Monthly
Remote code execution in Google Chrome on Linux versions prior to 149.0.7827.53 allows a remote attacker to exploit a use-after-free condition in the Chromoting component via malicious network traffic. The flaw carries a CVSS 3.1 score of 8.1 (high) with no public exploit identified at time of analysis and an EPSS probability of 0.04%, though Google rates the Chromium severity as Low. The vendor has shipped a fix in the stable channel update for desktop.
Same-origin policy bypass in Google Chrome's Network component (versions prior to 149.0.7827.53) enables a post-compromise attacker who already controls the renderer process to subvert cross-origin enforcement via a crafted HTML page. The CVSS integrity impact is rated High (I:H), but exploitation is gated behind a required renderer-process pre-compromise, substantially raising the real-world attack bar. No public exploit code exists and no CISA KEV listing is present; EPSS stands at 0.02% (6th percentile), consistent with Google's own Low severity rating for this issue.
Domain spoofing via Tab Strip UI misrepresentation in Google Chrome prior to 149.0.7827.53 enables remote unauthenticated attackers to deceive users into believing they are visiting a legitimate domain by serving a crafted HTML page that corrupts the displayed origin in the tab strip. The CVSS vector (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) confirms network-accessible exploitation requiring no privileges but requiring user interaction, with integrity impact reflecting successful identity deception rather than data exfiltration or code execution. No public exploit code exists and EPSS at 0.03% (11th percentile) reflects negligible observed exploitation activity; this is not currently listed in the CISA KEV catalog.
UI spoofing in Google Chrome's PointerLock API prior to version 149.0.7827.53 allows an attacker who has already compromised the renderer process to manipulate browser UI presentation via a crafted HTML page. The CVSS score of 4.3 (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) reflects limited integrity-only impact with no confidentiality or availability consequences, and Google itself rated this 'Low' severity. No public exploit has been identified and the EPSS score of 0.05% (15th percentile) confirms very low real-world exploitation probability at time of analysis.
Site isolation bypass in Google Chrome's Navigation component allows a remote attacker who has already compromised the renderer process to break Chrome's cross-origin security boundary via a crafted HTML page. Affected versions are all Chrome releases prior to 149.0.7827.53. The CVSS vector (I:H) reflects high integrity impact against protected origins, but the real-world risk is substantially gated by the prerequisite of renderer process compromise - a condition Google itself rates as 'Low' severity in Chromium's internal classification. No public exploit code or CISA KEV listing has been identified at time of analysis.
Navigation restriction bypass in Google Chrome prior to 149.0.7827.53 allows remote unauthenticated attackers to circumvent Chrome's built-in navigation controls by delivering a crafted HTML page to a victim. The flaw stems from an inappropriate implementation in Chrome's Navigation subsystem (CWE-693: Protection Mechanism Failure), yielding low integrity impact with no confidentiality or availability consequences. No public exploit has been identified at time of analysis and EPSS exploitation probability is 0.02% (4th percentile), consistent with Google Chromium's own Low severity classification for this issue.
Remote code execution in Google Chrome on Windows prior to version 149.0.7827.53 allows a remote attacker to run arbitrary code when a victim is lured into performing specific UI gestures involving a malicious file delivered through the PlatformIntegration component. The flaw stems from improper input validation (CWE-20) and, while a vendor patch is available, no public exploit has been identified at time of analysis and EPSS scoring (0.04%) indicates very low near-term exploitation probability.
Site isolation bypass in Google Chrome's Fenced Frames component allows an attacker who has already compromised the renderer process to cross origin boundaries via a crafted HTML page. Affected versions are all Chrome releases prior to 149.0.7827.53 on desktop platforms. No public exploit code has been identified at time of analysis, and EPSS sits at a low 0.02% (4th percentile), consistent with Chromium's own 'Low' severity rating despite the 6.5 CVSS score - real-world risk is contingent on a separate, preceding renderer exploit.
UI spoofing in Google Chrome's File Input component (versions prior to 149.0.7827.53) enables remote attackers to misrepresent security-critical interface elements to users through specially crafted HTML pages. The attacker must convince a target to perform specific UI gestures - such as drag-and-drop or deliberate click sequences - to trigger incorrect rendering of the browser's file selection security UI. No public exploit identified at time of analysis; EPSS at 0.03% (11th percentile) signals very low exploitation probability, consistent with no CISA KEV listing.
Domain spoofing in Google Chrome's Cronet networking library on Android (versions prior to 149.0.7827.53) enables remote unauthenticated attackers to misrepresent domain names to victims browsing on Android devices. The CVSS vector (AV:N/AC:L/PR:N/UI:R/I:H) confirms high integrity impact with no privileges required, contingent on victim interaction with a crafted URL. EPSS at 0.03% (11th percentile) and no CISA KEV listing indicate no public exploitation at time of analysis, making this primarily a targeted phishing-enablement risk rather than an actively weaponized vector.
Cross-origin data leakage in Google Chrome for iOS prior to version 149.0.7827.53 enables a remote unauthenticated attacker to read sensitive data from cross-origin resources by tricking a user into visiting a crafted HTML page. The flaw stems from an inappropriate implementation in the iOS-specific Chrome code path (CWE-346: Origin Validation Error), undermining the browser's Same-Origin Policy enforcement on Apple's platform. No public exploit code exists and no active exploitation is confirmed; with an EPSS of 0.03% (11th percentile), real-world risk is currently assessed as low despite the high confidentiality impact in the CVSS scoring.
Sandbox escape in Google Chrome prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page that abuses Reading Mode's insufficient input validation. The CVSS 9.6 rating reflects the scope-changing impact (S:C) when chained from a renderer compromise, though EPSS is very low (0.05%) and no public exploit identified at time of analysis. Chromium rates the underlying issue Medium severity, reflecting that prior renderer compromise is a prerequisite.
Cross-origin data leakage in Google Chrome's DevTools component (prior to 149.0.7827.53) enables an attacker to bypass same-origin policy enforcement through a crafted malicious extension. Exploitation requires convincing a target user to install the attacker-controlled extension, after which cross-origin data can be exfiltrated via insufficient DevTools policy controls. No public exploit code has been identified at time of analysis, and the EPSS score of 0.01% (1st percentile) indicates very low observed exploitation probability; the vulnerability is not listed in the CISA KEV catalog.
Remote code execution in Google Chrome versions prior to 149.0.7827.53 stems from an integer overflow in the V8 JavaScript engine that allows a remote attacker to execute arbitrary code within the renderer sandbox via a crafted HTML page. The flaw requires user interaction (visiting a malicious page) and currently has no public exploit identified at time of analysis, with an EPSS score of 0.04% indicating very low near-term exploitation probability. Chromium rates the security severity as Medium despite the 8.8 CVSS score, and SSVC indicates no observed exploitation though technical impact is total.
Safe Browsing bypass in Google Chrome prior to 149.0.7827.53 allows a remote attacker to circumvent discretionary access control protections by delivering a specially crafted RAR file to a victim who interacts with it. The CVSS vector (AV:N/AC:L/PR:N/UI:R) confirms no authentication or elevated privileges are required on the attacker side, but exploitation depends on user interaction - the victim must engage with the malicious RAR file. The integrity impact is rated High (I:H) with no confidentiality or availability impact, indicating the primary risk is bypassing file-based access controls enforced by the Safe Browsing subsystem. No public exploit identified at time of analysis, and EPSS at 0.02% (4th percentile) reflects very low observed exploitation probability.
Sensitive information disclosure in Google Chrome's Passwords component (prior to 149.0.7827.53) allows a remote attacker who has already compromised the renderer process to read potentially sensitive data - including password material - from process memory by delivering a crafted HTML page. The attack carries a CVSS 6.5 (Medium) rating with high confidentiality impact and no integrity or availability consequence. No public exploit has been identified at time of analysis, and EPSS places exploitation probability at 0.03% (11th percentile), consistent with the non-trivial prerequisite of prior renderer compromise.
Memory information disclosure in Google Chrome's Codecs component affects all desktop versions prior to 149.0.7827.53, enabling remote unauthenticated attackers to read potentially sensitive data from browser process memory when a user visits a specially crafted HTML page. The root cause is a use-after-free (CWE-416) in the media codec subsystem, yielding high confidentiality impact with no integrity or availability consequences per CVSS. EPSS is very low at 0.03% (11th percentile) and SSVC confirms no active exploitation, placing this firmly in the routine patch category despite its Medium severity score.
Sandbox escape in Google Chrome versions prior to 149.0.7827.53 allows remote attackers to break out of the browser's renderer sandbox by sending malicious network traffic processed by the Autofill component. The flaw is rated CVSS 9.6 due to scope change and high impact across confidentiality, integrity, and availability, though Chromium itself assigns it Medium severity and EPSS exploitation probability is currently very low (0.05%). No public exploit identified at time of analysis, but a vendor-released patch is available.
Cross-origin data leakage via ServiceWorker policy bypass in Google Chrome affects all desktop versions prior to 149.0.7827.53. Insufficient policy enforcement in Chrome's ServiceWorker API allows unauthenticated remote attackers to read sensitive cross-origin data from a victim's browser session by directing the victim to a crafted HTML page. EPSS exploitation probability is very low at 0.03% (11th percentile), no public exploit code has been identified, and no CISA KEV listing exists at time of analysis - making this a moderate confidentiality risk that warrants patching but is not an immediate emergency for most organizations.
Universal Cross-Site Scripting (UXSS) in Google Chrome for iOS prior to 149.0.7827.53 allows a remote, unauthenticated attacker to inject arbitrary scripts or HTML across origin boundaries by delivering a crafted QR code and convincing the target to perform specific UI gestures within the browser. The CVSS Scope:Changed rating confirms this bypasses the same-origin policy, meaning injected scripts can access sessions and data from other open origins. No public exploit code has been identified at time of analysis, and the EPSS score of 0.07% (22nd percentile) indicates low observed exploitation probability, though the attack is fully network-accessible once social engineering is achieved. Note: the 'RCE' tag attached to this CVE is inconsistent with the description, which describes UXSS - not OS-level code execution - and should be treated as a tagging error.
Navigation restriction bypass in Google Chrome for iOS (versions prior to 149.0.7827.53) exploits an inappropriate implementation within the Signin component, enabling a remote attacker to circumvent navigation controls by delivering a crafted HTML page to a victim. Per CVSS (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N), no authentication is required by the attacker, but user interaction is necessary - the victim must visit or load the malicious page. No public exploit has been identified at time of analysis, SSVC reports exploitation as none, and the EPSS score of 0.02% (4th percentile) indicates very low likelihood of opportunistic exploitation; nevertheless, the high integrity impact warrants prompt patching on all managed iOS Chrome deployments.
Cross-origin data leakage in Google Chrome's GPU implementation on macOS allows remote unauthenticated attackers to exfiltrate sensitive cross-origin information by luring a user to a crafted HTML page. Affected are all Chrome releases on Mac prior to 149.0.7827.53. The vulnerability stems from an inappropriate GPU implementation (CWE-200) and carries no publicly available exploit at time of analysis; EPSS sits at 0.03% (11th percentile), indicating low current exploitation probability. No active exploitation has been confirmed by CISA KEV.
Sandbox escape in Google Chrome for iOS prior to 149.0.7827.53 allows a remote attacker who lures a victim to a malicious page to potentially break out of Chrome's renderer sandbox via crafted HTML. The flaw is rated CVSS 8.8 (High) due to high confidentiality, integrity, and availability impact, though Chromium internally classifies severity as Medium and EPSS exploitation probability is currently very low (0.05%). No public exploit identified at time of analysis.
Remote code execution in Google Chrome versions prior to 149.0.7827.53 stems from a use-after-free condition in the ServiceWorker component that can be triggered by a malicious browser extension. An attacker who convinces a user to install a crafted Chrome Extension can achieve arbitrary code execution within the renderer context. No public exploit has been identified at time of analysis and EPSS exploitation probability is very low at 0.01%, but the high CVSS score (8.8) reflects the severe potential impact.
Cross-origin data leakage in Google Chrome's WebRTC subsystem (versions prior to 149.0.7827.53) allows a remote unauthenticated attacker to read data across origin boundaries when a victim visits a crafted HTML page. The vulnerability carries a CVSS 6.5 Medium score with high confidentiality impact, but mandatory user interaction prevents automated mass exploitation - consistent with SSVC Automatable: no and an EPSS of 0.03% (10th percentile). No public exploit code exists and this CVE is not listed in the CISA Known Exploited Vulnerabilities catalog at time of analysis.
Cross-origin data leakage in Google Chrome's WebRTC implementation allows a network-positioned attacker to extract sensitive cross-origin information via crafted malicious network traffic. Affected versions are all Chrome releases prior to 149.0.7827.53; the fix is available in the stable channel update. No public exploit exists and no active exploitation has been identified - EPSS sits at 0.02% (4th percentile) and CISA SSVC assesses exploitation as none and automation as not feasible, placing real-world urgency well below the raw CVSS confidentiality impact suggests.
Sandbox escape in Google Chrome versions prior to 149.0.7827.53 allows a remote attacker to break out of the browser's renderer sandbox by serving a crafted video file processed by Chrome's media codec stack. The flaw stems from insufficient validation of untrusted input in the Codecs component and requires the victim to load attacker-controlled video content, but successful exploitation yields cross-origin impact (Scope: Changed) with high confidentiality, integrity, and availability impact. No public exploit identified at time of analysis and EPSS exploitation probability is low (0.05%, 15th percentile), though the 9.6 CVSS rating and sandbox-escape primitive make this a high-priority browser patch.
Same-origin policy bypass in Google Chrome's Workers subsystem (versions prior to 149.0.7827.53) permits a remote attacker who has already compromised the renderer process to circumvent cross-origin restrictions via a crafted HTML page, resulting in high-severity integrity impact (CVSS I:H). The flaw, rooted in insufficient policy enforcement (CWE-284), functions as a second-stage chained exploit rather than an initial access vector, requiring renderer compromise as a prerequisite. No active exploitation has been identified (SSVC: exploitation none; EPSS 0.02%), and a vendor-released patch is available as of Chrome 149.0.7827.53.
Type confusion in Google Chrome's XML processing engine exposes process memory contents to remote attackers who can deliver a crafted XML file to a victim. Versions prior to 149.0.7827.53 are affected, with confidentiality impact rated High (C:H) despite an overall CVSS score of 6.5 due to the required user interaction. No public exploit code has been identified and EPSS stands at 0.03% (11th percentile), indicating low observed exploitation pressure; no KEV listing confirms active exploitation at this time.
Cross-origin data leakage in Google Chrome's MHTML implementation prior to version 149.0.7827.53 exposes sensitive user data to remote attackers via crafted HTML pages. The flaw stems from improper origin validation (CWE-346) in MHTML handling, allowing an attacker-controlled page to read data across origin boundaries - a significant breach of the browser's same-origin policy. Exploitation requires convincing a victim to perform specific UI gestures, and no public exploit or active exploitation has been identified at time of analysis; EPSS probability is very low at 0.03% (11th percentile).
Cross-origin data leakage in Google Chrome's Network implementation prior to version 149.0.7827.53 allows a remote unauthenticated attacker to read sensitive cross-origin data by luring a victim to a crafted HTML page. Rooted in CWE-346 (Origin Validation Error), the flaw permits the Network component to expose data across origin boundaries that same-origin policy should protect. No public exploit code or active exploitation (CISA KEV) has been identified; EPSS of 0.03% (11th percentile) places real-world exploitation probability as very low at time of analysis.
Insufficient policy enforcement in Google Chrome's Password Manager component (versions prior to 149.0.7827.53) allows a remote, unauthenticated attacker to bypass discretionary access control by delivering a crafted HTML page to a victim. Per the CVSS vector (C:N/I:N/A:H), the confirmed impact is high availability disruption - notably not credential exfiltration - suggesting the bypass degrades or denies Password Manager functionality rather than exposing stored credentials. No public exploit exists and EPSS sits at 0.02% (4th percentile), indicating no widespread exploitation pressure at time of analysis.
UI spoofing in Google Chrome's Password Manager component (versions prior to 149.0.7827.53) allows a remote unauthenticated attacker to manipulate the Password Manager's visual interface via crafted malicious network traffic, potentially deceiving users about credential prompts or password state. Exploitation requires user interaction (CVSS UI:R), limiting opportunistic mass exploitation. No public exploit code exists and no active exploitation is confirmed - EPSS sits at just 0.05% (15th percentile), consistent with a low-priority medium-severity browser component flaw. A vendor-released patch is available in Chrome 149.0.7827.53.
Out-of-bounds memory access in the ANGLE graphics translation layer of Google Chrome before 149.0.7827.53 allows a remote attacker to read or corrupt memory by luring a user to a crafted HTML page. The flaw carries a CVSS 8.8 rating due to high impact on confidentiality, integrity, and availability, though Chromium rates the security severity as Medium and EPSS is very low (0.03%). No public exploit identified at time of analysis, and the issue is not on the CISA KEV list.
Discretionary access control bypass in Google Chrome's Extensions subsystem affects all versions prior to 149.0.7827.53, enabling integrity compromise without exposing confidential data. Exploitation requires convincing a target user to install a crafted malicious Chrome Extension, placing social engineering at the center of any attack path. No public exploit code exists and no active exploitation has been confirmed; EPSS sits at 0.01% (1st percentile), indicating very low observed exploitation probability at time of analysis.
Navigation restriction bypass in Google Chrome DevTools (all versions prior to 149.0.7827.53) enables circumvention of browser navigation controls through a crafted malicious Chrome Extension. Exploitation requires convincing a target user to install the malicious extension, placing this firmly in social-engineering territory rather than opportunistic mass exploitation. EPSS is extremely low at 0.02% (4th percentile), no public exploit code has been identified, and there is no CISA KEV listing, making this a moderate-priority integrity-only issue despite the CVSS 6.5 score.
Sandbox escape in Google Chrome for Android before 149.0.7827.53 lets a remote attacker exploit a use-after-free in the USB component by luring a victim to a crafted HTML page, potentially breaking out of the renderer sandbox. CVSS 8.8 reflects the high impact across confidentiality, integrity, and availability, though successful attack requires user interaction (visiting the page). No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Navigation restriction bypass in Google Chrome's Glic component (versions prior to 149.0.7827.53) enables remote attackers to circumvent browser navigation controls by delivering a crafted HTML page that the victim must open. The vulnerability is rooted in an inappropriate implementation (CWE-284, Improper Access Control) within the Glic subsystem and yields limited but multi-dimensional impact across confidentiality, integrity, and availability (C:L/I:L/A:L). No public exploit identified at time of analysis and this CVE does not appear in CISA KEV; Google has assigned a 'Medium' severity rating consistent with the CVSS 6.3 score.
Universal Cross-Site Scripting (UXSS) in Google Chrome's CSS implementation prior to version 149.0.7827.53 allows remote unauthenticated attackers to inject arbitrary scripts or HTML across origin boundaries via a crafted HTML page, requiring only user interaction. The Scope:Changed CVSS component (S:C) confirms this bypasses Chrome's Same-Origin Policy, enabling access to content from other origins in the victim's browser session. No public exploit code has been identified at time of analysis, and this is not listed in CISA KEV; however, UXSS classes in major browsers are historically targeted by threat actors for session hijacking and credential theft.
Arbitrary code execution within the Chrome renderer sandbox is possible in Google Chrome versions prior to 149.0.7827.53 due to a use-after-free defect in the V8 JavaScript engine. Exploitation requires social engineering a user into installing a malicious Chrome Extension, after which a crafted extension can trigger the memory corruption and run attacker-controlled code inside the sandboxed process. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Navigation restriction bypass in Google Chrome prior to 149.0.7827.53 allows a remote, unauthenticated attacker to circumvent policy enforcement in the browser's Actor component by delivering a crafted HTML page to a target user. The flaw (CWE-602) enables unauthorized navigation actions that could expose users to cross-origin manipulation or redirects with low but non-trivial confidentiality, integrity, and availability impact. No public exploit has been identified at time of analysis, and EPSS of 0.02% combined with SSVC exploitation status of none indicates limited active threat, though the broad attack surface of any Chrome desktop user visiting a malicious page warrants timely patching.
Out-of-bounds read in Chrome's GWP-ASan memory safety subsystem (versions prior to 149.0.7827.53) enables a local attacker to disclose potentially sensitive contents from process memory by delivering a malicious file to the target. The vulnerability carries a CVSS 6.5 Medium score with high confidentiality impact but no integrity or availability impact, consistent with a pure information-disclosure class. No public exploit code has been identified at time of analysis, EPSS exploitation probability is extremely low at 0.01% (1st percentile), and SSVC assessment confirms no known active exploitation, collectively indicating a low near-term threat priority despite the notable confidentiality impact rating.
Cross-origin data leakage in Google Chrome's SVG implementation affects all desktop versions prior to 149.0.7827.53, enabling remote attackers to exfiltrate sensitive data from other origins via a crafted HTML page. The flaw exploits Chrome's SVG rendering pipeline to violate the Same-Origin Policy, exposing confidential data such as authenticated session content or cross-site resources. No public exploit identified at time of analysis, and EPSS probability is very low (0.03%, 11th percentile), though the zero-privilege-required, low-complexity attack path warrants prompt patching for any internet-facing user population.
Same-origin policy bypass in Google Chrome's Media Session component (prior to 149.0.7827.53) enables remote attackers to violate cross-origin isolation via a crafted HTML page. The vulnerability stems from an inappropriate implementation (CWE-346: Origin Validation Error) in the Media Session API, which fails to properly enforce origin boundaries. No public exploit code and no active exploitation (CISA KEV) have been identified at time of analysis; EPSS sits at 0.02% (4th percentile), consistent with low observed exploitation activity.
Cross-origin data leakage via Google Chrome's SVG implementation (all versions prior to 149.0.7827.53) enables remote unauthenticated attackers to exfiltrate sensitive information from foreign origins by luring a victim to a crafted HTML page. The flaw reflects an inappropriate SVG rendering implementation that fails to enforce cross-origin isolation boundaries, producing a high confidentiality impact with no integrity or availability consequences. EPSS is very low at 0.03% (11th percentile), no public exploit code has been identified, and no CISA KEV listing exists at time of analysis, suggesting limited observed exploitation despite the medium-severity CVSS score.
Site isolation bypass in Google Chrome versions prior to 149.0.7827.53 allows remote attackers to circumvent a core browser security boundary via a crafted HTML page. The flaw resides in the Opaque Response Blocking (ORB) implementation and requires user interaction (visiting a malicious page), with no public exploit identified at time of analysis and an EPSS score of 0.02% indicating low near-term exploitation likelihood.
Cross-origin data leakage in Google Chrome's WebView component on Android allows an unauthenticated remote attacker to read data from origins outside the attacker's own domain by enticing a user to visit a crafted HTML page. Affected are all Android Chrome versions prior to 149.0.7827.53. No public exploit exists and SSVC classifies exploitation as none, but the network-accessible, low-complexity attack vector warrants patching for Android-heavy enterprise environments handling sensitive cross-origin content.
Heap corruption in Google Chrome's Omnibox component prior to version 149.0.7827.53 allows remote attackers to potentially execute arbitrary code via a use-after-free condition triggered by a crafted HTML page combined with specific user interface gestures. The flaw carries a CVSS 8.8 (High) rating, though Chromium's internal triage assigned only Medium severity, and EPSS estimates exploitation probability at just 0.03%. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Cross-origin data leakage in Google Chrome's Media subsystem (all versions prior to 149.0.7827.53) enables a remote attacker to read sensitive data from other web origins by inducing a user to visit a specially crafted HTML page. The flaw stems from an inappropriate implementation in Media that fails to correctly enforce origin boundaries (CWE-346), resulting in high confidentiality impact per CVSS (C:H) with no integrity or availability consequence. No active exploitation is confirmed - CISA KEV is absent and EPSS sits at 0.03% (11th percentile) - but the confidentiality vector is significant for users accessing sensitive cross-origin content concurrently.
UI spoofing in Google Chrome for Android prior to 149.0.7827.53 allows remote attackers to deceive users via crafted HTML pages that abuse the Messages component's security UI. Exploitation requires user interaction with a malicious page, and no public exploit has been identified at time of analysis. Despite a CVSS score of 8.8, EPSS exploitation probability is very low (0.03%, 11th percentile) and the issue is rated Medium by Chromium's own severity scale.
Site Isolation bypass in Google Chrome prior to 149.0.7827.53 enables a remote attacker - who has already compromised the renderer process - to escape cross-origin protections via a crafted HTML page, exposing high-confidentiality data from other origins loaded in the browser. This is a chained, second-stage exploit component: it does not function standalone but amplifies the impact of a separate renderer compromise by breaking Chrome's primary cross-site data isolation boundary. No public exploit code has been identified at time of analysis, and the EPSS score of 0.02% (4th percentile) reflects low current exploitation probability despite the high confidentiality impact rating.
Out-of-bounds write in the V8 JavaScript engine of Google Chrome prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to execute arbitrary code within the sandbox via a crafted HTML page. The flaw requires user interaction (visiting a malicious page) and prior renderer compromise, and no public exploit identified at time of analysis. CVSS 8.8 reflects high impact across confidentiality, integrity, and availability, though Google classifies the Chromium severity as Medium.
UI spoofing in Google Chrome on Android prior to 149.0.7827.53 allows remote attackers to misrepresent the Contact Picker security UI via a crafted HTML page, potentially tricking users into disclosing contact information. Chromium rates the underlying severity as Medium, and no public exploit has been identified at time of analysis. EPSS probability is very low (0.03%), and the issue is not listed in CISA KEV.
Remote code execution in Google Chrome's Blink rendering engine prior to 149.0.7827.53 allows remote attackers to execute arbitrary code within the renderer sandbox by enticing a user to visit a crafted HTML page. The flaw stems from an integer overflow (CWE-472) in Blink and carries a CVSS 3.1 score of 8.8; no public exploit identified at time of analysis, though a vendor patch has been released through the Chrome Stable channel update.
OS-level privilege escalation in Google Chrome on Linux prior to 149.0.7827.53 allows remote attackers to escalate privileges via malicious network traffic targeting the Chromoting (Chrome Remote Desktop) component. Google has released a patched stable channel update, and while no public exploit has been identified at time of analysis, the network-based attack vector and high impact across confidentiality, integrity, and availability warrant prompt patching. EPSS probability is very low (0.03%), and the issue is not listed in CISA KEV.
Universal cross-site scripting (UXSS) in Google Chrome versions prior to 149.0.7827.53 allows a remote attacker to inject arbitrary scripts or HTML into the context of other origins via a crafted XML file. The flaw stems from an inappropriate implementation in Chrome's XML handling (CWE-91, XML Injection), enabling same-origin policy bypass when a user is lured into loading attacker-controlled content. No public exploit has been identified at time of analysis, and EPSS exploitation probability is low at 0.06% (18th percentile).
Information disclosure in Google Chrome's Extensions subsystem prior to version 149.0.7827.53 enables a remote attacker who has already compromised the renderer process to read potentially sensitive data from process memory by delivering a crafted HTML page. This is a second-stage vulnerability requiring a pre-existing renderer compromise as a hard prerequisite, making it a chained attack component rather than a standalone exploit. No public exploit code exists and CISA has not added this to the KEV catalog; the EPSS score of 0.03% and SSVC exploitation-status of 'none' are mutually consistent with no observed active exploitation.
Sandbox escape in Google Chrome on Android prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the WebView sandbox via a crafted HTML page. The flaw stems from an inappropriate implementation in WebView and is chained behind a prior renderer compromise, requiring user interaction. No public exploit identified at time of analysis, and EPSS sits at 0.03% (10th percentile), indicating no current evidence of widespread exploitation despite the high CVSS score of 9.6.
Universal Cross-Site Scripting (UXSS) in Google Chrome's SVG implementation prior to version 149.0.7827.53 allows remote unauthenticated attackers to bypass same-origin policy by injecting arbitrary scripts or HTML across origins via a crafted HTML page. Exploitation requires user interaction and high attack complexity (CVSS AC:H/UI:R), and EPSS at 0.06% (18th percentile) reflects limited real-world exploitation activity. No active exploitation is confirmed by CISA KEV and no public exploit code has been identified at time of analysis.
Sandbox escape in Google Chrome on iOS before 149.0.7827.53 can be triggered by a remote attacker who lures a user to a malicious HTML page that abuses a use-after-free condition in the WebMIDI subsystem. Successful exploitation breaks out of the renderer sandbox with high confidentiality, integrity, and availability impact, though no public exploit is identified at time of analysis and EPSS probability is very low (0.03%).
Remote code execution in Google Chrome's Blink rendering engine prior to version 149.0.7827.53 allows a remote attacker to execute arbitrary code within the renderer sandbox by luring a user to a crafted HTML page. The flaw is a use-after-free memory corruption issue (CWE-416) tagged for RCE and DoS impact, and no public exploit has been identified at time of analysis. CISA SSVC currently lists exploitation as 'none' despite the high CVSS 8.8 score, indicating significant theoretical impact but no observed in-the-wild activity yet.
Sandbox escape in Google Chrome on Android prior to 149.0.7827.53 allows remote attackers to break out of the browser's renderer sandbox via a use-after-free in the Messages component triggered by a crafted HTML page. The CVSS vector indicates a scope-changing impact requiring only user interaction (visiting a malicious page), and a vendor patch is available. No public exploit identified at time of analysis and EPSS is low (0.03%), but the sandbox-escape primitive makes this a high-priority browser update.
Cross-origin data leakage in Google Chrome's CSS implementation exposes sensitive information from other origins when a user visits a crafted HTML page. Affected are all Chrome versions prior to 149.0.7827.53 on desktop platforms. An unauthenticated remote attacker can exploit this to read data from cross-origin contexts, violating the browser's Same-Origin Policy via a CSS-based side channel or direct information disclosure path. No public exploit identified at time of analysis, and EPSS at 0.03% (11th percentile) signals low current exploitation activity.
Cross-origin data leakage in Google Chrome's DataTransfer API allows unauthenticated remote attackers to read data across origins by directing a victim to a crafted HTML page, affecting all Chrome desktop versions prior to 149.0.7827.53. The CVSS vector (AV:N/AC:L/PR:N/UI:R/C:L) confirms network accessibility without attacker authentication, but requires user interaction and yields only limited confidentiality impact with no integrity or availability consequences. No active exploitation is confirmed (not in CISA KEV), and EPSS at 0.03% (11th percentile) consistently signals low current exploitation probability.
Out-of-bounds read in the Input component of Google Chrome on Linux (all versions prior to 149.0.7827.53) exposes potentially sensitive process memory to remote attackers. Exploitation requires delivering a crafted HTML page and inducing a Linux user to visit it (CVSS UI:R), after which the browser's Input handler reads beyond allocated buffer bounds, leaking in-memory data. No public exploit has been identified at time of analysis, EPSS sits at 0.03% (11th percentile) indicating low current exploitation probability, and there is no CISA KEV listing - though the High confidentiality impact (C:H) warrants timely patching given Chrome's broad deployment on Linux.
Cross-origin data leakage in Google Chrome's Skia graphics library affects all versions prior to 149.0.7827.53, exploitable via a crafted HTML page requiring only a single user visit. The root cause (CWE-457: use of uninitialized memory) in Chrome's Skia rendering backend allows residual memory contents to be exposed across origin boundaries, violating the browser's same-origin policy. No public exploit identified at time of analysis; EPSS at 0.03% (11th percentile) and absence from CISA KEV indicate low real-world exploitation probability at this time.
Sandbox escape in Google Chrome on macOS prior to 149.0.7827.53 allows a local attacker to break out of the browser sandbox via a crafted AppleScript command targeting the Downloads component. The flaw stems from insufficient input validation (CWE-20) and is rated CVSS 8.6 due to scope change and high impact across confidentiality, integrity, and availability. No public exploit identified at time of analysis, and EPSS exploitation probability is very low at 0.02% (4th percentile).
Script injection via Chrome's Accessibility component allows a remote attacker who convinces a victim to install a malicious extension to perform Universal Cross-Site Scripting (UXSS), injecting arbitrary scripts or HTML into web page contexts the user visits. Affected are all Chrome desktop versions prior to 149.0.7827.53. EPSS is 0.01% (2nd percentile) and this vulnerability is not in CISA KEV, indicating very low real-world exploitation probability at time of analysis; however, the social-engineering prerequisite (malicious extension installation) remains a credible threat vector in targeted campaigns.
Cross-origin data leakage in Google Chrome prior to 149.0.7827.53 allows a remote unauthenticated attacker to read sensitive cross-origin data by luring a user to a crafted HTML page that exploits an inappropriate CSS implementation. The CVSS vector (AV:N/AC:L/PR:N/UI:R) confirms network-exploitable, no-privilege-required exploitation with a single user interaction as the only barrier. No public exploit has been identified and EPSS sits at 0.03% (11th percentile), indicating low current exploitation interest despite the low attack complexity.
Cross-origin data leakage in Google Chrome prior to 149.0.7827.53 allows remote unauthenticated attackers to read sensitive cross-origin information by directing a victim to a crafted HTML page that exploits an inappropriate CSS implementation. The CVSS vector (AV:N/AC:L/PR:N/UI:R) confirms network delivery with no privilege requirement, limited only by the need for user interaction. EPSS is 0.03% (11th percentile) and no public exploit has been identified at time of analysis; however, Google has issued a confirmed patch in the stable channel release, and the CWE-352/CSRF tag alongside the data-leakage description suggests a novel or hybrid attack class that security teams should monitor for further clarification.
Sandbox escape in Google Chrome versions prior to 149.0.7827.53 stems from a use-after-free in the Dawn WebGPU implementation, enabling a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. No public exploit identified at time of analysis, and EPSS probability is very low (0.03%), though Google has released a stable channel update addressing the flaw.
Cross-origin information disclosure in Google Chrome's Forms component prior to version 149.0.7827.53 allows a remote attacker to leak sensitive data from other origins through a crafted HTML page. The flaw is rated CVSS 9.1 due to high confidentiality and integrity impact over the network without authentication, though Google's Chromium team internally rated it Medium severity. No public exploit identified at time of analysis and EPSS exploitation probability is very low (0.03%, 11th percentile).
Sandbox escape in Google Chrome's Dawn (WebGPU) component prior to version 149.0.7827.53 allows a remote attacker to break out of the renderer sandbox by luring a user to a crafted HTML page. The flaw is a use-after-free (CWE-416) object lifecycle bug; no public exploit identified at time of analysis, and EPSS exploitation probability is very low at 0.03% (11th percentile). Google rates the underlying Chromium severity as Medium, but the CVSS 3.1 score of 9.6 reflects the scope change inherent to a sandbox escape.
Sandbox escape in Google Chrome prior to 149.0.7827.53 allows remote attackers who have already compromised the renderer process to break out of the browser sandbox via a crafted HTML page targeting the Password Manager component. The flaw is rated CVSS 7.5 (High) with EPSS at 0.05% (15th percentile) and no public exploit identified at time of analysis, though Google has shipped a patched stable channel release.
Universal Cross-Site Scripting (UXSS) in Google Chrome's XML processing component allows remote unauthenticated attackers to inject arbitrary scripts or HTML across origin boundaries by luring a victim to a crafted HTML page. All Chrome versions prior to 149.0.7827.53 are affected, with the Scope:Changed (S:C) CVSS vector confirming this vulnerability can bypass the Same-Origin Policy - the defining characteristic of UXSS. No public exploit code has been identified at time of analysis, and the EPSS score of 0.06% (18th percentile) reflects low observed exploitation probability, though UXSS primitives are historically attractive to threat actors targeting session data and credential theft at scale.
Privilege escalation in Google Chrome prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page that abuses insufficient input validation in the Extensions component. Google rates the Chromium severity as Medium while NVD assigns CVSS 7.5 (High); no public exploit identified at time of analysis and CISA SSVC reports no observed exploitation.
Cross-origin data leakage via an inappropriate CSRF-class implementation in Google Chrome's Payments component on Android prior to 149.0.7827.53 allows network-delivered exploitation when a victim visits a crafted HTML page. The confidentiality impact is rated High by CVSS (C:H), as sensitive payment-related data from one origin can be exposed to an attacker-controlled page. No public exploit has been identified at time of analysis and the EPSS score of 0.01% (1st percentile) indicates a low probability of in-the-wild exploitation, making this a medium-priority patch rather than an emergency response item.
Remote code execution in Google Chrome on Windows prior to 149.0.7827.53 allows attackers to run arbitrary code within the browser sandbox by enticing a user to visit a crafted HTML page that triggers a use-after-free in the WebML component. Although Chromium rates the severity as Medium, the CVSS 3.1 base score is 8.8 (High), reflecting high impact across confidentiality, integrity, and availability with low attack complexity. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Sandbox escape in Google Chrome's Chromoting component prior to version 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. The flaw stems from insufficient input validation (CWE-20) and carries a CVSS 9.6 due to scope change, though Chromium itself rated the severity Medium and EPSS shows only 0.05% exploitation probability with no public exploit identified at time of analysis.
Cross-origin data leakage in Google Chrome for Android (versions prior to 149.0.7827.53) is enabled by a race condition in the Geolocation subsystem, exploitable by a remote unauthenticated attacker who tricks a victim into visiting a crafted HTML page. The CVSS vector (AV:N/AC:L/PR:N/UI:R) confirms network reachability with no required privileges, though user interaction is mandatory. No active exploitation has been confirmed (not in CISA KEV), and EPSS sits at 0.03% (10th percentile), indicating very low real-world exploitation probability despite the High confidentiality impact rating.
Remote code execution in Google Chrome's Media component prior to version 149.0.7827.53 allows a remote attacker to trigger a use-after-free via a crafted video file, achieving arbitrary code execution within the renderer sandbox. The flaw requires user interaction (UI:R) such as visiting a malicious page or opening a hostile video, and no public exploit identified at time of analysis. EPSS is very low (0.04%, 12th percentile), but the network-reachable RCE primitive and broad Chrome install base make timely patching essential.
Out-of-bounds heap read in Google Chrome's Extensions component on Linux exposes sensitive process memory to a malicious extension author. Affected versions are Chrome on Linux prior to 149.0.7827.53; Windows and macOS are not listed as affected. Exploitation requires convincing a target user to install a crafted malicious extension, limiting exposure compared to the CVSS 6.5 score implies - no public exploit identified at time of analysis, and EPSS of 0.01% (1st percentile) reflects low current exploitation probability.
Same-origin policy bypass in Google Chrome's Paint component prior to version 149.0.7827.53 allows a remote, unauthenticated attacker to violate cross-origin integrity protections by inducing a user to visit a crafted HTML page. The flaw stems from insufficient policy enforcement in the Paint subsystem (CWE-639), enabling an attacker to write or manipulate content across origin boundaries, resulting in high integrity impact with no confidentiality or availability loss per the CVSS vector. No public exploit code has been identified at time of analysis, and the EPSS score of 0.02% (4th percentile) indicates very low current exploitation probability.
Uninitialized memory use in Google Chrome's Audio subsystem (versions prior to 149.0.7827.53) enables an attacker who has already compromised the renderer process to read potentially sensitive data from process memory via a crafted HTML page. This is a chained-exploit component - it does not grant initial access but can assist post-renderer-compromise data leakage or ASLR bypass. No KEV listing and an EPSS of 0.03% (11th percentile) indicate no observed widespread exploitation; no public exploit has been identified at time of analysis.
Out-of-bounds read in the Chromecast component of Google Chrome prior to version 149.0.7827.53 enables a remote attacker - who has already compromised the renderer process - to leak potentially sensitive data from process memory by delivering a crafted HTML page. This is a chained vulnerability: exploitation is conditional on a prior renderer compromise, making it a second-stage information-disclosure step rather than a standalone attack. No public exploit code has been identified and EPSS probability stands at 0.05% (15th percentile), consistent with a medium-severity, constrained attack path. Google has released a fix in stable channel 149.0.7827.53.
Cross-origin data leakage in Google Chrome's Paint component (versions prior to 149.0.7827.53) allows a remote unauthenticated attacker to read sensitive cross-origin data by tricking a user into visiting a crafted HTML page. The flaw stems from an inappropriate implementation in Chrome's rendering Paint subsystem that fails to properly enforce cross-origin isolation boundaries. EPSS is low at 0.03% and no active exploitation is confirmed in CISA KEV, but the high confidentiality impact (C:H) combined with low attack complexity and no required privileges makes this a meaningful data-exfiltration risk for browser users visiting untrusted web content.
Cross-origin data leakage in Google Chrome's ANGLE graphics component (versions prior to 149.0.7827.53) allows an unauthenticated remote attacker to read sensitive data belonging to other web origins by enticing a user to visit a specially crafted HTML page. The root cause is an uninitialized variable use (CWE-457) within ANGLE - Chrome's OpenGL ES translation layer - which can expose heap or stack memory contents across origin boundaries. No active exploitation is confirmed (not listed in CISA KEV), and the EPSS score of 0.03% (11th percentile) indicates low observed exploitation probability at time of analysis.
Uninitialized memory exposure in Google Chrome's ANGLE graphics library prior to version 149.0.7827.53 enables remote unauthenticated attackers to read potentially sensitive data from browser process memory by luring a victim to a crafted HTML page. The CVSS vector (PR:N/UI:R/C:H) confirms no attacker privileges are required but victim interaction is mandatory - the attack is entirely browser-side and exploits how ANGLE handles graphics state without zeroing memory first. No public exploit code exists and EPSS sits at 0.03% (11th percentile), indicating low observed exploitation interest despite the High confidentiality impact rating.
Remote code execution in Google Chrome versions prior to 149.0.7827.53 allows attackers to execute arbitrary code within the renderer sandbox through a use-after-free flaw in the Canvas component. Exploitation requires a victim to visit a crafted HTML page, and no public exploit has been identified at time of analysis. Google rates this as Medium severity internally despite the CVSS 8.8 score, reflecting the sandbox containment limit.
Insufficient policy enforcement in Google Chrome's Autofill subsystem (versions prior to 149.0.7827.53) enables remote unauthenticated attackers to bypass discretionary access control, resulting in high-integrity impact when a victim visits a crafted HTML page. The CVSS vector (AV:N/AC:L/PR:N/UI:R/I:H) confirms the attack is network-delivered, low-complexity, and requires no privileges, though user interaction is a prerequisite. No public exploit code or active exploitation has been identified at time of analysis, and the EPSS score of 0.02% (4th percentile) reflects low observed exploitation pressure.
Remote code execution in Google Chrome on Linux versions prior to 149.0.7827.53 allows a remote attacker to exploit a use-after-free condition in the Chromoting component via malicious network traffic. The flaw carries a CVSS 3.1 score of 8.1 (high) with no public exploit identified at time of analysis and an EPSS probability of 0.04%, though Google rates the Chromium severity as Low. The vendor has shipped a fix in the stable channel update for desktop.
Same-origin policy bypass in Google Chrome's Network component (versions prior to 149.0.7827.53) enables a post-compromise attacker who already controls the renderer process to subvert cross-origin enforcement via a crafted HTML page. The CVSS integrity impact is rated High (I:H), but exploitation is gated behind a required renderer-process pre-compromise, substantially raising the real-world attack bar. No public exploit code exists and no CISA KEV listing is present; EPSS stands at 0.02% (6th percentile), consistent with Google's own Low severity rating for this issue.
Domain spoofing via Tab Strip UI misrepresentation in Google Chrome prior to 149.0.7827.53 enables remote unauthenticated attackers to deceive users into believing they are visiting a legitimate domain by serving a crafted HTML page that corrupts the displayed origin in the tab strip. The CVSS vector (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) confirms network-accessible exploitation requiring no privileges but requiring user interaction, with integrity impact reflecting successful identity deception rather than data exfiltration or code execution. No public exploit code exists and EPSS at 0.03% (11th percentile) reflects negligible observed exploitation activity; this is not currently listed in the CISA KEV catalog.
UI spoofing in Google Chrome's PointerLock API prior to version 149.0.7827.53 allows an attacker who has already compromised the renderer process to manipulate browser UI presentation via a crafted HTML page. The CVSS score of 4.3 (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) reflects limited integrity-only impact with no confidentiality or availability consequences, and Google itself rated this 'Low' severity. No public exploit has been identified and the EPSS score of 0.05% (15th percentile) confirms very low real-world exploitation probability at time of analysis.
Site isolation bypass in Google Chrome's Navigation component allows a remote attacker who has already compromised the renderer process to break Chrome's cross-origin security boundary via a crafted HTML page. Affected versions are all Chrome releases prior to 149.0.7827.53. The CVSS vector (I:H) reflects high integrity impact against protected origins, but the real-world risk is substantially gated by the prerequisite of renderer process compromise - a condition Google itself rates as 'Low' severity in Chromium's internal classification. No public exploit code or CISA KEV listing has been identified at time of analysis.
Navigation restriction bypass in Google Chrome prior to 149.0.7827.53 allows remote unauthenticated attackers to circumvent Chrome's built-in navigation controls by delivering a crafted HTML page to a victim. The flaw stems from an inappropriate implementation in Chrome's Navigation subsystem (CWE-693: Protection Mechanism Failure), yielding low integrity impact with no confidentiality or availability consequences. No public exploit has been identified at time of analysis and EPSS exploitation probability is 0.02% (4th percentile), consistent with Google Chromium's own Low severity classification for this issue.
Remote code execution in Google Chrome on Windows prior to version 149.0.7827.53 allows a remote attacker to run arbitrary code when a victim is lured into performing specific UI gestures involving a malicious file delivered through the PlatformIntegration component. The flaw stems from improper input validation (CWE-20) and, while a vendor patch is available, no public exploit has been identified at time of analysis and EPSS scoring (0.04%) indicates very low near-term exploitation probability.
Site isolation bypass in Google Chrome's Fenced Frames component allows an attacker who has already compromised the renderer process to cross origin boundaries via a crafted HTML page. Affected versions are all Chrome releases prior to 149.0.7827.53 on desktop platforms. No public exploit code has been identified at time of analysis, and EPSS sits at a low 0.02% (4th percentile), consistent with Chromium's own 'Low' severity rating despite the 6.5 CVSS score - real-world risk is contingent on a separate, preceding renderer exploit.
UI spoofing in Google Chrome's File Input component (versions prior to 149.0.7827.53) enables remote attackers to misrepresent security-critical interface elements to users through specially crafted HTML pages. The attacker must convince a target to perform specific UI gestures - such as drag-and-drop or deliberate click sequences - to trigger incorrect rendering of the browser's file selection security UI. No public exploit identified at time of analysis; EPSS at 0.03% (11th percentile) signals very low exploitation probability, consistent with no CISA KEV listing.
Domain spoofing in Google Chrome's Cronet networking library on Android (versions prior to 149.0.7827.53) enables remote unauthenticated attackers to misrepresent domain names to victims browsing on Android devices. The CVSS vector (AV:N/AC:L/PR:N/UI:R/I:H) confirms high integrity impact with no privileges required, contingent on victim interaction with a crafted URL. EPSS at 0.03% (11th percentile) and no CISA KEV listing indicate no public exploitation at time of analysis, making this primarily a targeted phishing-enablement risk rather than an actively weaponized vector.
Cross-origin data leakage in Google Chrome for iOS prior to version 149.0.7827.53 enables a remote unauthenticated attacker to read sensitive data from cross-origin resources by tricking a user into visiting a crafted HTML page. The flaw stems from an inappropriate implementation in the iOS-specific Chrome code path (CWE-346: Origin Validation Error), undermining the browser's Same-Origin Policy enforcement on Apple's platform. No public exploit code exists and no active exploitation is confirmed; with an EPSS of 0.03% (11th percentile), real-world risk is currently assessed as low despite the high confidentiality impact in the CVSS scoring.
Sandbox escape in Google Chrome prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page that abuses Reading Mode's insufficient input validation. The CVSS 9.6 rating reflects the scope-changing impact (S:C) when chained from a renderer compromise, though EPSS is very low (0.05%) and no public exploit identified at time of analysis. Chromium rates the underlying issue Medium severity, reflecting that prior renderer compromise is a prerequisite.
Cross-origin data leakage in Google Chrome's DevTools component (prior to 149.0.7827.53) enables an attacker to bypass same-origin policy enforcement through a crafted malicious extension. Exploitation requires convincing a target user to install the attacker-controlled extension, after which cross-origin data can be exfiltrated via insufficient DevTools policy controls. No public exploit code has been identified at time of analysis, and the EPSS score of 0.01% (1st percentile) indicates very low observed exploitation probability; the vulnerability is not listed in the CISA KEV catalog.
Remote code execution in Google Chrome versions prior to 149.0.7827.53 stems from an integer overflow in the V8 JavaScript engine that allows a remote attacker to execute arbitrary code within the renderer sandbox via a crafted HTML page. The flaw requires user interaction (visiting a malicious page) and currently has no public exploit identified at time of analysis, with an EPSS score of 0.04% indicating very low near-term exploitation probability. Chromium rates the security severity as Medium despite the 8.8 CVSS score, and SSVC indicates no observed exploitation though technical impact is total.
Safe Browsing bypass in Google Chrome prior to 149.0.7827.53 allows a remote attacker to circumvent discretionary access control protections by delivering a specially crafted RAR file to a victim who interacts with it. The CVSS vector (AV:N/AC:L/PR:N/UI:R) confirms no authentication or elevated privileges are required on the attacker side, but exploitation depends on user interaction - the victim must engage with the malicious RAR file. The integrity impact is rated High (I:H) with no confidentiality or availability impact, indicating the primary risk is bypassing file-based access controls enforced by the Safe Browsing subsystem. No public exploit identified at time of analysis, and EPSS at 0.02% (4th percentile) reflects very low observed exploitation probability.
Sensitive information disclosure in Google Chrome's Passwords component (prior to 149.0.7827.53) allows a remote attacker who has already compromised the renderer process to read potentially sensitive data - including password material - from process memory by delivering a crafted HTML page. The attack carries a CVSS 6.5 (Medium) rating with high confidentiality impact and no integrity or availability consequence. No public exploit has been identified at time of analysis, and EPSS places exploitation probability at 0.03% (11th percentile), consistent with the non-trivial prerequisite of prior renderer compromise.
Memory information disclosure in Google Chrome's Codecs component affects all desktop versions prior to 149.0.7827.53, enabling remote unauthenticated attackers to read potentially sensitive data from browser process memory when a user visits a specially crafted HTML page. The root cause is a use-after-free (CWE-416) in the media codec subsystem, yielding high confidentiality impact with no integrity or availability consequences per CVSS. EPSS is very low at 0.03% (11th percentile) and SSVC confirms no active exploitation, placing this firmly in the routine patch category despite its Medium severity score.
Sandbox escape in Google Chrome versions prior to 149.0.7827.53 allows remote attackers to break out of the browser's renderer sandbox by sending malicious network traffic processed by the Autofill component. The flaw is rated CVSS 9.6 due to scope change and high impact across confidentiality, integrity, and availability, though Chromium itself assigns it Medium severity and EPSS exploitation probability is currently very low (0.05%). No public exploit identified at time of analysis, but a vendor-released patch is available.
Cross-origin data leakage via ServiceWorker policy bypass in Google Chrome affects all desktop versions prior to 149.0.7827.53. Insufficient policy enforcement in Chrome's ServiceWorker API allows unauthenticated remote attackers to read sensitive cross-origin data from a victim's browser session by directing the victim to a crafted HTML page. EPSS exploitation probability is very low at 0.03% (11th percentile), no public exploit code has been identified, and no CISA KEV listing exists at time of analysis - making this a moderate confidentiality risk that warrants patching but is not an immediate emergency for most organizations.
Universal Cross-Site Scripting (UXSS) in Google Chrome for iOS prior to 149.0.7827.53 allows a remote, unauthenticated attacker to inject arbitrary scripts or HTML across origin boundaries by delivering a crafted QR code and convincing the target to perform specific UI gestures within the browser. The CVSS Scope:Changed rating confirms this bypasses the same-origin policy, meaning injected scripts can access sessions and data from other open origins. No public exploit code has been identified at time of analysis, and the EPSS score of 0.07% (22nd percentile) indicates low observed exploitation probability, though the attack is fully network-accessible once social engineering is achieved. Note: the 'RCE' tag attached to this CVE is inconsistent with the description, which describes UXSS - not OS-level code execution - and should be treated as a tagging error.
Navigation restriction bypass in Google Chrome for iOS (versions prior to 149.0.7827.53) exploits an inappropriate implementation within the Signin component, enabling a remote attacker to circumvent navigation controls by delivering a crafted HTML page to a victim. Per CVSS (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N), no authentication is required by the attacker, but user interaction is necessary - the victim must visit or load the malicious page. No public exploit has been identified at time of analysis, SSVC reports exploitation as none, and the EPSS score of 0.02% (4th percentile) indicates very low likelihood of opportunistic exploitation; nevertheless, the high integrity impact warrants prompt patching on all managed iOS Chrome deployments.
Cross-origin data leakage in Google Chrome's GPU implementation on macOS allows remote unauthenticated attackers to exfiltrate sensitive cross-origin information by luring a user to a crafted HTML page. Affected are all Chrome releases on Mac prior to 149.0.7827.53. The vulnerability stems from an inappropriate GPU implementation (CWE-200) and carries no publicly available exploit at time of analysis; EPSS sits at 0.03% (11th percentile), indicating low current exploitation probability. No active exploitation has been confirmed by CISA KEV.
Sandbox escape in Google Chrome for iOS prior to 149.0.7827.53 allows a remote attacker who lures a victim to a malicious page to potentially break out of Chrome's renderer sandbox via crafted HTML. The flaw is rated CVSS 8.8 (High) due to high confidentiality, integrity, and availability impact, though Chromium internally classifies severity as Medium and EPSS exploitation probability is currently very low (0.05%). No public exploit identified at time of analysis.
Remote code execution in Google Chrome versions prior to 149.0.7827.53 stems from a use-after-free condition in the ServiceWorker component that can be triggered by a malicious browser extension. An attacker who convinces a user to install a crafted Chrome Extension can achieve arbitrary code execution within the renderer context. No public exploit has been identified at time of analysis and EPSS exploitation probability is very low at 0.01%, but the high CVSS score (8.8) reflects the severe potential impact.
Cross-origin data leakage in Google Chrome's WebRTC subsystem (versions prior to 149.0.7827.53) allows a remote unauthenticated attacker to read data across origin boundaries when a victim visits a crafted HTML page. The vulnerability carries a CVSS 6.5 Medium score with high confidentiality impact, but mandatory user interaction prevents automated mass exploitation - consistent with SSVC Automatable: no and an EPSS of 0.03% (10th percentile). No public exploit code exists and this CVE is not listed in the CISA Known Exploited Vulnerabilities catalog at time of analysis.
Cross-origin data leakage in Google Chrome's WebRTC implementation allows a network-positioned attacker to extract sensitive cross-origin information via crafted malicious network traffic. Affected versions are all Chrome releases prior to 149.0.7827.53; the fix is available in the stable channel update. No public exploit exists and no active exploitation has been identified - EPSS sits at 0.02% (4th percentile) and CISA SSVC assesses exploitation as none and automation as not feasible, placing real-world urgency well below the raw CVSS confidentiality impact suggests.
Sandbox escape in Google Chrome versions prior to 149.0.7827.53 allows a remote attacker to break out of the browser's renderer sandbox by serving a crafted video file processed by Chrome's media codec stack. The flaw stems from insufficient validation of untrusted input in the Codecs component and requires the victim to load attacker-controlled video content, but successful exploitation yields cross-origin impact (Scope: Changed) with high confidentiality, integrity, and availability impact. No public exploit identified at time of analysis and EPSS exploitation probability is low (0.05%, 15th percentile), though the 9.6 CVSS rating and sandbox-escape primitive make this a high-priority browser patch.
Same-origin policy bypass in Google Chrome's Workers subsystem (versions prior to 149.0.7827.53) permits a remote attacker who has already compromised the renderer process to circumvent cross-origin restrictions via a crafted HTML page, resulting in high-severity integrity impact (CVSS I:H). The flaw, rooted in insufficient policy enforcement (CWE-284), functions as a second-stage chained exploit rather than an initial access vector, requiring renderer compromise as a prerequisite. No active exploitation has been identified (SSVC: exploitation none; EPSS 0.02%), and a vendor-released patch is available as of Chrome 149.0.7827.53.
Type confusion in Google Chrome's XML processing engine exposes process memory contents to remote attackers who can deliver a crafted XML file to a victim. Versions prior to 149.0.7827.53 are affected, with confidentiality impact rated High (C:H) despite an overall CVSS score of 6.5 due to the required user interaction. No public exploit code has been identified and EPSS stands at 0.03% (11th percentile), indicating low observed exploitation pressure; no KEV listing confirms active exploitation at this time.
Cross-origin data leakage in Google Chrome's MHTML implementation prior to version 149.0.7827.53 exposes sensitive user data to remote attackers via crafted HTML pages. The flaw stems from improper origin validation (CWE-346) in MHTML handling, allowing an attacker-controlled page to read data across origin boundaries - a significant breach of the browser's same-origin policy. Exploitation requires convincing a victim to perform specific UI gestures, and no public exploit or active exploitation has been identified at time of analysis; EPSS probability is very low at 0.03% (11th percentile).
Cross-origin data leakage in Google Chrome's Network implementation prior to version 149.0.7827.53 allows a remote unauthenticated attacker to read sensitive cross-origin data by luring a victim to a crafted HTML page. Rooted in CWE-346 (Origin Validation Error), the flaw permits the Network component to expose data across origin boundaries that same-origin policy should protect. No public exploit code or active exploitation (CISA KEV) has been identified; EPSS of 0.03% (11th percentile) places real-world exploitation probability as very low at time of analysis.
Insufficient policy enforcement in Google Chrome's Password Manager component (versions prior to 149.0.7827.53) allows a remote, unauthenticated attacker to bypass discretionary access control by delivering a crafted HTML page to a victim. Per the CVSS vector (C:N/I:N/A:H), the confirmed impact is high availability disruption - notably not credential exfiltration - suggesting the bypass degrades or denies Password Manager functionality rather than exposing stored credentials. No public exploit exists and EPSS sits at 0.02% (4th percentile), indicating no widespread exploitation pressure at time of analysis.
UI spoofing in Google Chrome's Password Manager component (versions prior to 149.0.7827.53) allows a remote unauthenticated attacker to manipulate the Password Manager's visual interface via crafted malicious network traffic, potentially deceiving users about credential prompts or password state. Exploitation requires user interaction (CVSS UI:R), limiting opportunistic mass exploitation. No public exploit code exists and no active exploitation is confirmed - EPSS sits at just 0.05% (15th percentile), consistent with a low-priority medium-severity browser component flaw. A vendor-released patch is available in Chrome 149.0.7827.53.
Out-of-bounds memory access in the ANGLE graphics translation layer of Google Chrome before 149.0.7827.53 allows a remote attacker to read or corrupt memory by luring a user to a crafted HTML page. The flaw carries a CVSS 8.8 rating due to high impact on confidentiality, integrity, and availability, though Chromium rates the security severity as Medium and EPSS is very low (0.03%). No public exploit identified at time of analysis, and the issue is not on the CISA KEV list.
Discretionary access control bypass in Google Chrome's Extensions subsystem affects all versions prior to 149.0.7827.53, enabling integrity compromise without exposing confidential data. Exploitation requires convincing a target user to install a crafted malicious Chrome Extension, placing social engineering at the center of any attack path. No public exploit code exists and no active exploitation has been confirmed; EPSS sits at 0.01% (1st percentile), indicating very low observed exploitation probability at time of analysis.
Navigation restriction bypass in Google Chrome DevTools (all versions prior to 149.0.7827.53) enables circumvention of browser navigation controls through a crafted malicious Chrome Extension. Exploitation requires convincing a target user to install the malicious extension, placing this firmly in social-engineering territory rather than opportunistic mass exploitation. EPSS is extremely low at 0.02% (4th percentile), no public exploit code has been identified, and there is no CISA KEV listing, making this a moderate-priority integrity-only issue despite the CVSS 6.5 score.
Sandbox escape in Google Chrome for Android before 149.0.7827.53 lets a remote attacker exploit a use-after-free in the USB component by luring a victim to a crafted HTML page, potentially breaking out of the renderer sandbox. CVSS 8.8 reflects the high impact across confidentiality, integrity, and availability, though successful attack requires user interaction (visiting the page). No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Navigation restriction bypass in Google Chrome's Glic component (versions prior to 149.0.7827.53) enables remote attackers to circumvent browser navigation controls by delivering a crafted HTML page that the victim must open. The vulnerability is rooted in an inappropriate implementation (CWE-284, Improper Access Control) within the Glic subsystem and yields limited but multi-dimensional impact across confidentiality, integrity, and availability (C:L/I:L/A:L). No public exploit identified at time of analysis and this CVE does not appear in CISA KEV; Google has assigned a 'Medium' severity rating consistent with the CVSS 6.3 score.
Universal Cross-Site Scripting (UXSS) in Google Chrome's CSS implementation prior to version 149.0.7827.53 allows remote unauthenticated attackers to inject arbitrary scripts or HTML across origin boundaries via a crafted HTML page, requiring only user interaction. The Scope:Changed CVSS component (S:C) confirms this bypasses Chrome's Same-Origin Policy, enabling access to content from other origins in the victim's browser session. No public exploit code has been identified at time of analysis, and this is not listed in CISA KEV; however, UXSS classes in major browsers are historically targeted by threat actors for session hijacking and credential theft.
Arbitrary code execution within the Chrome renderer sandbox is possible in Google Chrome versions prior to 149.0.7827.53 due to a use-after-free defect in the V8 JavaScript engine. Exploitation requires social engineering a user into installing a malicious Chrome Extension, after which a crafted extension can trigger the memory corruption and run attacker-controlled code inside the sandboxed process. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Navigation restriction bypass in Google Chrome prior to 149.0.7827.53 allows a remote, unauthenticated attacker to circumvent policy enforcement in the browser's Actor component by delivering a crafted HTML page to a target user. The flaw (CWE-602) enables unauthorized navigation actions that could expose users to cross-origin manipulation or redirects with low but non-trivial confidentiality, integrity, and availability impact. No public exploit has been identified at time of analysis, and EPSS of 0.02% combined with SSVC exploitation status of none indicates limited active threat, though the broad attack surface of any Chrome desktop user visiting a malicious page warrants timely patching.
Out-of-bounds read in Chrome's GWP-ASan memory safety subsystem (versions prior to 149.0.7827.53) enables a local attacker to disclose potentially sensitive contents from process memory by delivering a malicious file to the target. The vulnerability carries a CVSS 6.5 Medium score with high confidentiality impact but no integrity or availability impact, consistent with a pure information-disclosure class. No public exploit code has been identified at time of analysis, EPSS exploitation probability is extremely low at 0.01% (1st percentile), and SSVC assessment confirms no known active exploitation, collectively indicating a low near-term threat priority despite the notable confidentiality impact rating.
Cross-origin data leakage in Google Chrome's SVG implementation affects all desktop versions prior to 149.0.7827.53, enabling remote attackers to exfiltrate sensitive data from other origins via a crafted HTML page. The flaw exploits Chrome's SVG rendering pipeline to violate the Same-Origin Policy, exposing confidential data such as authenticated session content or cross-site resources. No public exploit identified at time of analysis, and EPSS probability is very low (0.03%, 11th percentile), though the zero-privilege-required, low-complexity attack path warrants prompt patching for any internet-facing user population.
Same-origin policy bypass in Google Chrome's Media Session component (prior to 149.0.7827.53) enables remote attackers to violate cross-origin isolation via a crafted HTML page. The vulnerability stems from an inappropriate implementation (CWE-346: Origin Validation Error) in the Media Session API, which fails to properly enforce origin boundaries. No public exploit code and no active exploitation (CISA KEV) have been identified at time of analysis; EPSS sits at 0.02% (4th percentile), consistent with low observed exploitation activity.
Cross-origin data leakage via Google Chrome's SVG implementation (all versions prior to 149.0.7827.53) enables remote unauthenticated attackers to exfiltrate sensitive information from foreign origins by luring a victim to a crafted HTML page. The flaw reflects an inappropriate SVG rendering implementation that fails to enforce cross-origin isolation boundaries, producing a high confidentiality impact with no integrity or availability consequences. EPSS is very low at 0.03% (11th percentile), no public exploit code has been identified, and no CISA KEV listing exists at time of analysis, suggesting limited observed exploitation despite the medium-severity CVSS score.
Site isolation bypass in Google Chrome versions prior to 149.0.7827.53 allows remote attackers to circumvent a core browser security boundary via a crafted HTML page. The flaw resides in the Opaque Response Blocking (ORB) implementation and requires user interaction (visiting a malicious page), with no public exploit identified at time of analysis and an EPSS score of 0.02% indicating low near-term exploitation likelihood.
Cross-origin data leakage in Google Chrome's WebView component on Android allows an unauthenticated remote attacker to read data from origins outside the attacker's own domain by enticing a user to visit a crafted HTML page. Affected are all Android Chrome versions prior to 149.0.7827.53. No public exploit exists and SSVC classifies exploitation as none, but the network-accessible, low-complexity attack vector warrants patching for Android-heavy enterprise environments handling sensitive cross-origin content.
Heap corruption in Google Chrome's Omnibox component prior to version 149.0.7827.53 allows remote attackers to potentially execute arbitrary code via a use-after-free condition triggered by a crafted HTML page combined with specific user interface gestures. The flaw carries a CVSS 8.8 (High) rating, though Chromium's internal triage assigned only Medium severity, and EPSS estimates exploitation probability at just 0.03%. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Cross-origin data leakage in Google Chrome's Media subsystem (all versions prior to 149.0.7827.53) enables a remote attacker to read sensitive data from other web origins by inducing a user to visit a specially crafted HTML page. The flaw stems from an inappropriate implementation in Media that fails to correctly enforce origin boundaries (CWE-346), resulting in high confidentiality impact per CVSS (C:H) with no integrity or availability consequence. No active exploitation is confirmed - CISA KEV is absent and EPSS sits at 0.03% (11th percentile) - but the confidentiality vector is significant for users accessing sensitive cross-origin content concurrently.
UI spoofing in Google Chrome for Android prior to 149.0.7827.53 allows remote attackers to deceive users via crafted HTML pages that abuse the Messages component's security UI. Exploitation requires user interaction with a malicious page, and no public exploit has been identified at time of analysis. Despite a CVSS score of 8.8, EPSS exploitation probability is very low (0.03%, 11th percentile) and the issue is rated Medium by Chromium's own severity scale.
Site Isolation bypass in Google Chrome prior to 149.0.7827.53 enables a remote attacker - who has already compromised the renderer process - to escape cross-origin protections via a crafted HTML page, exposing high-confidentiality data from other origins loaded in the browser. This is a chained, second-stage exploit component: it does not function standalone but amplifies the impact of a separate renderer compromise by breaking Chrome's primary cross-site data isolation boundary. No public exploit code has been identified at time of analysis, and the EPSS score of 0.02% (4th percentile) reflects low current exploitation probability despite the high confidentiality impact rating.
Out-of-bounds write in the V8 JavaScript engine of Google Chrome prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to execute arbitrary code within the sandbox via a crafted HTML page. The flaw requires user interaction (visiting a malicious page) and prior renderer compromise, and no public exploit identified at time of analysis. CVSS 8.8 reflects high impact across confidentiality, integrity, and availability, though Google classifies the Chromium severity as Medium.
UI spoofing in Google Chrome on Android prior to 149.0.7827.53 allows remote attackers to misrepresent the Contact Picker security UI via a crafted HTML page, potentially tricking users into disclosing contact information. Chromium rates the underlying severity as Medium, and no public exploit has been identified at time of analysis. EPSS probability is very low (0.03%), and the issue is not listed in CISA KEV.
Remote code execution in Google Chrome's Blink rendering engine prior to 149.0.7827.53 allows remote attackers to execute arbitrary code within the renderer sandbox by enticing a user to visit a crafted HTML page. The flaw stems from an integer overflow (CWE-472) in Blink and carries a CVSS 3.1 score of 8.8; no public exploit identified at time of analysis, though a vendor patch has been released through the Chrome Stable channel update.
OS-level privilege escalation in Google Chrome on Linux prior to 149.0.7827.53 allows remote attackers to escalate privileges via malicious network traffic targeting the Chromoting (Chrome Remote Desktop) component. Google has released a patched stable channel update, and while no public exploit has been identified at time of analysis, the network-based attack vector and high impact across confidentiality, integrity, and availability warrant prompt patching. EPSS probability is very low (0.03%), and the issue is not listed in CISA KEV.
Universal cross-site scripting (UXSS) in Google Chrome versions prior to 149.0.7827.53 allows a remote attacker to inject arbitrary scripts or HTML into the context of other origins via a crafted XML file. The flaw stems from an inappropriate implementation in Chrome's XML handling (CWE-91, XML Injection), enabling same-origin policy bypass when a user is lured into loading attacker-controlled content. No public exploit has been identified at time of analysis, and EPSS exploitation probability is low at 0.06% (18th percentile).
Information disclosure in Google Chrome's Extensions subsystem prior to version 149.0.7827.53 enables a remote attacker who has already compromised the renderer process to read potentially sensitive data from process memory by delivering a crafted HTML page. This is a second-stage vulnerability requiring a pre-existing renderer compromise as a hard prerequisite, making it a chained attack component rather than a standalone exploit. No public exploit code exists and CISA has not added this to the KEV catalog; the EPSS score of 0.03% and SSVC exploitation-status of 'none' are mutually consistent with no observed active exploitation.
Sandbox escape in Google Chrome on Android prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the WebView sandbox via a crafted HTML page. The flaw stems from an inappropriate implementation in WebView and is chained behind a prior renderer compromise, requiring user interaction. No public exploit identified at time of analysis, and EPSS sits at 0.03% (10th percentile), indicating no current evidence of widespread exploitation despite the high CVSS score of 9.6.
Universal Cross-Site Scripting (UXSS) in Google Chrome's SVG implementation prior to version 149.0.7827.53 allows remote unauthenticated attackers to bypass same-origin policy by injecting arbitrary scripts or HTML across origins via a crafted HTML page. Exploitation requires user interaction and high attack complexity (CVSS AC:H/UI:R), and EPSS at 0.06% (18th percentile) reflects limited real-world exploitation activity. No active exploitation is confirmed by CISA KEV and no public exploit code has been identified at time of analysis.
Sandbox escape in Google Chrome on iOS before 149.0.7827.53 can be triggered by a remote attacker who lures a user to a malicious HTML page that abuses a use-after-free condition in the WebMIDI subsystem. Successful exploitation breaks out of the renderer sandbox with high confidentiality, integrity, and availability impact, though no public exploit is identified at time of analysis and EPSS probability is very low (0.03%).
Remote code execution in Google Chrome's Blink rendering engine prior to version 149.0.7827.53 allows a remote attacker to execute arbitrary code within the renderer sandbox by luring a user to a crafted HTML page. The flaw is a use-after-free memory corruption issue (CWE-416) tagged for RCE and DoS impact, and no public exploit has been identified at time of analysis. CISA SSVC currently lists exploitation as 'none' despite the high CVSS 8.8 score, indicating significant theoretical impact but no observed in-the-wild activity yet.
Sandbox escape in Google Chrome on Android prior to 149.0.7827.53 allows remote attackers to break out of the browser's renderer sandbox via a use-after-free in the Messages component triggered by a crafted HTML page. The CVSS vector indicates a scope-changing impact requiring only user interaction (visiting a malicious page), and a vendor patch is available. No public exploit identified at time of analysis and EPSS is low (0.03%), but the sandbox-escape primitive makes this a high-priority browser update.
Cross-origin data leakage in Google Chrome's CSS implementation exposes sensitive information from other origins when a user visits a crafted HTML page. Affected are all Chrome versions prior to 149.0.7827.53 on desktop platforms. An unauthenticated remote attacker can exploit this to read data from cross-origin contexts, violating the browser's Same-Origin Policy via a CSS-based side channel or direct information disclosure path. No public exploit identified at time of analysis, and EPSS at 0.03% (11th percentile) signals low current exploitation activity.
Cross-origin data leakage in Google Chrome's DataTransfer API allows unauthenticated remote attackers to read data across origins by directing a victim to a crafted HTML page, affecting all Chrome desktop versions prior to 149.0.7827.53. The CVSS vector (AV:N/AC:L/PR:N/UI:R/C:L) confirms network accessibility without attacker authentication, but requires user interaction and yields only limited confidentiality impact with no integrity or availability consequences. No active exploitation is confirmed (not in CISA KEV), and EPSS at 0.03% (11th percentile) consistently signals low current exploitation probability.
Out-of-bounds read in the Input component of Google Chrome on Linux (all versions prior to 149.0.7827.53) exposes potentially sensitive process memory to remote attackers. Exploitation requires delivering a crafted HTML page and inducing a Linux user to visit it (CVSS UI:R), after which the browser's Input handler reads beyond allocated buffer bounds, leaking in-memory data. No public exploit has been identified at time of analysis, EPSS sits at 0.03% (11th percentile) indicating low current exploitation probability, and there is no CISA KEV listing - though the High confidentiality impact (C:H) warrants timely patching given Chrome's broad deployment on Linux.
Cross-origin data leakage in Google Chrome's Skia graphics library affects all versions prior to 149.0.7827.53, exploitable via a crafted HTML page requiring only a single user visit. The root cause (CWE-457: use of uninitialized memory) in Chrome's Skia rendering backend allows residual memory contents to be exposed across origin boundaries, violating the browser's same-origin policy. No public exploit identified at time of analysis; EPSS at 0.03% (11th percentile) and absence from CISA KEV indicate low real-world exploitation probability at this time.
Sandbox escape in Google Chrome on macOS prior to 149.0.7827.53 allows a local attacker to break out of the browser sandbox via a crafted AppleScript command targeting the Downloads component. The flaw stems from insufficient input validation (CWE-20) and is rated CVSS 8.6 due to scope change and high impact across confidentiality, integrity, and availability. No public exploit identified at time of analysis, and EPSS exploitation probability is very low at 0.02% (4th percentile).
Script injection via Chrome's Accessibility component allows a remote attacker who convinces a victim to install a malicious extension to perform Universal Cross-Site Scripting (UXSS), injecting arbitrary scripts or HTML into web page contexts the user visits. Affected are all Chrome desktop versions prior to 149.0.7827.53. EPSS is 0.01% (2nd percentile) and this vulnerability is not in CISA KEV, indicating very low real-world exploitation probability at time of analysis; however, the social-engineering prerequisite (malicious extension installation) remains a credible threat vector in targeted campaigns.
Cross-origin data leakage in Google Chrome prior to 149.0.7827.53 allows a remote unauthenticated attacker to read sensitive cross-origin data by luring a user to a crafted HTML page that exploits an inappropriate CSS implementation. The CVSS vector (AV:N/AC:L/PR:N/UI:R) confirms network-exploitable, no-privilege-required exploitation with a single user interaction as the only barrier. No public exploit has been identified and EPSS sits at 0.03% (11th percentile), indicating low current exploitation interest despite the low attack complexity.
Cross-origin data leakage in Google Chrome prior to 149.0.7827.53 allows remote unauthenticated attackers to read sensitive cross-origin information by directing a victim to a crafted HTML page that exploits an inappropriate CSS implementation. The CVSS vector (AV:N/AC:L/PR:N/UI:R) confirms network delivery with no privilege requirement, limited only by the need for user interaction. EPSS is 0.03% (11th percentile) and no public exploit has been identified at time of analysis; however, Google has issued a confirmed patch in the stable channel release, and the CWE-352/CSRF tag alongside the data-leakage description suggests a novel or hybrid attack class that security teams should monitor for further clarification.
Sandbox escape in Google Chrome versions prior to 149.0.7827.53 stems from a use-after-free in the Dawn WebGPU implementation, enabling a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. No public exploit identified at time of analysis, and EPSS probability is very low (0.03%), though Google has released a stable channel update addressing the flaw.
Cross-origin information disclosure in Google Chrome's Forms component prior to version 149.0.7827.53 allows a remote attacker to leak sensitive data from other origins through a crafted HTML page. The flaw is rated CVSS 9.1 due to high confidentiality and integrity impact over the network without authentication, though Google's Chromium team internally rated it Medium severity. No public exploit identified at time of analysis and EPSS exploitation probability is very low (0.03%, 11th percentile).
Sandbox escape in Google Chrome's Dawn (WebGPU) component prior to version 149.0.7827.53 allows a remote attacker to break out of the renderer sandbox by luring a user to a crafted HTML page. The flaw is a use-after-free (CWE-416) object lifecycle bug; no public exploit identified at time of analysis, and EPSS exploitation probability is very low at 0.03% (11th percentile). Google rates the underlying Chromium severity as Medium, but the CVSS 3.1 score of 9.6 reflects the scope change inherent to a sandbox escape.
Sandbox escape in Google Chrome prior to 149.0.7827.53 allows remote attackers who have already compromised the renderer process to break out of the browser sandbox via a crafted HTML page targeting the Password Manager component. The flaw is rated CVSS 7.5 (High) with EPSS at 0.05% (15th percentile) and no public exploit identified at time of analysis, though Google has shipped a patched stable channel release.
Universal Cross-Site Scripting (UXSS) in Google Chrome's XML processing component allows remote unauthenticated attackers to inject arbitrary scripts or HTML across origin boundaries by luring a victim to a crafted HTML page. All Chrome versions prior to 149.0.7827.53 are affected, with the Scope:Changed (S:C) CVSS vector confirming this vulnerability can bypass the Same-Origin Policy - the defining characteristic of UXSS. No public exploit code has been identified at time of analysis, and the EPSS score of 0.06% (18th percentile) reflects low observed exploitation probability, though UXSS primitives are historically attractive to threat actors targeting session data and credential theft at scale.
Privilege escalation in Google Chrome prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page that abuses insufficient input validation in the Extensions component. Google rates the Chromium severity as Medium while NVD assigns CVSS 7.5 (High); no public exploit identified at time of analysis and CISA SSVC reports no observed exploitation.
Cross-origin data leakage via an inappropriate CSRF-class implementation in Google Chrome's Payments component on Android prior to 149.0.7827.53 allows network-delivered exploitation when a victim visits a crafted HTML page. The confidentiality impact is rated High by CVSS (C:H), as sensitive payment-related data from one origin can be exposed to an attacker-controlled page. No public exploit has been identified at time of analysis and the EPSS score of 0.01% (1st percentile) indicates a low probability of in-the-wild exploitation, making this a medium-priority patch rather than an emergency response item.
Remote code execution in Google Chrome on Windows prior to 149.0.7827.53 allows attackers to run arbitrary code within the browser sandbox by enticing a user to visit a crafted HTML page that triggers a use-after-free in the WebML component. Although Chromium rates the severity as Medium, the CVSS 3.1 base score is 8.8 (High), reflecting high impact across confidentiality, integrity, and availability with low attack complexity. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Sandbox escape in Google Chrome's Chromoting component prior to version 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. The flaw stems from insufficient input validation (CWE-20) and carries a CVSS 9.6 due to scope change, though Chromium itself rated the severity Medium and EPSS shows only 0.05% exploitation probability with no public exploit identified at time of analysis.
Cross-origin data leakage in Google Chrome for Android (versions prior to 149.0.7827.53) is enabled by a race condition in the Geolocation subsystem, exploitable by a remote unauthenticated attacker who tricks a victim into visiting a crafted HTML page. The CVSS vector (AV:N/AC:L/PR:N/UI:R) confirms network reachability with no required privileges, though user interaction is mandatory. No active exploitation has been confirmed (not in CISA KEV), and EPSS sits at 0.03% (10th percentile), indicating very low real-world exploitation probability despite the High confidentiality impact rating.
Remote code execution in Google Chrome's Media component prior to version 149.0.7827.53 allows a remote attacker to trigger a use-after-free via a crafted video file, achieving arbitrary code execution within the renderer sandbox. The flaw requires user interaction (UI:R) such as visiting a malicious page or opening a hostile video, and no public exploit identified at time of analysis. EPSS is very low (0.04%, 12th percentile), but the network-reachable RCE primitive and broad Chrome install base make timely patching essential.
Out-of-bounds heap read in Google Chrome's Extensions component on Linux exposes sensitive process memory to a malicious extension author. Affected versions are Chrome on Linux prior to 149.0.7827.53; Windows and macOS are not listed as affected. Exploitation requires convincing a target user to install a crafted malicious extension, limiting exposure compared to the CVSS 6.5 score implies - no public exploit identified at time of analysis, and EPSS of 0.01% (1st percentile) reflects low current exploitation probability.
Same-origin policy bypass in Google Chrome's Paint component prior to version 149.0.7827.53 allows a remote, unauthenticated attacker to violate cross-origin integrity protections by inducing a user to visit a crafted HTML page. The flaw stems from insufficient policy enforcement in the Paint subsystem (CWE-639), enabling an attacker to write or manipulate content across origin boundaries, resulting in high integrity impact with no confidentiality or availability loss per the CVSS vector. No public exploit code has been identified at time of analysis, and the EPSS score of 0.02% (4th percentile) indicates very low current exploitation probability.
Uninitialized memory use in Google Chrome's Audio subsystem (versions prior to 149.0.7827.53) enables an attacker who has already compromised the renderer process to read potentially sensitive data from process memory via a crafted HTML page. This is a chained-exploit component - it does not grant initial access but can assist post-renderer-compromise data leakage or ASLR bypass. No KEV listing and an EPSS of 0.03% (11th percentile) indicate no observed widespread exploitation; no public exploit has been identified at time of analysis.
Out-of-bounds read in the Chromecast component of Google Chrome prior to version 149.0.7827.53 enables a remote attacker - who has already compromised the renderer process - to leak potentially sensitive data from process memory by delivering a crafted HTML page. This is a chained vulnerability: exploitation is conditional on a prior renderer compromise, making it a second-stage information-disclosure step rather than a standalone attack. No public exploit code has been identified and EPSS probability stands at 0.05% (15th percentile), consistent with a medium-severity, constrained attack path. Google has released a fix in stable channel 149.0.7827.53.
Cross-origin data leakage in Google Chrome's Paint component (versions prior to 149.0.7827.53) allows a remote unauthenticated attacker to read sensitive cross-origin data by tricking a user into visiting a crafted HTML page. The flaw stems from an inappropriate implementation in Chrome's rendering Paint subsystem that fails to properly enforce cross-origin isolation boundaries. EPSS is low at 0.03% and no active exploitation is confirmed in CISA KEV, but the high confidentiality impact (C:H) combined with low attack complexity and no required privileges makes this a meaningful data-exfiltration risk for browser users visiting untrusted web content.
Cross-origin data leakage in Google Chrome's ANGLE graphics component (versions prior to 149.0.7827.53) allows an unauthenticated remote attacker to read sensitive data belonging to other web origins by enticing a user to visit a specially crafted HTML page. The root cause is an uninitialized variable use (CWE-457) within ANGLE - Chrome's OpenGL ES translation layer - which can expose heap or stack memory contents across origin boundaries. No active exploitation is confirmed (not listed in CISA KEV), and the EPSS score of 0.03% (11th percentile) indicates low observed exploitation probability at time of analysis.
Uninitialized memory exposure in Google Chrome's ANGLE graphics library prior to version 149.0.7827.53 enables remote unauthenticated attackers to read potentially sensitive data from browser process memory by luring a victim to a crafted HTML page. The CVSS vector (PR:N/UI:R/C:H) confirms no attacker privileges are required but victim interaction is mandatory - the attack is entirely browser-side and exploits how ANGLE handles graphics state without zeroing memory first. No public exploit code exists and EPSS sits at 0.03% (11th percentile), indicating low observed exploitation interest despite the High confidentiality impact rating.
Remote code execution in Google Chrome versions prior to 149.0.7827.53 allows attackers to execute arbitrary code within the renderer sandbox through a use-after-free flaw in the Canvas component. Exploitation requires a victim to visit a crafted HTML page, and no public exploit has been identified at time of analysis. Google rates this as Medium severity internally despite the CVSS 8.8 score, reflecting the sandbox containment limit.
Insufficient policy enforcement in Google Chrome's Autofill subsystem (versions prior to 149.0.7827.53) enables remote unauthenticated attackers to bypass discretionary access control, resulting in high-integrity impact when a victim visits a crafted HTML page. The CVSS vector (AV:N/AC:L/PR:N/UI:R/I:H) confirms the attack is network-delivered, low-complexity, and requires no privileges, though user interaction is a prerequisite. No public exploit code or active exploitation has been identified at time of analysis, and the EPSS score of 0.02% (4th percentile) reflects low observed exploitation pressure.