Chrome
Monthly
Remote code execution in Google Chrome versions prior to 149.0.7827.53 stems from a use-after-free flaw in the WebRTC component that lets a remote attacker run arbitrary code within the renderer sandbox by luring a victim to a crafted HTML page. Google rates the underlying Chromium issue as High severity, and no public exploit is identified at time of analysis, though publicly available patch metadata and Chromium bug tracker entries (issue 503422316) confirm the fix.
Remote code execution in Google Chrome versions prior to 149.0.7827.53 stems from a use-after-free flaw in the Ozone graphics abstraction layer, rated Critical by Chromium's internal severity classification. Remote attackers can trigger arbitrary code execution within the browser's rendering context by enticing a victim to visit a crafted HTML page. There is no public exploit identified at time of analysis, and CISA SSVC scoring indicates no observed exploitation, though the technical impact is rated total.
Remote code execution in Google Chrome on macOS prior to version 149.0.7827.53 stems from a use-after-free condition in the Passwords component, allowing a remote attacker to execute arbitrary code if a victim is convinced to perform specific UI gestures on a crafted HTML page. Chromium rates the underlying severity as Critical, though CVSS scores it 7.5 due to high attack complexity and required user interaction. There is no public exploit identified at time of analysis and SSVC indicates exploitation status is none.
Remote heap corruption in Google Chrome on macOS prior to 149.0.7827.53 stems from a use-after-free in the Passwords component, letting a remote attacker who lures a user into specific UI interactions trigger memory corruption via a crafted HTML page. Chromium rates the underlying flaw Critical and a vendor patch is available, though no public exploit has been identified at time of analysis and active exploitation has not been confirmed by CISA KEV.
Heap corruption in Google Chrome's Ozone display layer on Linux versions prior to 149.0.7827.53 allows remote attackers to potentially achieve code execution by enticing a user to perform specific UI gestures on a crafted HTML page. Chromium rates the underlying issue as Critical severity, and no public exploit has been identified at time of analysis. The defect is a use-after-free (CWE-416) reachable from the renderer's interaction with the Linux display abstraction.
Sandbox escape in Google Chrome versions prior to 149.0.7827.53 allows remote attackers who have already compromised the renderer process to potentially break out of the sandbox via a stack buffer overflow in the GPU component triggered by a crafted HTML page. Chromium rates this as Critical severity, and while no public exploit has been identified at time of analysis, the vendor has released a patched stable channel build addressing the issue.
Sandbox escape in Google Chrome's GPU component prior to version 149.0.7827.53 allows remote attackers to break out of the renderer sandbox via a crafted HTML page when a user visits a malicious site. Google's Chromium team rated the underlying issue Critical severity, and while a patch is available, no public exploit identified at time of analysis and EPSS estimates exploitation probability at only 0.03%.
Remote code execution in Google Chrome for iOS prior to version 149.0.7827.53 allows a remote attacker to execute arbitrary code by enticing a user to visit a crafted HTML page. Chromium rates the underlying use-after-free as Critical severity, though SSVC currently shows no observed exploitation and no public exploit identified at time of analysis. The CVSS 8.8 rating reflects high impact across confidentiality, integrity, and availability, tempered by a required user interaction (visiting the malicious page).
Remote code execution in Google Chrome's Ozone display server layer affects all desktop versions prior to 149.0.7827.53, where a use-after-free memory corruption flaw can be triggered by a crafted HTML page. Chromium-internal severity is rated Critical and the CVSS 3.1 score of 8.8 reflects high impact across confidentiality, integrity, and availability, though exploitation requires user interaction (visiting an attacker-controlled page). No public exploit has been identified at time of analysis, and CISA SSVC currently lists Exploitation as 'none'.
Sandbox escape in Google Chrome on Linux prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page that triggers a use-after-free in the Printing component. Google rates the underlying Chromium issue as Critical severity, and no public exploit is identified at time of analysis. The CVSS 8.3 score reflects the chained nature of the attack and the scope change that results when sandbox boundaries are crossed.
Remote code execution in Google Chrome versions prior to 149.0.7827.53 stems from a use-after-free flaw in the Chromoting (Chrome Remote Desktop) component, which Google rated Critical internally. A remote attacker can deliver malicious network traffic to a user with an active Chromoting session and execute arbitrary code in the browser context, though user interaction is required per the CVSS vector. No public exploit identified at time of analysis, and EPSS probability is very low (0.04%).
Sandbox escape in Google Chrome for Android versions prior to 149.0.7827.53 stems from an out-of-bounds write in the GPU process that a remote attacker can trigger via a crafted HTML page. Google rates the underlying Chromium issue as Critical severity, and while a vendor patch is available, no public exploit identified at time of analysis and EPSS sits at 0.03% (11th percentile). The CVSS scope-changed vector (S:C) reflects the impact of breaking out of Chrome's sandbox to affect the broader Android OS context.
Heap corruption in Google Chrome's GFX component on Linux prior to version 149.0.7827.53 allows remote attackers to potentially achieve code execution when a victim visits a crafted HTML page. Google rates the underlying Chromium issue as Critical severity, and a vendor patch is available; no public exploit identified at time of analysis.
Heap corruption in Google Chrome's Cast component prior to version 149.0.7827.53 allows adjacent-network attackers to trigger a use-after-free condition through crafted network traffic, potentially leading to arbitrary code execution within the renderer. Chromium rates the underlying severity as Critical, and no public exploit identified at time of analysis, though the AV:A vector means any attacker sharing the victim's LAN or Wi-Fi segment can attempt exploitation without authentication or user interaction.
Out-of-bounds read in the ANGLE graphics layer of Google Chrome before 149.0.7827.53 enables a remote attacker who has already compromised the renderer process to potentially escape the browser sandbox via a crafted HTML page. Chromium rates the underlying issue Critical severity, and while no public exploit has been identified at time of analysis, the bug is in a historically targeted attack surface (GPU/ANGLE) frequently abused in renderer-to-broker escape chains.
Remote code execution in Google Chrome's Cast Streaming component (versions prior to 149.0.7827.53) allows an attacker on the same local network segment to execute arbitrary code by sending malicious network traffic to a vulnerable browser. The flaw is rated Critical by the Chromium project and carries a CVSS 3.1 score of 8.8, with no public exploit identified at time of analysis.
Remote code execution in Google Chrome on macOS prior to 149.0.7827.53 stems from a use-after-free flaw in the Chromoting (Chrome Remote Desktop) component, allowing remote attackers to execute arbitrary code by delivering malicious network traffic. Google's Chromium team rates the underlying defect as Critical severity, and no public exploit has been identified at time of analysis, though the bug class historically attracts in-the-wild exploitation against browser users.
Sandbox escape in Google Chrome versions prior to 149.0.7827.53 allows remote attackers to exploit a use-after-free condition in the FileSystem component via a crafted HTML page, with user interaction required. Google has rated the underlying Chromium issue as Critical severity, and a vendor patch is available; no public exploit identified at time of analysis, though the high CVSS score (9.6) and scope-changed impact warrant rapid patching.
Remote code execution in Google Chrome for iOS versions prior to 149.0.7827.53 allows a remote attacker to execute arbitrary code by luring a victim to a crafted HTML page that triggers a use-after-free condition. The flaw is rated Critical by Chromium and carries a CVSS 8.8 score, and while no public exploit is identified at time of analysis, the user-interaction-only barrier (visiting a page) makes drive-by exploitation a realistic concern for unpatched iOS Chrome users.
Sandbox escape in Google Chrome versions prior to 149.0.7827.53 enables a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page targeting a use-after-free flaw in the Chromecast component. Google classifies the underlying issue as Critical severity, and no public exploit has been identified at time of analysis. The bug requires chaining with a separate renderer compromise, which lowers standalone exploitability but makes it valuable as the second stage of a full browser exploit chain.
Heap corruption in Google Chrome's ANGLE graphics translation layer prior to version 149.0.7827.53 allows remote attackers to potentially achieve code execution by enticing a user to visit a crafted HTML page. Chromium rates the severity as Critical and the CVSS score is 8.8 (High), but no public exploit identified at time of analysis. The flaw is a type confusion issue that maps to CWE-787 (out-of-bounds write), affecting the browser's WebGL/graphics rendering path.
Remote code execution in Google Chrome versions prior to 149.0.7827.53 stems from a use-after-free flaw in the Network component, allowing a remote attacker to execute arbitrary code within the renderer process when a user visits a crafted HTML page. Google rated this issue Critical at the Chromium level, and a vendor patch is available; no public exploit identified at time of analysis.
Sandbox escape in Google Chrome's ANGLE graphics layer prior to version 149.0.7827.53 allows a remote attacker to trigger an out-of-bounds read and write via a crafted HTML page, with a CVSS 9.6 reflecting scope change and high impact across confidentiality, integrity, and availability. The flaw was rated Critical internally by Chromium and reported by Google's own CVE admin team; no public exploit identified at time of analysis, and CISA SSVC currently lists exploitation status as none.
Denial of service in Securly Chrome Extension version 3.0.7 allows on-path network attackers to halt all browsing activity by injecting malicious regular expression patterns into an HTTP-delivered configuration file. The extension fetches config.json over plaintext HTTP and compiles attacker-controlled patterns with new RegExp() without complexity checks, enabling catastrophic backtracking (ReDoS). No public exploit identified at time of analysis, and EPSS is very low (0.02%), but the issue is reported by CERT/CC.
Cryptographic weakness in Securly Chrome Extension version 3.0.7 and earlier exposes AES-encrypted data to recovery attacks because the extension derives keys using EVP_BytesToKey with MD5 and only a single iteration. Remote attackers who can obtain ciphertext from the extension's storage or network exchanges can feasibly brute-force or precompute keys, leading to disclosure of protected information. EPSS is very low (0.01%), no public exploit has been identified, and the issue is not listed in CISA KEV.
Denial of service in Securly Chrome Extension 3.0.7 allows remote attackers to render all web browsing unusable when the extension's filtering service is unreachable. The extension dynamically registers an undeclared content script (content13.min.js) at runtime via chrome.scripting.registerContentScripts(), hiding every page behind a full-page overlay until the service worker validates the page; if Securly's servers fail or are blocked, pages remain indefinitely blank. No public exploit identified at time of analysis, and EPSS rates exploitation probability at 0.02% (5th percentile).
Information disclosure in Securly Chrome Extension version 3.0.7 allows remote unauthenticated attackers to retrieve SHA-1 hashes via publicly accessible endpoints, where the hashes are weakly protected by a reversible Caesar cipher. The flaw enables recovery of sensitive identifiers protecting filtered content data, with no public exploit identified at time of analysis and an EPSS score of 0.02% indicating very low predicted exploitation activity.
Hardcoded cryptographic secrets in Securly Chrome Extension version 3.0.7 allow remote attackers to decrypt sensitive crisis alert keyword lists and intervention site data shipped with the extension. The plaintext AES passphrases embedded in securly.min.js can be extracted by anyone who installs or inspects the extension, exposing the proprietary detection logic used to safeguard students. No public exploit has been identified at time of analysis, and EPSS rates exploitation probability at 0.02% (4th percentile), but the trivial extractability of the keys means any motivated actor can replicate the disclosure.
Cleartext transmission in Securly Chrome Extension version 3.0.7 exposes crisis alert keyword lists and content filtering rules to adjacent network attackers because the extension fetches these JSON configuration files over plaintext HTTP while other endpoints in the same extension correctly use HTTPS. An adjacent attacker on the same network segment can intercept or tamper with the filtering policy data, undermining the safety controls Securly is meant to enforce on managed Chromebooks. No public exploit identified at time of analysis and EPSS is very low at 0.01%, but a vendor patch is available.
Type confusion in the V8 JavaScript engine of Google Chrome before 148.0.7778.216 enables sandboxed arbitrary code execution when a user is convinced to install a malicious browser extension that delivers a crafted payload. The flaw carries a CVSS 7.5 (AV:N/AC:H/PR:N/UI:R) and is reported by Google's Chrome team, with no public exploit identified at time of analysis and a very low EPSS of 0.02%. Impact remains constrained to the renderer sandbox, but full confidentiality, integrity, and availability loss inside that boundary is possible.
Remote code execution in Google Chrome desktop versions prior to 148.0.7778.216 allows a remote attacker to execute arbitrary code in the browser context by luring a victim to a crafted HTML page that abuses insufficient input validation in the WebUSB component. The flaw carries a CVSS 3.1 score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and Chromium rates it Medium severity; no public exploit identified at time of analysis and it is not currently listed in CISA KEV. A vendor patch shipped via the Chrome Stable channel mitigates the issue.
Sandbox escape in Google Chrome on Android prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page targeting the Skia graphics library. Exploitation requires user interaction (visiting a malicious page) and chained renderer compromise, raising attack complexity, but the resulting scope change and full CIA impact make it a high-severity issue. No public exploit identified at time of analysis and EPSS exploitation probability is very low (0.05%, 15th percentile).
Cross-origin data leakage in Google Chrome versions prior to 148.0.7778.216 stems from an integer overflow in the ANGLE graphics translation layer, allowing a remote attacker who lures a user to a crafted HTML page to bypass same-origin protections and exfiltrate sensitive data from other domains. The flaw carries a CVSS 8.8 rating due to network reachability and high impact across confidentiality, integrity, and availability, though Chromium itself rates the severity as Medium. EPSS is very low at 0.03% (11th percentile) and no public exploit identified at time of analysis, indicating limited near-term exploitation pressure despite the high CVSS.
Integer overflow in ANGLE (Chrome's graphics translation layer) in Google Chrome prior to 148.0.7778.216 enables remote attackers to read sensitive data from the renderer process memory by enticing a victim to visit a crafted HTML page. The vulnerability is limited to confidentiality impact - no code execution or integrity impact is indicated by CVSS (C:H/I:N/A:N). With an EPSS of 0.03% and no CISA KEV listing, active exploitation is not currently observed, though the network-accessible attack vector and low complexity make the attack straightforward once a victim visits attacker-controlled content.
Sandbox escape in Google Chrome's Headless component prior to version 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. The flaw is an out-of-bounds read (CWE-125) reported by the Chrome team itself; no public exploit is identified at the time of analysis and EPSS is very low (0.03%), but the high CVSS (8.3) reflects scope-changed sandbox escape impact.
Remote code execution in Google Chrome versions prior to 148.0.7778.216 allows attackers to run arbitrary code inside the browser's renderer sandbox through a crafted HTML page that triggers a use-after-free condition in the DOM implementation. The flaw, rated High severity by Chromium and carrying a CVSS 8.8 score, requires only that a victim visit a malicious or compromised webpage, making it well-suited for drive-by attacks despite no public exploit identified at time of analysis.
Sandboxed arbitrary code execution in Google Chrome versions prior to 148.0.7778.216 stems from an integer overflow in the WTF (Web Template Framework) component, exploitable when a victim visits a crafted HTML page. The flaw carries a CVSS 8.8 (High) rating and Chromium-assigned High severity, requires user interaction (UI:R) to load the malicious page, and no public exploit identified at time of analysis. While code execution is constrained to the renderer sandbox, this remains a strong primitive for chaining with sandbox escapes in real-world exploit kits.
Sandbox escape in Google Chrome on Android prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page that triggers a use-after-free in the WebMIDI component. Chromium rates the severity High, and a vendor patch is available; no public exploit is identified at time of analysis and EPSS is very low at 0.03%.
Remote code execution in Google Chrome versions prior to 148.0.7778.216 stems from a use-after-free flaw in the WebCodecs component, allowing a remote attacker to run arbitrary code within the renderer sandbox by luring a victim to a malicious HTML page. The issue is rated High severity by Chromium with a CVSS 3.1 score of 8.8, and a vendor patch is available, though no public exploit has been identified at time of analysis and the CVE is not currently listed in CISA KEV. Successful exploitation requires user interaction (visiting a crafted page), and code execution is constrained to the Chrome sandbox unless chained with a sandbox-escape bug.
Sandbox escape in Google Chrome's Skia graphics library prior to version 148.0.7778.216 allows remote attackers who have already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. The flaw is a use-after-free memory corruption issue rated High by Chromium, with a patch shipped through the Stable channel and no public exploit identified at time of analysis. EPSS probability is very low (0.03%) and the CVE is not on the CISA KEV list, indicating no observed in-the-wild exploitation despite the serious technical impact.
Cross-origin data leak in Google Chrome's Skia graphics engine affects all versions prior to 148.0.7778.216, exploitable only after an attacker has already achieved renderer process compromise via a separate vulnerability. The flaw (CWE-200) allows the compromised renderer to exfiltrate cross-origin data by processing a crafted HTML page, with impact limited to partial confidentiality loss. No public exploit identified at time of analysis; EPSS at 0.03% (11th percentile) and absence of CISA KEV listing confirm low widespread exploitation probability, though the renderer-compromise prerequisite implies real-world use would appear in chained exploit scenarios.
Site isolation bypass in Google Chrome for Android (prior to 148.0.7778.216) enables a remote attacker who has already achieved renderer process compromise to cross Chrome's site isolation boundary via a specially crafted HTML page. The flaw resides in the Input handling component (CWE-346: Origin Validation Error), where improper implementation fails to enforce origin boundaries adequately within the renderer context on Android. No public exploit code exists and no active exploitation has been identified at time of analysis; EPSS is 0.02% (4th percentile) and SSVC rates exploitation as none - consistent with the high-complexity, chained-attack prerequisites.
Sandboxed arbitrary code execution in Google Chrome versions prior to 148.0.7778.216 stems from an integer overflow in the Skia graphics library, allowing a remote attacker who has already compromised the renderer process to execute code within the sandbox via a crafted HTML page. Chromium rates this High severity, and no public exploit has been identified at time of analysis, though the vulnerability is part of a multi-stage exploit chain where renderer compromise is a prerequisite. The CVSS 7.5 score reflects high attack complexity (AC:H) and required user interaction (UI:R), making mass exploitation less likely than the impact metrics alone would suggest.
Uninitialized GPU memory use in Google Chrome on Android prior to 148.0.7778.216 enables remote attackers to read potentially sensitive data from the browser's GPU process memory. Exploitation requires user interaction - a victim must visit a crafted HTML page - and is confined to the Android platform, narrowing real-world exposure relative to the CVSS C:H impact rating. No public exploit code exists and this vulnerability is absent from CISA KEV; EPSS at 0.03% (11th percentile) and SSVC exploitation status of 'none' collectively indicate low near-term exploitation probability.
Remote code execution in Google Chrome versions prior to 148.0.7778.216 stems from a use-after-free flaw in the SVG rendering component, allowing remote attackers to execute arbitrary code within the renderer sandbox by luring a user to a crafted HTML page. Rated High severity by the Chromium project with a CVSS score of 8.8, the issue requires user interaction (visiting a malicious page) but no authentication. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.
Remote code execution in Google Chrome versions prior to 148.0.7778.216 allows remote attackers to execute arbitrary code within the renderer sandbox by enticing a victim to visit a crafted HTML page that triggers a race condition in the WebAudio component. Google rates the underlying Chromium issue as High severity, and while no public exploit identified at time of analysis, the bug is browser-resident and reachable from any web origin, making it a meaningful drive-by risk once details surface. EPSS data was not provided, and the issue is not currently listed in CISA KEV.
Remote code execution in Google Chrome on macOS prior to 148.0.7778.216 stems from a use-after-free condition in the WebAppInstalls component, enabling a remote attacker to execute arbitrary code in the renderer context when a victim is lured to a malicious page and performs specific UI gestures. Chromium rates the severity as High, and while no public exploit identified at time of analysis, the bug class (UAF) is historically a favored target for Chrome exploit chains. The high attack complexity and required user interaction lower the practical exploitability compared to one-click bugs.
UI spoofing in Google Chrome's Passwords component (all versions prior to 148.0.7778.216) allows a remote, unauthenticated attacker to manipulate browser-native password UI elements by delivering a crafted HTML page to a victim. The flaw arises from insufficient input validation (CWE-20) in the Passwords subsystem, enabling attacker-controlled content to render deceptive credential prompts that are visually indistinguishable from legitimate Chrome dialogs. No public exploit has been identified at time of analysis and the CVE is absent from CISA KEV, though the zero-privilege, network-accessible attack surface and High Chromium severity designation make patching a clear priority.
Remote code execution in Google Chrome versions prior to 148.0.7778.216 stems from a use-after-free condition in the Views UI component, allowing a remote attacker to execute arbitrary code if they can convince a user to perform specific UI gestures on a crafted HTML page. Chromium rates this as High severity and a vendor patch is available, but no public exploit has been identified at time of analysis.
Heap corruption in Google Chrome's PDFium component (versions prior to 148.0.7778.216) allows a remote attacker to potentially achieve code execution by tricking a user into opening a crafted PDF file. The flaw is a use-after-free condition rated High severity by Chromium, with no public exploit identified at time of analysis and a low EPSS score (0.03%) suggesting limited near-term mass exploitation despite a CVSS of 8.8. A vendor patch has been released via the Chrome Stable channel update.
Sandbox escape in Google Chrome versions prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a use-after-free in the PerformanceManager component triggered by a crafted HTML page. Exploitation requires user interaction (visiting a malicious page) and a pre-existing renderer compromise, and while no public exploit has been identified at time of analysis, EPSS rates exploitation probability as low (0.03%, 11th percentile). The flaw is rated High severity by Chromium and carries a CVSS 3.1 score of 8.3 due to the scope-changing nature of a sandbox escape.
Sandbox escape in Google Chrome on Windows prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out via a use-after-free in the Passwords component, delivered through a crafted HTML page. Exploitation requires user interaction and high attack complexity, and no public exploit identified at time of analysis, though Google rates the underlying Chromium severity as High and a vendor patch is available.
Remote code execution in Google Chrome on macOS prior to version 148.0.7778.216 allows a remote attacker to execute arbitrary code within the renderer sandbox by enticing a victim to visit a crafted HTML page that triggers an inappropriate implementation flaw in the ANGLE graphics layer. The issue is rated High by Chromium and carries a CVSS 3.1 score of 8.8 with user interaction required; no public exploit identified at time of analysis and EPSS is low at 0.04%.
Sandbox escape in Google Chrome versions prior to 148.0.7778.216 enables remote attackers who have already compromised the renderer process to break out of the browser sandbox via an integer overflow in the Skia graphics library. Exploitation requires a crafted HTML page and user interaction, and while a patch is available from Google, there is no public exploit identified at time of analysis and EPSS scoring (0.03%) indicates low near-term exploitation probability.
Sandbox escape in Google Chrome versions prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page that triggers a use-after-free in the Input component. Chromium rates the severity as High and CVSS scores it 8.3, but EPSS estimates exploitation probability at only 0.03% (11th percentile) and no public exploit identified at time of analysis. The flaw is a chained-exploitation primitive rather than a standalone RCE, requiring an attacker to first achieve renderer code execution before leveraging this bug.
Out-of-bounds read in the WebRTC subsystem of Google Chrome on macOS (versions prior to 148.0.7778.216) enables remote attackers to exfiltrate potentially sensitive data from browser process memory by luring a user to a crafted HTML page. The CVSS vector (AV:N/AC:L/PR:N/UI:R/C:H/I:N/A:N) confirms network-reachable, unauthenticated exploitation with confidentiality-only impact, but mandates user interaction, limiting fully passive attack scenarios. No active exploitation has been confirmed in CISA KEV, and an EPSS score of 0.03% at the 10th percentile reflects low observed exploitation probability at time of analysis; no public exploit code has been identified.
Remote code execution in Google Chrome versions prior to 148.0.7778.216 stems from a use-after-free flaw in the WebXR component, allowing a remote attacker to run arbitrary code within the browser's renderer sandbox by enticing a victim to visit a crafted HTML page. Google rates the underlying Chromium severity as High, and a vendor patch has been released; no public exploit identified at time of analysis.
Sandbox escape in Google Chrome on Windows prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page that triggers a use-after-free in the Core component. Google rates this Chromium severity as High, and a vendor patch is available; no public exploit identified at time of analysis, and EPSS is very low (0.03%, 11th percentile). Exploitation requires a chained renderer compromise plus user interaction, so it is a meaningful second-stage primitive rather than a one-shot drive-by RCE.
Sandbox escape in Google Chrome versions prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox by serving a crafted PDF file that triggers a use-after-free in the Views component. Chromium rates the severity as High and Google has shipped a fixed Stable channel build, but no public exploit is identified at time of analysis and EPSS exploitation probability is very low (0.03%, 11th percentile). The bug is a second-stage primitive - it requires an existing renderer compromise plus user interaction with a malicious PDF, which is the typical shape of a Chrome exploit chain.
Remote code execution in Google Chrome's Network component prior to version 148.0.7778.216 allows a remote attacker to execute arbitrary code within the renderer sandbox by enticing a user to visit a crafted HTML page. The flaw is a use-after-free memory corruption issue rated High severity by the Chromium team, and while no public exploit is identified at time of analysis, browser memory-corruption bugs of this class are historically attractive targets when chained with a sandbox escape.
Cross-origin data leakage in Google Chrome's Media component on Windows (versions prior to 148.0.7778.216) permits exfiltration of sensitive origin-isolated content, but only as a second-stage primitive requiring prior renderer process compromise. The confidentiality impact is constrained (CVSS 3.1/Low, CWE-200), with no integrity or availability consequences. No public exploit code exists and the EPSS score of 0.03% (11th percentile) reflects negligible real-world exploitation probability at time of analysis.
Same-origin policy bypass in Google Chrome's Media component allows remote attackers to read or manipulate cross-origin data via a crafted video file. Affected are all Chrome versions prior to 148.0.7778.216 on desktop platforms, confirmed via ENISA EUVD-2026-33131 and the Chrome stable channel advisory. The CVSS vector (PR:N/UI:R) indicates no authentication is required but victim interaction is necessary; EPSS sits at 0.02% (4th percentile), and no active exploitation is confirmed in the CISA KEV catalog, making this a medium-priority issue despite the network-accessible attack vector.
Sandbox escape in Google Chrome on Linux prior to 148.0.7778.216 allows remote attackers to leverage a WebRTC use-after-free condition through a crafted HTML page to break out of the renderer sandbox. The flaw was reported by the Chrome security team and rated High severity by Chromium, with no public exploit identified at time of analysis and an EPSS score of 0.03% (10th percentile) suggesting low near-term exploitation likelihood. Successful exploitation requires user interaction (visiting a malicious page) and high attack complexity, but the scope-changing impact (S:C) and full CIA compromise make it a meaningful browser-targeted risk.
Local arbitrary code execution in Google Chrome on Android prior to 148.0.7778.216 allows attackers to run code through a malicious file processed by the WebAppInstalls component due to insufficient input validation. The CVSS 7.8 (AV:L/UI:R) reflects that exploitation requires local access and user interaction (opening or installing the malicious file), and no public exploit identified at time of analysis. Chromium-rated High severity and a vendor patch is available in the Stable channel update.
UI spoofing in Google Chrome's OptimizationGuide component (all versions prior to 148.0.7778.216) enables a remote unauthenticated attacker who has already compromised the renderer process to present false browser UI elements to the user via a crafted HTML page. The root cause is CWE-20 (Improper Input Validation) - OptimizationGuide fails to adequately validate untrusted data sourced from the renderer, allowing that data to influence trusted browser UI surfaces. With a CVSS score of 4.2, EPSS at 0.05% (15th percentile), no KEV listing, and no public exploit identified at time of analysis, real-world risk is moderate-low despite the network vector, heavily gated by the renderer-compromise prerequisite.
Memory disclosure in Google Chrome's Media component on ChromeOS allows a remote attacker who has already compromised the renderer process to read potentially sensitive data from process memory via a specially crafted HTML page. Affected versions are all Chrome builds prior to 148.0.7778.216 on ChromeOS. This vulnerability is a chaining primitive - it cannot be exploited standalone and requires a prior renderer compromise, placing it in the context of multi-stage attack chains rather than direct exploitation. No public exploit code exists and no active exploitation has been identified at time of analysis.
Remote code execution in Google Chrome versions prior to 148.0.7778.216 allows a remote attacker to execute arbitrary code within the renderer sandbox via a crafted HTML page that triggers a type confusion bug in the Skia graphics library. The flaw was reported by the Chrome team and is rated High severity by Chromium; no public exploit has been identified at time of analysis, though browser type-confusion bugs in Skia have historically been weaponized. Exploitation requires user interaction (UI:R) - typically visiting an attacker-controlled or compromised page.
Sandbox escape in Google Chrome's ANGLE component prior to version 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. The flaw stems from insufficient validation of untrusted input (CWE-20) in ANGLE, Chrome's translation layer for graphics APIs. No public exploit identified at time of analysis and EPSS exploitation probability is very low (0.05%, 15th percentile), but the Chromium-assigned 'High' severity reflects its value as the second stage in a browser exploit chain.
Inappropriate implementation in the Skia graphics library within Google Chrome prior to 148.0.7778.216 enables remote attackers to read potentially sensitive data from renderer process memory by delivering a crafted HTML page. The CVSS vector (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) confirms unauthenticated network exploitation with high confidentiality impact, constrained only by the requirement for user interaction. No public exploit has been identified at time of analysis, and EPSS at 0.03% (11th percentile) indicates minimal observed exploitation activity.
Site isolation bypass in Google Chrome's Printing component (versions prior to 148.0.7778.216) enables an attacker who has already compromised the renderer process to escape cross-origin data boundaries via a crafted HTML page. The root cause is insufficient input validation (CWE-20) in the printing subsystem, which fails to properly sanitize renderer-supplied data before acting on it in a security-sensitive context. With an EPSS of 0.02% (6th percentile), no CISA KEV listing, and no public exploit identified at time of analysis, this functions primarily as a post-exploitation escalation primitive rather than an initial access vector.
Site isolation bypass in Google Chrome prior to 148.0.7778.216 enables a remote attacker who has already compromised the renderer process to escape cross-origin boundaries via a crafted HTML page. The attack is constrained by a two-stage prerequisite: an existing renderer compromise plus user interaction with the malicious page, reflected in a CVSS score of 5.0 (AC:H/UI:R). No public exploit identified at time of analysis and an EPSS of 0.02% (6th percentile) indicate very low probability of widespread exploitation, though the technique is meaningful as a post-exploitation escalation primitive.
Sandboxed remote code execution in Google Chrome desktop versions prior to 148.0.7778.216 stems from a use-after-free defect in the Glic component, allowing a remote attacker to corrupt memory and execute arbitrary code within the renderer sandbox when a victim visits a crafted HTML page. Google has rated the Chromium severity as High and shipped a Stable channel update; no public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV. The CVSS 8.8 score reflects network reachability and user interaction (loading a page), with full impact to confidentiality, integrity, and availability inside the sandboxed process.
Sandbox escape in Google Chrome on Android prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page abusing the WebShare component. Chromium rates the issue High severity, and CVSS scores it 8.3 reflecting the scope-change impact, though EPSS is currently low at 0.04% and no public exploit is identified at time of analysis.
Remote code execution in Google Chrome versions prior to 148.0.7778.216 allows attackers to run arbitrary code by luring a victim to a crafted HTML page that abuses an inappropriate implementation in the browser's USB subsystem. Chromium rates the severity as High and the CVSS 8.8 vector reflects unauthenticated network exploitation with required user interaction. No public exploit identified at time of analysis, but the vendor has shipped a stable channel patch.
Sandbox escape in Google Chrome versions prior to 148.0.7778.216 is possible through an out-of-bounds read and write vulnerability in the ANGLE graphics translation layer. An attacker who has already compromised the renderer process can leverage a crafted HTML page to break out of Chrome's sandbox and potentially execute code at a higher privilege level. No public exploit identified at time of analysis, and EPSS is very low at 0.03%, but Google rates the underlying Chromium severity as High.
Sandbox escape in Google Chrome's GPU process prior to version 148.0.7778.216 allows remote attackers who have already compromised the renderer process to break out of the Chromium sandbox via a crafted HTML page. The flaw is an out-of-bounds write (CWE-787) rated High by Chromium with CVSS 8.3, and while a vendor patch is available, no public exploit identified at time of analysis and EPSS is very low at 0.03%.
Remote code execution in Google Chrome's V8 JavaScript engine prior to 148.0.7778.216 allows attackers to execute arbitrary code inside the renderer sandbox when a victim visits a crafted HTML page. The flaw is an out-of-bounds write (CWE-787) rated High by Chromium and CVSS 8.8, requires user interaction to load attacker-controlled content, and no public exploit has been identified at time of analysis.
Sandbox escape in Google Chrome on macOS prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page targeting the Gamepad component. The flaw is rated High by Chromium and carries a CVSS 8.3 (AV:N/AC:H/PR:N/UI:R/S:C), but EPSS is only 0.03% (11th percentile) and no public exploit identified at time of analysis. The bug is a second-stage primitive in a multi-stage exploit chain rather than a standalone RCE.
Universal Cross-Site Scripting (UXSS) in Google Chrome on iOS prior to 148.0.7778.216 enables a remote unauthenticated attacker to inject arbitrary scripts or HTML into the browser context by convincing a target user to perform specific UI gestures on a crafted HTML page. The vulnerability stems from an inappropriate implementation in Chrome's iOS-specific code layer (CWE-79), and while UXSS attacks typically carry cross-origin escalation potential, the CVSS S:U (Unchanged scope) rating suggests cross-origin impact is not confirmed by the scoring authority. No public exploit or active exploitation has been identified at time of analysis; EPSS at 0.06% places this in the 17th percentile of exploitation likelihood.
Sandbox escape in Google Chrome's WebGL component (versions prior to 148.0.7778.216) allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page. The flaw is a use-after-free memory corruption issue rated High severity by Chromium, requiring user interaction (visiting a page) and a prior renderer compromise, making it a second-stage exploit primitive. No public exploit identified at time of analysis, and EPSS exploitation probability is very low at 0.03%.
Remote code execution in Google Chrome's ANGLE graphics layer prior to version 148.0.7778.216 allows attackers to run arbitrary code on a victim's machine when they visit a malicious web page. The flaw stems from insufficient validation of untrusted input (CWE-20) within ANGLE and carries a CVSS 8.8 rating reflecting network reach with user interaction. No public exploit identified at time of analysis, and EPSS exploitation probability is low at 0.05% (16th percentile), but the high technical impact and Chrome's massive install base warrant prompt patching.
Remote code execution in Google Chrome's V8 JavaScript engine prior to version 148.0.7778.216 allows attackers to run arbitrary code inside the renderer sandbox when a victim visits a crafted HTML page. The flaw stems from an integer overflow (CWE-472, External Control of Assumed-Immutable Web Parameter / integer-handling weakness in V8) rated High severity by Chromium and CVSS 8.8. No public exploit identified at time of analysis, and the bug is not currently listed in CISA KEV.
Sandbox escape in Google Chrome versions prior to 148.0.7778.216 allows a remote attacker to trigger an out-of-bounds write in the GPU process via a crafted HTML page, potentially breaking out of Chrome's renderer sandbox. The flaw carries a CVSS 9.6 due to scope change (S:C) and high impact across confidentiality, integrity, and availability, but requires user interaction (UI:R) such as visiting a malicious page. No public exploit identified at time of analysis, and EPSS is very low at 0.03% (11th percentile), suggesting limited near-term mass exploitation despite the severe potential impact.
Sandbox escape in Google Chrome on Windows prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page that triggers an integer overflow in XML handling. The flaw is rated Chromium High severity with CVSS 8.3 and requires user interaction plus a chained renderer compromise; no public exploit identified at time of analysis and EPSS is very low at 0.03%.
Out-of-bounds write in the ANGLE graphics translation layer of Google Chrome before 148.0.7778.216 allows a remote attacker to trigger heap corruption by luring a user to a crafted HTML page, potentially leading to arbitrary code execution within the renderer process. Chromium rates the severity as High and CVSS scores it 8.8, but EPSS exploitation probability is currently very low (0.03%, 11th percentile) and no public exploit identified at time of analysis. The flaw was reported through Chrome's internal disclosure process and a fixed build is already available from the vendor.
Arbitrary code execution in Google Chrome on macOS prior to 148.0.7778.216 stems from a use-after-free condition in the Bluetooth component, exploitable through a malicious browser extension. Chromium rates the severity as High, and while CVSS scores it 8.1 with network attack vector, real-world exploitation requires the victim to install an attacker-controlled extension. No public exploit identified at time of analysis, and EPSS exploitation probability is very low at 0.01%.
Arbitrary code execution within the sandbox in Google Chrome on iOS prior to 148.0.7778.216 allows remote attackers to abuse an uninitialized memory condition when a victim performs specific UI gestures on a crafted HTML page. Chromium rates the security severity as High, and a vendor patch is available; no public exploit identified at time of analysis and the EPSS score (0.04%) suggests low near-term exploitation likelihood.
Remote code execution in Google Chrome's WebRTC component (versions prior to 148.0.7778.216) allows a remote attacker to execute arbitrary code within the browser sandbox by enticing a victim to load a crafted HTML page. The flaw is a use-after-free memory corruption issue rated High by Chromium's security team, and while no public exploit identified at time of analysis, the CVSS 8.8 score reflects the low-complexity network-based attack vector combined with the high impact across confidentiality, integrity, and availability. User interaction (visiting a malicious page) is required, but otherwise no authentication or privileges are needed.
Heap corruption in Google Chrome's SurfaceCapture component (versions prior to 148.0.7778.216) allows a remote attacker to potentially execute arbitrary code by luring a user to a crafted HTML page. The flaw is a use-after-free issue rated High severity by the Chromium project, with a CVSS score of 8.8 reflecting low complexity and no authentication, though user interaction is required. There is no public exploit identified at time of analysis and EPSS is very low (0.03%, 11th percentile), but the historical pattern of Chrome UAF bugs being weaponized makes patching urgent.
Sandboxed arbitrary code execution in Google Chrome's PDFium component (versions prior to 148.0.7778.216) is possible via an integer overflow triggered by a crafted font file. The flaw requires a pre-compromised renderer process and user interaction, and no public exploit identified at time of analysis, though Chromium rates it High severity.
Remote code execution in Google Chrome versions prior to 149.0.7827.53 stems from a use-after-free flaw in the WebRTC component that lets a remote attacker run arbitrary code within the renderer sandbox by luring a victim to a crafted HTML page. Google rates the underlying Chromium issue as High severity, and no public exploit is identified at time of analysis, though publicly available patch metadata and Chromium bug tracker entries (issue 503422316) confirm the fix.
Remote code execution in Google Chrome versions prior to 149.0.7827.53 stems from a use-after-free flaw in the Ozone graphics abstraction layer, rated Critical by Chromium's internal severity classification. Remote attackers can trigger arbitrary code execution within the browser's rendering context by enticing a victim to visit a crafted HTML page. There is no public exploit identified at time of analysis, and CISA SSVC scoring indicates no observed exploitation, though the technical impact is rated total.
Remote code execution in Google Chrome on macOS prior to version 149.0.7827.53 stems from a use-after-free condition in the Passwords component, allowing a remote attacker to execute arbitrary code if a victim is convinced to perform specific UI gestures on a crafted HTML page. Chromium rates the underlying severity as Critical, though CVSS scores it 7.5 due to high attack complexity and required user interaction. There is no public exploit identified at time of analysis and SSVC indicates exploitation status is none.
Remote heap corruption in Google Chrome on macOS prior to 149.0.7827.53 stems from a use-after-free in the Passwords component, letting a remote attacker who lures a user into specific UI interactions trigger memory corruption via a crafted HTML page. Chromium rates the underlying flaw Critical and a vendor patch is available, though no public exploit has been identified at time of analysis and active exploitation has not been confirmed by CISA KEV.
Heap corruption in Google Chrome's Ozone display layer on Linux versions prior to 149.0.7827.53 allows remote attackers to potentially achieve code execution by enticing a user to perform specific UI gestures on a crafted HTML page. Chromium rates the underlying issue as Critical severity, and no public exploit has been identified at time of analysis. The defect is a use-after-free (CWE-416) reachable from the renderer's interaction with the Linux display abstraction.
Sandbox escape in Google Chrome versions prior to 149.0.7827.53 allows remote attackers who have already compromised the renderer process to potentially break out of the sandbox via a stack buffer overflow in the GPU component triggered by a crafted HTML page. Chromium rates this as Critical severity, and while no public exploit has been identified at time of analysis, the vendor has released a patched stable channel build addressing the issue.
Sandbox escape in Google Chrome's GPU component prior to version 149.0.7827.53 allows remote attackers to break out of the renderer sandbox via a crafted HTML page when a user visits a malicious site. Google's Chromium team rated the underlying issue Critical severity, and while a patch is available, no public exploit identified at time of analysis and EPSS estimates exploitation probability at only 0.03%.
Remote code execution in Google Chrome for iOS prior to version 149.0.7827.53 allows a remote attacker to execute arbitrary code by enticing a user to visit a crafted HTML page. Chromium rates the underlying use-after-free as Critical severity, though SSVC currently shows no observed exploitation and no public exploit identified at time of analysis. The CVSS 8.8 rating reflects high impact across confidentiality, integrity, and availability, tempered by a required user interaction (visiting the malicious page).
Remote code execution in Google Chrome's Ozone display server layer affects all desktop versions prior to 149.0.7827.53, where a use-after-free memory corruption flaw can be triggered by a crafted HTML page. Chromium-internal severity is rated Critical and the CVSS 3.1 score of 8.8 reflects high impact across confidentiality, integrity, and availability, though exploitation requires user interaction (visiting an attacker-controlled page). No public exploit has been identified at time of analysis, and CISA SSVC currently lists Exploitation as 'none'.
Sandbox escape in Google Chrome on Linux prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page that triggers a use-after-free in the Printing component. Google rates the underlying Chromium issue as Critical severity, and no public exploit is identified at time of analysis. The CVSS 8.3 score reflects the chained nature of the attack and the scope change that results when sandbox boundaries are crossed.
Remote code execution in Google Chrome versions prior to 149.0.7827.53 stems from a use-after-free flaw in the Chromoting (Chrome Remote Desktop) component, which Google rated Critical internally. A remote attacker can deliver malicious network traffic to a user with an active Chromoting session and execute arbitrary code in the browser context, though user interaction is required per the CVSS vector. No public exploit identified at time of analysis, and EPSS probability is very low (0.04%).
Sandbox escape in Google Chrome for Android versions prior to 149.0.7827.53 stems from an out-of-bounds write in the GPU process that a remote attacker can trigger via a crafted HTML page. Google rates the underlying Chromium issue as Critical severity, and while a vendor patch is available, no public exploit identified at time of analysis and EPSS sits at 0.03% (11th percentile). The CVSS scope-changed vector (S:C) reflects the impact of breaking out of Chrome's sandbox to affect the broader Android OS context.
Heap corruption in Google Chrome's GFX component on Linux prior to version 149.0.7827.53 allows remote attackers to potentially achieve code execution when a victim visits a crafted HTML page. Google rates the underlying Chromium issue as Critical severity, and a vendor patch is available; no public exploit identified at time of analysis.
Heap corruption in Google Chrome's Cast component prior to version 149.0.7827.53 allows adjacent-network attackers to trigger a use-after-free condition through crafted network traffic, potentially leading to arbitrary code execution within the renderer. Chromium rates the underlying severity as Critical, and no public exploit identified at time of analysis, though the AV:A vector means any attacker sharing the victim's LAN or Wi-Fi segment can attempt exploitation without authentication or user interaction.
Out-of-bounds read in the ANGLE graphics layer of Google Chrome before 149.0.7827.53 enables a remote attacker who has already compromised the renderer process to potentially escape the browser sandbox via a crafted HTML page. Chromium rates the underlying issue Critical severity, and while no public exploit has been identified at time of analysis, the bug is in a historically targeted attack surface (GPU/ANGLE) frequently abused in renderer-to-broker escape chains.
Remote code execution in Google Chrome's Cast Streaming component (versions prior to 149.0.7827.53) allows an attacker on the same local network segment to execute arbitrary code by sending malicious network traffic to a vulnerable browser. The flaw is rated Critical by the Chromium project and carries a CVSS 3.1 score of 8.8, with no public exploit identified at time of analysis.
Remote code execution in Google Chrome on macOS prior to 149.0.7827.53 stems from a use-after-free flaw in the Chromoting (Chrome Remote Desktop) component, allowing remote attackers to execute arbitrary code by delivering malicious network traffic. Google's Chromium team rates the underlying defect as Critical severity, and no public exploit has been identified at time of analysis, though the bug class historically attracts in-the-wild exploitation against browser users.
Sandbox escape in Google Chrome versions prior to 149.0.7827.53 allows remote attackers to exploit a use-after-free condition in the FileSystem component via a crafted HTML page, with user interaction required. Google has rated the underlying Chromium issue as Critical severity, and a vendor patch is available; no public exploit identified at time of analysis, though the high CVSS score (9.6) and scope-changed impact warrant rapid patching.
Remote code execution in Google Chrome for iOS versions prior to 149.0.7827.53 allows a remote attacker to execute arbitrary code by luring a victim to a crafted HTML page that triggers a use-after-free condition. The flaw is rated Critical by Chromium and carries a CVSS 8.8 score, and while no public exploit is identified at time of analysis, the user-interaction-only barrier (visiting a page) makes drive-by exploitation a realistic concern for unpatched iOS Chrome users.
Sandbox escape in Google Chrome versions prior to 149.0.7827.53 enables a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page targeting a use-after-free flaw in the Chromecast component. Google classifies the underlying issue as Critical severity, and no public exploit has been identified at time of analysis. The bug requires chaining with a separate renderer compromise, which lowers standalone exploitability but makes it valuable as the second stage of a full browser exploit chain.
Heap corruption in Google Chrome's ANGLE graphics translation layer prior to version 149.0.7827.53 allows remote attackers to potentially achieve code execution by enticing a user to visit a crafted HTML page. Chromium rates the severity as Critical and the CVSS score is 8.8 (High), but no public exploit identified at time of analysis. The flaw is a type confusion issue that maps to CWE-787 (out-of-bounds write), affecting the browser's WebGL/graphics rendering path.
Remote code execution in Google Chrome versions prior to 149.0.7827.53 stems from a use-after-free flaw in the Network component, allowing a remote attacker to execute arbitrary code within the renderer process when a user visits a crafted HTML page. Google rated this issue Critical at the Chromium level, and a vendor patch is available; no public exploit identified at time of analysis.
Sandbox escape in Google Chrome's ANGLE graphics layer prior to version 149.0.7827.53 allows a remote attacker to trigger an out-of-bounds read and write via a crafted HTML page, with a CVSS 9.6 reflecting scope change and high impact across confidentiality, integrity, and availability. The flaw was rated Critical internally by Chromium and reported by Google's own CVE admin team; no public exploit identified at time of analysis, and CISA SSVC currently lists exploitation status as none.
Denial of service in Securly Chrome Extension version 3.0.7 allows on-path network attackers to halt all browsing activity by injecting malicious regular expression patterns into an HTTP-delivered configuration file. The extension fetches config.json over plaintext HTTP and compiles attacker-controlled patterns with new RegExp() without complexity checks, enabling catastrophic backtracking (ReDoS). No public exploit identified at time of analysis, and EPSS is very low (0.02%), but the issue is reported by CERT/CC.
Cryptographic weakness in Securly Chrome Extension version 3.0.7 and earlier exposes AES-encrypted data to recovery attacks because the extension derives keys using EVP_BytesToKey with MD5 and only a single iteration. Remote attackers who can obtain ciphertext from the extension's storage or network exchanges can feasibly brute-force or precompute keys, leading to disclosure of protected information. EPSS is very low (0.01%), no public exploit has been identified, and the issue is not listed in CISA KEV.
Denial of service in Securly Chrome Extension 3.0.7 allows remote attackers to render all web browsing unusable when the extension's filtering service is unreachable. The extension dynamically registers an undeclared content script (content13.min.js) at runtime via chrome.scripting.registerContentScripts(), hiding every page behind a full-page overlay until the service worker validates the page; if Securly's servers fail or are blocked, pages remain indefinitely blank. No public exploit identified at time of analysis, and EPSS rates exploitation probability at 0.02% (5th percentile).
Information disclosure in Securly Chrome Extension version 3.0.7 allows remote unauthenticated attackers to retrieve SHA-1 hashes via publicly accessible endpoints, where the hashes are weakly protected by a reversible Caesar cipher. The flaw enables recovery of sensitive identifiers protecting filtered content data, with no public exploit identified at time of analysis and an EPSS score of 0.02% indicating very low predicted exploitation activity.
Hardcoded cryptographic secrets in Securly Chrome Extension version 3.0.7 allow remote attackers to decrypt sensitive crisis alert keyword lists and intervention site data shipped with the extension. The plaintext AES passphrases embedded in securly.min.js can be extracted by anyone who installs or inspects the extension, exposing the proprietary detection logic used to safeguard students. No public exploit has been identified at time of analysis, and EPSS rates exploitation probability at 0.02% (4th percentile), but the trivial extractability of the keys means any motivated actor can replicate the disclosure.
Cleartext transmission in Securly Chrome Extension version 3.0.7 exposes crisis alert keyword lists and content filtering rules to adjacent network attackers because the extension fetches these JSON configuration files over plaintext HTTP while other endpoints in the same extension correctly use HTTPS. An adjacent attacker on the same network segment can intercept or tamper with the filtering policy data, undermining the safety controls Securly is meant to enforce on managed Chromebooks. No public exploit identified at time of analysis and EPSS is very low at 0.01%, but a vendor patch is available.
Type confusion in the V8 JavaScript engine of Google Chrome before 148.0.7778.216 enables sandboxed arbitrary code execution when a user is convinced to install a malicious browser extension that delivers a crafted payload. The flaw carries a CVSS 7.5 (AV:N/AC:H/PR:N/UI:R) and is reported by Google's Chrome team, with no public exploit identified at time of analysis and a very low EPSS of 0.02%. Impact remains constrained to the renderer sandbox, but full confidentiality, integrity, and availability loss inside that boundary is possible.
Remote code execution in Google Chrome desktop versions prior to 148.0.7778.216 allows a remote attacker to execute arbitrary code in the browser context by luring a victim to a crafted HTML page that abuses insufficient input validation in the WebUSB component. The flaw carries a CVSS 3.1 score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and Chromium rates it Medium severity; no public exploit identified at time of analysis and it is not currently listed in CISA KEV. A vendor patch shipped via the Chrome Stable channel mitigates the issue.
Sandbox escape in Google Chrome on Android prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page targeting the Skia graphics library. Exploitation requires user interaction (visiting a malicious page) and chained renderer compromise, raising attack complexity, but the resulting scope change and full CIA impact make it a high-severity issue. No public exploit identified at time of analysis and EPSS exploitation probability is very low (0.05%, 15th percentile).
Cross-origin data leakage in Google Chrome versions prior to 148.0.7778.216 stems from an integer overflow in the ANGLE graphics translation layer, allowing a remote attacker who lures a user to a crafted HTML page to bypass same-origin protections and exfiltrate sensitive data from other domains. The flaw carries a CVSS 8.8 rating due to network reachability and high impact across confidentiality, integrity, and availability, though Chromium itself rates the severity as Medium. EPSS is very low at 0.03% (11th percentile) and no public exploit identified at time of analysis, indicating limited near-term exploitation pressure despite the high CVSS.
Integer overflow in ANGLE (Chrome's graphics translation layer) in Google Chrome prior to 148.0.7778.216 enables remote attackers to read sensitive data from the renderer process memory by enticing a victim to visit a crafted HTML page. The vulnerability is limited to confidentiality impact - no code execution or integrity impact is indicated by CVSS (C:H/I:N/A:N). With an EPSS of 0.03% and no CISA KEV listing, active exploitation is not currently observed, though the network-accessible attack vector and low complexity make the attack straightforward once a victim visits attacker-controlled content.
Sandbox escape in Google Chrome's Headless component prior to version 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. The flaw is an out-of-bounds read (CWE-125) reported by the Chrome team itself; no public exploit is identified at the time of analysis and EPSS is very low (0.03%), but the high CVSS (8.3) reflects scope-changed sandbox escape impact.
Remote code execution in Google Chrome versions prior to 148.0.7778.216 allows attackers to run arbitrary code inside the browser's renderer sandbox through a crafted HTML page that triggers a use-after-free condition in the DOM implementation. The flaw, rated High severity by Chromium and carrying a CVSS 8.8 score, requires only that a victim visit a malicious or compromised webpage, making it well-suited for drive-by attacks despite no public exploit identified at time of analysis.
Sandboxed arbitrary code execution in Google Chrome versions prior to 148.0.7778.216 stems from an integer overflow in the WTF (Web Template Framework) component, exploitable when a victim visits a crafted HTML page. The flaw carries a CVSS 8.8 (High) rating and Chromium-assigned High severity, requires user interaction (UI:R) to load the malicious page, and no public exploit identified at time of analysis. While code execution is constrained to the renderer sandbox, this remains a strong primitive for chaining with sandbox escapes in real-world exploit kits.
Sandbox escape in Google Chrome on Android prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page that triggers a use-after-free in the WebMIDI component. Chromium rates the severity High, and a vendor patch is available; no public exploit is identified at time of analysis and EPSS is very low at 0.03%.
Remote code execution in Google Chrome versions prior to 148.0.7778.216 stems from a use-after-free flaw in the WebCodecs component, allowing a remote attacker to run arbitrary code within the renderer sandbox by luring a victim to a malicious HTML page. The issue is rated High severity by Chromium with a CVSS 3.1 score of 8.8, and a vendor patch is available, though no public exploit has been identified at time of analysis and the CVE is not currently listed in CISA KEV. Successful exploitation requires user interaction (visiting a crafted page), and code execution is constrained to the Chrome sandbox unless chained with a sandbox-escape bug.
Sandbox escape in Google Chrome's Skia graphics library prior to version 148.0.7778.216 allows remote attackers who have already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. The flaw is a use-after-free memory corruption issue rated High by Chromium, with a patch shipped through the Stable channel and no public exploit identified at time of analysis. EPSS probability is very low (0.03%) and the CVE is not on the CISA KEV list, indicating no observed in-the-wild exploitation despite the serious technical impact.
Cross-origin data leak in Google Chrome's Skia graphics engine affects all versions prior to 148.0.7778.216, exploitable only after an attacker has already achieved renderer process compromise via a separate vulnerability. The flaw (CWE-200) allows the compromised renderer to exfiltrate cross-origin data by processing a crafted HTML page, with impact limited to partial confidentiality loss. No public exploit identified at time of analysis; EPSS at 0.03% (11th percentile) and absence of CISA KEV listing confirm low widespread exploitation probability, though the renderer-compromise prerequisite implies real-world use would appear in chained exploit scenarios.
Site isolation bypass in Google Chrome for Android (prior to 148.0.7778.216) enables a remote attacker who has already achieved renderer process compromise to cross Chrome's site isolation boundary via a specially crafted HTML page. The flaw resides in the Input handling component (CWE-346: Origin Validation Error), where improper implementation fails to enforce origin boundaries adequately within the renderer context on Android. No public exploit code exists and no active exploitation has been identified at time of analysis; EPSS is 0.02% (4th percentile) and SSVC rates exploitation as none - consistent with the high-complexity, chained-attack prerequisites.
Sandboxed arbitrary code execution in Google Chrome versions prior to 148.0.7778.216 stems from an integer overflow in the Skia graphics library, allowing a remote attacker who has already compromised the renderer process to execute code within the sandbox via a crafted HTML page. Chromium rates this High severity, and no public exploit has been identified at time of analysis, though the vulnerability is part of a multi-stage exploit chain where renderer compromise is a prerequisite. The CVSS 7.5 score reflects high attack complexity (AC:H) and required user interaction (UI:R), making mass exploitation less likely than the impact metrics alone would suggest.
Uninitialized GPU memory use in Google Chrome on Android prior to 148.0.7778.216 enables remote attackers to read potentially sensitive data from the browser's GPU process memory. Exploitation requires user interaction - a victim must visit a crafted HTML page - and is confined to the Android platform, narrowing real-world exposure relative to the CVSS C:H impact rating. No public exploit code exists and this vulnerability is absent from CISA KEV; EPSS at 0.03% (11th percentile) and SSVC exploitation status of 'none' collectively indicate low near-term exploitation probability.
Remote code execution in Google Chrome versions prior to 148.0.7778.216 stems from a use-after-free flaw in the SVG rendering component, allowing remote attackers to execute arbitrary code within the renderer sandbox by luring a user to a crafted HTML page. Rated High severity by the Chromium project with a CVSS score of 8.8, the issue requires user interaction (visiting a malicious page) but no authentication. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.
Remote code execution in Google Chrome versions prior to 148.0.7778.216 allows remote attackers to execute arbitrary code within the renderer sandbox by enticing a victim to visit a crafted HTML page that triggers a race condition in the WebAudio component. Google rates the underlying Chromium issue as High severity, and while no public exploit identified at time of analysis, the bug is browser-resident and reachable from any web origin, making it a meaningful drive-by risk once details surface. EPSS data was not provided, and the issue is not currently listed in CISA KEV.
Remote code execution in Google Chrome on macOS prior to 148.0.7778.216 stems from a use-after-free condition in the WebAppInstalls component, enabling a remote attacker to execute arbitrary code in the renderer context when a victim is lured to a malicious page and performs specific UI gestures. Chromium rates the severity as High, and while no public exploit identified at time of analysis, the bug class (UAF) is historically a favored target for Chrome exploit chains. The high attack complexity and required user interaction lower the practical exploitability compared to one-click bugs.
UI spoofing in Google Chrome's Passwords component (all versions prior to 148.0.7778.216) allows a remote, unauthenticated attacker to manipulate browser-native password UI elements by delivering a crafted HTML page to a victim. The flaw arises from insufficient input validation (CWE-20) in the Passwords subsystem, enabling attacker-controlled content to render deceptive credential prompts that are visually indistinguishable from legitimate Chrome dialogs. No public exploit has been identified at time of analysis and the CVE is absent from CISA KEV, though the zero-privilege, network-accessible attack surface and High Chromium severity designation make patching a clear priority.
Remote code execution in Google Chrome versions prior to 148.0.7778.216 stems from a use-after-free condition in the Views UI component, allowing a remote attacker to execute arbitrary code if they can convince a user to perform specific UI gestures on a crafted HTML page. Chromium rates this as High severity and a vendor patch is available, but no public exploit has been identified at time of analysis.
Heap corruption in Google Chrome's PDFium component (versions prior to 148.0.7778.216) allows a remote attacker to potentially achieve code execution by tricking a user into opening a crafted PDF file. The flaw is a use-after-free condition rated High severity by Chromium, with no public exploit identified at time of analysis and a low EPSS score (0.03%) suggesting limited near-term mass exploitation despite a CVSS of 8.8. A vendor patch has been released via the Chrome Stable channel update.
Sandbox escape in Google Chrome versions prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a use-after-free in the PerformanceManager component triggered by a crafted HTML page. Exploitation requires user interaction (visiting a malicious page) and a pre-existing renderer compromise, and while no public exploit has been identified at time of analysis, EPSS rates exploitation probability as low (0.03%, 11th percentile). The flaw is rated High severity by Chromium and carries a CVSS 3.1 score of 8.3 due to the scope-changing nature of a sandbox escape.
Sandbox escape in Google Chrome on Windows prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out via a use-after-free in the Passwords component, delivered through a crafted HTML page. Exploitation requires user interaction and high attack complexity, and no public exploit identified at time of analysis, though Google rates the underlying Chromium severity as High and a vendor patch is available.
Remote code execution in Google Chrome on macOS prior to version 148.0.7778.216 allows a remote attacker to execute arbitrary code within the renderer sandbox by enticing a victim to visit a crafted HTML page that triggers an inappropriate implementation flaw in the ANGLE graphics layer. The issue is rated High by Chromium and carries a CVSS 3.1 score of 8.8 with user interaction required; no public exploit identified at time of analysis and EPSS is low at 0.04%.
Sandbox escape in Google Chrome versions prior to 148.0.7778.216 enables remote attackers who have already compromised the renderer process to break out of the browser sandbox via an integer overflow in the Skia graphics library. Exploitation requires a crafted HTML page and user interaction, and while a patch is available from Google, there is no public exploit identified at time of analysis and EPSS scoring (0.03%) indicates low near-term exploitation probability.
Sandbox escape in Google Chrome versions prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page that triggers a use-after-free in the Input component. Chromium rates the severity as High and CVSS scores it 8.3, but EPSS estimates exploitation probability at only 0.03% (11th percentile) and no public exploit identified at time of analysis. The flaw is a chained-exploitation primitive rather than a standalone RCE, requiring an attacker to first achieve renderer code execution before leveraging this bug.
Out-of-bounds read in the WebRTC subsystem of Google Chrome on macOS (versions prior to 148.0.7778.216) enables remote attackers to exfiltrate potentially sensitive data from browser process memory by luring a user to a crafted HTML page. The CVSS vector (AV:N/AC:L/PR:N/UI:R/C:H/I:N/A:N) confirms network-reachable, unauthenticated exploitation with confidentiality-only impact, but mandates user interaction, limiting fully passive attack scenarios. No active exploitation has been confirmed in CISA KEV, and an EPSS score of 0.03% at the 10th percentile reflects low observed exploitation probability at time of analysis; no public exploit code has been identified.
Remote code execution in Google Chrome versions prior to 148.0.7778.216 stems from a use-after-free flaw in the WebXR component, allowing a remote attacker to run arbitrary code within the browser's renderer sandbox by enticing a victim to visit a crafted HTML page. Google rates the underlying Chromium severity as High, and a vendor patch has been released; no public exploit identified at time of analysis.
Sandbox escape in Google Chrome on Windows prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page that triggers a use-after-free in the Core component. Google rates this Chromium severity as High, and a vendor patch is available; no public exploit identified at time of analysis, and EPSS is very low (0.03%, 11th percentile). Exploitation requires a chained renderer compromise plus user interaction, so it is a meaningful second-stage primitive rather than a one-shot drive-by RCE.
Sandbox escape in Google Chrome versions prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox by serving a crafted PDF file that triggers a use-after-free in the Views component. Chromium rates the severity as High and Google has shipped a fixed Stable channel build, but no public exploit is identified at time of analysis and EPSS exploitation probability is very low (0.03%, 11th percentile). The bug is a second-stage primitive - it requires an existing renderer compromise plus user interaction with a malicious PDF, which is the typical shape of a Chrome exploit chain.
Remote code execution in Google Chrome's Network component prior to version 148.0.7778.216 allows a remote attacker to execute arbitrary code within the renderer sandbox by enticing a user to visit a crafted HTML page. The flaw is a use-after-free memory corruption issue rated High severity by the Chromium team, and while no public exploit is identified at time of analysis, browser memory-corruption bugs of this class are historically attractive targets when chained with a sandbox escape.
Cross-origin data leakage in Google Chrome's Media component on Windows (versions prior to 148.0.7778.216) permits exfiltration of sensitive origin-isolated content, but only as a second-stage primitive requiring prior renderer process compromise. The confidentiality impact is constrained (CVSS 3.1/Low, CWE-200), with no integrity or availability consequences. No public exploit code exists and the EPSS score of 0.03% (11th percentile) reflects negligible real-world exploitation probability at time of analysis.
Same-origin policy bypass in Google Chrome's Media component allows remote attackers to read or manipulate cross-origin data via a crafted video file. Affected are all Chrome versions prior to 148.0.7778.216 on desktop platforms, confirmed via ENISA EUVD-2026-33131 and the Chrome stable channel advisory. The CVSS vector (PR:N/UI:R) indicates no authentication is required but victim interaction is necessary; EPSS sits at 0.02% (4th percentile), and no active exploitation is confirmed in the CISA KEV catalog, making this a medium-priority issue despite the network-accessible attack vector.
Sandbox escape in Google Chrome on Linux prior to 148.0.7778.216 allows remote attackers to leverage a WebRTC use-after-free condition through a crafted HTML page to break out of the renderer sandbox. The flaw was reported by the Chrome security team and rated High severity by Chromium, with no public exploit identified at time of analysis and an EPSS score of 0.03% (10th percentile) suggesting low near-term exploitation likelihood. Successful exploitation requires user interaction (visiting a malicious page) and high attack complexity, but the scope-changing impact (S:C) and full CIA compromise make it a meaningful browser-targeted risk.
Local arbitrary code execution in Google Chrome on Android prior to 148.0.7778.216 allows attackers to run code through a malicious file processed by the WebAppInstalls component due to insufficient input validation. The CVSS 7.8 (AV:L/UI:R) reflects that exploitation requires local access and user interaction (opening or installing the malicious file), and no public exploit identified at time of analysis. Chromium-rated High severity and a vendor patch is available in the Stable channel update.
UI spoofing in Google Chrome's OptimizationGuide component (all versions prior to 148.0.7778.216) enables a remote unauthenticated attacker who has already compromised the renderer process to present false browser UI elements to the user via a crafted HTML page. The root cause is CWE-20 (Improper Input Validation) - OptimizationGuide fails to adequately validate untrusted data sourced from the renderer, allowing that data to influence trusted browser UI surfaces. With a CVSS score of 4.2, EPSS at 0.05% (15th percentile), no KEV listing, and no public exploit identified at time of analysis, real-world risk is moderate-low despite the network vector, heavily gated by the renderer-compromise prerequisite.
Memory disclosure in Google Chrome's Media component on ChromeOS allows a remote attacker who has already compromised the renderer process to read potentially sensitive data from process memory via a specially crafted HTML page. Affected versions are all Chrome builds prior to 148.0.7778.216 on ChromeOS. This vulnerability is a chaining primitive - it cannot be exploited standalone and requires a prior renderer compromise, placing it in the context of multi-stage attack chains rather than direct exploitation. No public exploit code exists and no active exploitation has been identified at time of analysis.
Remote code execution in Google Chrome versions prior to 148.0.7778.216 allows a remote attacker to execute arbitrary code within the renderer sandbox via a crafted HTML page that triggers a type confusion bug in the Skia graphics library. The flaw was reported by the Chrome team and is rated High severity by Chromium; no public exploit has been identified at time of analysis, though browser type-confusion bugs in Skia have historically been weaponized. Exploitation requires user interaction (UI:R) - typically visiting an attacker-controlled or compromised page.
Sandbox escape in Google Chrome's ANGLE component prior to version 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. The flaw stems from insufficient validation of untrusted input (CWE-20) in ANGLE, Chrome's translation layer for graphics APIs. No public exploit identified at time of analysis and EPSS exploitation probability is very low (0.05%, 15th percentile), but the Chromium-assigned 'High' severity reflects its value as the second stage in a browser exploit chain.
Inappropriate implementation in the Skia graphics library within Google Chrome prior to 148.0.7778.216 enables remote attackers to read potentially sensitive data from renderer process memory by delivering a crafted HTML page. The CVSS vector (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) confirms unauthenticated network exploitation with high confidentiality impact, constrained only by the requirement for user interaction. No public exploit has been identified at time of analysis, and EPSS at 0.03% (11th percentile) indicates minimal observed exploitation activity.
Site isolation bypass in Google Chrome's Printing component (versions prior to 148.0.7778.216) enables an attacker who has already compromised the renderer process to escape cross-origin data boundaries via a crafted HTML page. The root cause is insufficient input validation (CWE-20) in the printing subsystem, which fails to properly sanitize renderer-supplied data before acting on it in a security-sensitive context. With an EPSS of 0.02% (6th percentile), no CISA KEV listing, and no public exploit identified at time of analysis, this functions primarily as a post-exploitation escalation primitive rather than an initial access vector.
Site isolation bypass in Google Chrome prior to 148.0.7778.216 enables a remote attacker who has already compromised the renderer process to escape cross-origin boundaries via a crafted HTML page. The attack is constrained by a two-stage prerequisite: an existing renderer compromise plus user interaction with the malicious page, reflected in a CVSS score of 5.0 (AC:H/UI:R). No public exploit identified at time of analysis and an EPSS of 0.02% (6th percentile) indicate very low probability of widespread exploitation, though the technique is meaningful as a post-exploitation escalation primitive.
Sandboxed remote code execution in Google Chrome desktop versions prior to 148.0.7778.216 stems from a use-after-free defect in the Glic component, allowing a remote attacker to corrupt memory and execute arbitrary code within the renderer sandbox when a victim visits a crafted HTML page. Google has rated the Chromium severity as High and shipped a Stable channel update; no public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV. The CVSS 8.8 score reflects network reachability and user interaction (loading a page), with full impact to confidentiality, integrity, and availability inside the sandboxed process.
Sandbox escape in Google Chrome on Android prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page abusing the WebShare component. Chromium rates the issue High severity, and CVSS scores it 8.3 reflecting the scope-change impact, though EPSS is currently low at 0.04% and no public exploit is identified at time of analysis.
Remote code execution in Google Chrome versions prior to 148.0.7778.216 allows attackers to run arbitrary code by luring a victim to a crafted HTML page that abuses an inappropriate implementation in the browser's USB subsystem. Chromium rates the severity as High and the CVSS 8.8 vector reflects unauthenticated network exploitation with required user interaction. No public exploit identified at time of analysis, but the vendor has shipped a stable channel patch.
Sandbox escape in Google Chrome versions prior to 148.0.7778.216 is possible through an out-of-bounds read and write vulnerability in the ANGLE graphics translation layer. An attacker who has already compromised the renderer process can leverage a crafted HTML page to break out of Chrome's sandbox and potentially execute code at a higher privilege level. No public exploit identified at time of analysis, and EPSS is very low at 0.03%, but Google rates the underlying Chromium severity as High.
Sandbox escape in Google Chrome's GPU process prior to version 148.0.7778.216 allows remote attackers who have already compromised the renderer process to break out of the Chromium sandbox via a crafted HTML page. The flaw is an out-of-bounds write (CWE-787) rated High by Chromium with CVSS 8.3, and while a vendor patch is available, no public exploit identified at time of analysis and EPSS is very low at 0.03%.
Remote code execution in Google Chrome's V8 JavaScript engine prior to 148.0.7778.216 allows attackers to execute arbitrary code inside the renderer sandbox when a victim visits a crafted HTML page. The flaw is an out-of-bounds write (CWE-787) rated High by Chromium and CVSS 8.8, requires user interaction to load attacker-controlled content, and no public exploit has been identified at time of analysis.
Sandbox escape in Google Chrome on macOS prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page targeting the Gamepad component. The flaw is rated High by Chromium and carries a CVSS 8.3 (AV:N/AC:H/PR:N/UI:R/S:C), but EPSS is only 0.03% (11th percentile) and no public exploit identified at time of analysis. The bug is a second-stage primitive in a multi-stage exploit chain rather than a standalone RCE.
Universal Cross-Site Scripting (UXSS) in Google Chrome on iOS prior to 148.0.7778.216 enables a remote unauthenticated attacker to inject arbitrary scripts or HTML into the browser context by convincing a target user to perform specific UI gestures on a crafted HTML page. The vulnerability stems from an inappropriate implementation in Chrome's iOS-specific code layer (CWE-79), and while UXSS attacks typically carry cross-origin escalation potential, the CVSS S:U (Unchanged scope) rating suggests cross-origin impact is not confirmed by the scoring authority. No public exploit or active exploitation has been identified at time of analysis; EPSS at 0.06% places this in the 17th percentile of exploitation likelihood.
Sandbox escape in Google Chrome's WebGL component (versions prior to 148.0.7778.216) allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page. The flaw is a use-after-free memory corruption issue rated High severity by Chromium, requiring user interaction (visiting a page) and a prior renderer compromise, making it a second-stage exploit primitive. No public exploit identified at time of analysis, and EPSS exploitation probability is very low at 0.03%.
Remote code execution in Google Chrome's ANGLE graphics layer prior to version 148.0.7778.216 allows attackers to run arbitrary code on a victim's machine when they visit a malicious web page. The flaw stems from insufficient validation of untrusted input (CWE-20) within ANGLE and carries a CVSS 8.8 rating reflecting network reach with user interaction. No public exploit identified at time of analysis, and EPSS exploitation probability is low at 0.05% (16th percentile), but the high technical impact and Chrome's massive install base warrant prompt patching.
Remote code execution in Google Chrome's V8 JavaScript engine prior to version 148.0.7778.216 allows attackers to run arbitrary code inside the renderer sandbox when a victim visits a crafted HTML page. The flaw stems from an integer overflow (CWE-472, External Control of Assumed-Immutable Web Parameter / integer-handling weakness in V8) rated High severity by Chromium and CVSS 8.8. No public exploit identified at time of analysis, and the bug is not currently listed in CISA KEV.
Sandbox escape in Google Chrome versions prior to 148.0.7778.216 allows a remote attacker to trigger an out-of-bounds write in the GPU process via a crafted HTML page, potentially breaking out of Chrome's renderer sandbox. The flaw carries a CVSS 9.6 due to scope change (S:C) and high impact across confidentiality, integrity, and availability, but requires user interaction (UI:R) such as visiting a malicious page. No public exploit identified at time of analysis, and EPSS is very low at 0.03% (11th percentile), suggesting limited near-term mass exploitation despite the severe potential impact.
Sandbox escape in Google Chrome on Windows prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page that triggers an integer overflow in XML handling. The flaw is rated Chromium High severity with CVSS 8.3 and requires user interaction plus a chained renderer compromise; no public exploit identified at time of analysis and EPSS is very low at 0.03%.
Out-of-bounds write in the ANGLE graphics translation layer of Google Chrome before 148.0.7778.216 allows a remote attacker to trigger heap corruption by luring a user to a crafted HTML page, potentially leading to arbitrary code execution within the renderer process. Chromium rates the severity as High and CVSS scores it 8.8, but EPSS exploitation probability is currently very low (0.03%, 11th percentile) and no public exploit identified at time of analysis. The flaw was reported through Chrome's internal disclosure process and a fixed build is already available from the vendor.
Arbitrary code execution in Google Chrome on macOS prior to 148.0.7778.216 stems from a use-after-free condition in the Bluetooth component, exploitable through a malicious browser extension. Chromium rates the severity as High, and while CVSS scores it 8.1 with network attack vector, real-world exploitation requires the victim to install an attacker-controlled extension. No public exploit identified at time of analysis, and EPSS exploitation probability is very low at 0.01%.
Arbitrary code execution within the sandbox in Google Chrome on iOS prior to 148.0.7778.216 allows remote attackers to abuse an uninitialized memory condition when a victim performs specific UI gestures on a crafted HTML page. Chromium rates the security severity as High, and a vendor patch is available; no public exploit identified at time of analysis and the EPSS score (0.04%) suggests low near-term exploitation likelihood.
Remote code execution in Google Chrome's WebRTC component (versions prior to 148.0.7778.216) allows a remote attacker to execute arbitrary code within the browser sandbox by enticing a victim to load a crafted HTML page. The flaw is a use-after-free memory corruption issue rated High by Chromium's security team, and while no public exploit identified at time of analysis, the CVSS 8.8 score reflects the low-complexity network-based attack vector combined with the high impact across confidentiality, integrity, and availability. User interaction (visiting a malicious page) is required, but otherwise no authentication or privileges are needed.
Heap corruption in Google Chrome's SurfaceCapture component (versions prior to 148.0.7778.216) allows a remote attacker to potentially execute arbitrary code by luring a user to a crafted HTML page. The flaw is a use-after-free issue rated High severity by the Chromium project, with a CVSS score of 8.8 reflecting low complexity and no authentication, though user interaction is required. There is no public exploit identified at time of analysis and EPSS is very low (0.03%, 11th percentile), but the historical pattern of Chrome UAF bugs being weaponized makes patching urgent.
Sandboxed arbitrary code execution in Google Chrome's PDFium component (versions prior to 148.0.7778.216) is possible via an integer overflow triggered by a crafted font file. The flaw requires a pre-compromised renderer process and user interaction, and no public exploit identified at time of analysis, though Chromium rates it High severity.