restriction bypass in Google Chrome's Link Preview feature allows a remote attacker who has already compromised the renderer process to circumvent intended browsing boundaries via a crafted HTML page. All Chrome versions prior to 149.0.7827.53 on desktop are affected. The real-world threat is as a second-stage exploitation primitive within a browser attack chain - an attacker leverages this CWE-284 flaw to escape navigation controls after gaining an initial foothold in the renderer, achieving high integrity impact with no confidentiality or availability loss. No public exploit code has been identified and EPSS stands at 0.02% (4th percentile), indicating low observed exploitation probability at time of analysis.
Same origin policy bypass in Google Chrome's Network component (prior to 149.0.7827.53) enables an attacker who has already compromised the renderer process to exfiltrate or manipulate cross-origin data via a crafted HTML page. The integrity impact is rated High (I:H) with no confidentiality or availability impact, meaning the primary risk is unauthorized cross-origin writes or request forgery rather than data theft. No public exploit code has been identified at time of analysis, and EPSS sits at 0.02% (6th percentile), indicating low observed exploitation probability despite the medium CVSS score.
Out-of-bounds memory read in the WebGPU component of Google Chrome before 149.0.7827.53 allows a remote attacker to read memory outside intended buffer boundaries when a victim visits a crafted HTML page. The flaw carries a CVSS 8.1 score due to network reachability and high confidentiality/availability impact, but EPSS sits at 0.03% and SSVC reports no observed exploitation, so the practical risk is currently low despite the high CVSS. No public exploit identified at time of analysis.
Site isolation bypass in Google Chrome prior to version 149.0.7827.53 enables an attacker to circumvent Chrome's site isolation security boundary through a crafted malicious extension, resulting in high integrity impact (I:H per CVSS). The attack is gated by user interaction - specifically, the victim must be convinced to install the malicious extension - after which the extension exploits insufficient policy enforcement in Chrome's Extensions subsystem to cross site isolation boundaries without authorization. No public exploit has been identified at time of analysis, and the EPSS score of 0.01% (1st percentile) indicates negligible current exploitation interest.
Memory disclosure in Google Chrome's Network component (versions prior to 149.0.7827.53) allows an attacker who has already compromised the renderer process to read potentially sensitive data from process memory by delivering a crafted HTML page to the victim. This is a chained, two-stage attack: exploitation requires a prior renderer process compromise as an explicit prerequisite, which substantially elevates the real-world difficulty beyond what the CVSS 6.5 score alone implies. No active exploitation has been identified (SSVC Exploitation: none; EPSS: 0.05% at the 15th percentile), and no public exploit code exists at time of analysis.
Sandbox escape in Google Chrome on Android before 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a use-after-free in the Serial component. Exploitation requires user interaction with a crafted HTML page and a prior renderer compromise, making this a second-stage vulnerability typically chained with another bug. No public exploit identified at time of analysis and EPSS is very low (0.03%), but Google has shipped a patched stable channel build.
Site isolation bypass in Google Chrome's Password Manager prior to version 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to escape cross-origin protections via a crafted HTML page. The flaw stems from insufficient policy enforcement (CWE-602) and chains with a prior renderer compromise, making it a post-exploitation primitive rather than a standalone entry point. EPSS is very low (0.02%, 4th percentile) and no public exploit identified at time of analysis, though Google rates the underlying Chromium severity as Medium.
Sandbox escape in Google Chrome on Android prior to 149.0.7827.53 allows remote attackers who have already compromised the renderer process to break out of the sandbox via a crafted HTML page that triggers a use-after-free in the WebShare component. The flaw requires a pre-existing renderer compromise plus user interaction, and no public exploit identified at time of analysis, though Chromium-rated Medium severity and the patch availability suggest defenders should treat it as part of the standard Chrome update cycle.
Sandbox escape in Google Chrome on Windows versions prior to 149.0.7827.53 can be triggered by a remote attacker via a crafted HTML page that exploits a use-after-free condition in the USB component. The flaw carries a CVSS score of 9.6 due to its scope-changing impact, though Google rated the underlying Chromium security severity as Medium, and no public exploit has been identified at time of analysis with an EPSS score of just 0.03%.
Cross-origin data leakage in Google Chrome's WebAppInstalls component (versions prior to 149.0.7827.53) enables a remote attacker who has already compromised the renderer process to exfiltrate sensitive cross-origin data via a crafted HTML page. The CVSS 6.5 score captures the high confidentiality impact and network accessibility, but understates effective exploitation complexity because a prior renderer compromise is an explicit prerequisite. EPSS is very low at 0.04% (13th percentile), no public exploit code has been identified, and no CISA KEV listing exists at time of analysis, positioning this as a chained exploitation primitive rather than a standalone critical threat.
Cross-origin data leakage in Google Chrome's WebView component on Android exposes sensitive information to attackers who have already achieved renderer process compromise. Affected versions are all Chrome for Android releases prior to 149.0.7827.53. A remote attacker, operating from a compromised renderer context, can exfiltrate cross-origin data by delivering a specially crafted HTML page to the victim, bypassing same-origin policy protections. No public exploit code exists and EPSS stands at 0.04% (13th percentile), indicating low observed exploitation pressure at time of analysis; however, the high confidentiality impact (C:H) makes this a meaningful second-stage primitive in multi-vulnerability attack chains.
Out-of-bounds read in Chrome's Dawn WebGPU subsystem (versions prior to 149.0.7827.53) allows unauthenticated remote attackers to read arbitrary memory contents by tricking a user into visiting a crafted HTML page. The vulnerability carries a CVSS 6.5 (Medium) with high confidentiality impact and no integrity or availability impact, indicating targeted data-disclosure potential rather than code execution. EPSS is 0.03% (11th percentile) and the vulnerability is not listed in the CISA KEV catalog - no public exploit has been identified at time of analysis.
Out-of-bounds read in ANGLE (Almost Native Graphics Layer Engine) within Google Chrome prior to 149.0.7827.53 enables an attacker who has already compromised the renderer process to leak potentially sensitive data from process memory via a crafted HTML page. The CVSS vector (AC:H, UI:R) reflects a two-stage exploitation requirement: the attacker must first achieve renderer compromise through a separate vulnerability, then chain this ANGLE flaw as a second-stage information disclosure primitive. No public exploit code has been identified and EPSS sits at 0.03% (11th percentile), indicating low real-world exploitation probability at time of analysis.