Monthly
Heap corruption in Google Chrome's Views component prior to version 149.0.7827.53 allows a remote attacker to potentially execute code in the renderer when a user is convinced to perform specific UI gestures on a crafted HTML page. The flaw is a use-after-free (CWE-416) carrying a CVSS 8.8 rating, but EPSS is very low at 0.03% (11th percentile) and no public exploit is identified at time of analysis. Google has shipped a patched stable channel build, and Chromium rates the underlying issue as Medium severity.
Sandbox escape in Google Chrome on Windows prior to 149.0.7827.53 enables a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page that exploits insufficient input validation in the Media component. The flaw requires user interaction (visiting a malicious page) and a prior renderer compromise, making it a second-stage capability typically chained with another bug; no public exploit identified at time of analysis and EPSS exploitation probability is low at 0.05%.
Sandbox escape in Google Chrome's ANGLE graphics layer prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. The flaw is a use-after-free (CWE-416) requiring user interaction to visit the malicious page, and no public exploit has been identified at time of analysis despite an EPSS score of 0.03% indicating very low near-term exploitation probability.
Cross-origin data leakage in Google Chrome's Skia graphics library (prior to 149.0.7827.53) enables a remote attacker to read sensitive data from other origins by enticing a user to visit a crafted HTML page. The flaw stems from uninitialized memory use (CWE-457) in Skia, Chrome's 2D rendering engine, where residual memory contents can be exposed across security boundaries. No active exploitation has been confirmed (not in CISA KEV) and EPSS sits at 0.03% (11th percentile), indicating low real-world exploitation probability at time of analysis, though the confidentiality impact is rated High by CVSS.
Subresource Integrity (SRI) policy enforcement failure in Google Chrome prior to 149.0.7827.53 enables remote attackers to bypass Content Security Policy protections via malicious network traffic. Affected users who visit attacker-influenced pages may have tampered scripts or resources loaded without the expected cryptographic hash validation that SRI is designed to enforce, undermining integrity guarantees that web applications depend on as a security boundary. No active exploitation is confirmed (not in CISA KEV), EPSS is very low at 0.02% (6th percentile), and a vendor patch is available at 149.0.7827.53.
Out-of-bounds write in Google Chrome's media Codecs component prior to version 149.0.7827.53 allows a remote attacker to potentially escape the renderer sandbox via a crafted video file. Successful exploitation requires the victim to load attacker-controlled video content, but the resulting scope change (S:C) means the attacker can break out of Chrome's renderer sandbox and impact resources beyond it. No public exploit has been identified at time of analysis and EPSS is very low (0.03%), but the high CVSS reflects the severe impact of a successful sandbox escape.
Same-origin policy bypass in Google Chrome prior to 149.0.7827.53 enables remote unauthenticated attackers to violate cross-origin isolation boundaries through a crafted HTML page, producing high integrity impact with no confidentiality or availability loss. Rooted in an inappropriate DOM implementation (CWE-346: Origin Validation Error), the flaw allows a malicious page to cross origin boundaries and manipulate content or state belonging to a different origin. No public exploit code and no CISA KEV listing exist at time of analysis; the EPSS score of 0.02% (4th percentile) reinforces limited real-world exploitation pressure despite the medium CVSS 6.5 rating.
Local privilege escalation in Google Chrome for Android prior to 149.0.7827.53 stems from an inappropriate implementation in the Custom Tabs component, where a crafted XML file processed by a local attacker can elevate privileges within the browser context. The flaw is rated CVSS 7.3 (Chromium severity Medium) and requires user interaction, with no public exploit identified at time of analysis and a very low EPSS score (0.02%, 4th percentile). A vendor patch is available in the Stable channel update referenced by the Chrome Releases advisory.
Universal Cross-Site Scripting (UXSS) in Google Chrome for Android's Tab Group Sync feature allows remote unauthenticated attackers to inject arbitrary scripts or HTML via malicious network traffic against Chrome versions prior to 149.0.7827.53. The CVSS Changed Scope (S:C) confirms that injected content escapes the vulnerable component's origin boundary, affecting other origins - the defining characteristic of UXSS, which is more severe than conventional XSS because it bypasses the browser-level same-origin policy rather than just application-level controls. No public exploit has been identified at time of analysis, and EPSS at 0.07% (22nd percentile) reflects low current exploitation probability; the vulnerability is not listed in CISA KEV.
Uninitialized memory read in Chrome's WebML component on macOS exposes potentially sensitive process memory contents to remote attackers. Affected are all Chrome versions prior to 149.0.7827.53 on Mac; exploitation requires convincing a user to visit a specially crafted HTML page. No public exploit code or active exploitation (CISA KEV) has been identified, and the EPSS score of 0.03% (10th percentile) reflects low real-world exploitation likelihood at time of analysis.
Cross-origin data leakage in Google Chrome's Password Manager component (versions prior to 149.0.7827.53) enables unauthenticated remote attackers to access sensitive data across security origin boundaries when a victim visits a specially crafted HTML page. The flaw involves an inappropriate implementation of origin validation (CWE-346) within the Password Manager subsystem, potentially exposing saved credentials or autofill data to a malicious origin. No active exploitation has been confirmed - SSVC classifies exploitation as none and EPSS places this in the 11th percentile - though the High confidentiality impact in the CVSS vector reflects meaningful data exposure if triggered.
UI spoofing in Google Chrome's Password Manager component (versions prior to 149.0.7827.53) allows remote unauthenticated attackers to manipulate browser interface elements via crafted malicious network traffic. The flaw stems from insufficient input validation (CWE-20) in the Password Manager subsystem, enabling an attacker to deceive victims about the legitimacy of password prompts or credential states. No public exploit code or active exploitation has been identified; EPSS at 0.05% (15th percentile) reflects low community-assessed exploitation probability, and the mandatory user interaction requirement prevents automated mass exploitation.
Remote heap corruption in Google Chrome prior to 149.0.7827.53 allows attackers to exploit a use-after-free condition in the Network component via crafted network traffic when a user visits or interacts with attacker-controlled content. Rated CVSS 8.8 with a patch available from Google, though EPSS exploitation probability is currently very low (0.03%, 11th percentile) and no public exploit has been identified at time of analysis.
Sandbox escape in Google Chrome on Android before 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page exploiting the Drag and Drop component. The flaw carries a CVSS 9.6 due to scope change, but no public exploit identified at time of analysis and EPSS is very low (0.05%, 15th percentile), indicating limited near-term exploitation likelihood. Google rates the underlying Chromium severity as Medium despite the high CVSS.
Sandbox-contained arbitrary code execution in Google Chrome's Media component affects Linux and ChromeOS builds prior to 149.0.7827.53, where a use-after-free flaw can be triggered via a crafted HTML page. Exploitation requires that the attacker has already compromised the renderer process, meaning this bug functions as a second-stage primitive in a multi-vulnerability chain rather than a standalone RCE. No public exploit identified at time of analysis, and Chromium rates the internal severity as Medium despite the NVD CVSS of 8.8.
Cross-origin data leakage in the Glic component of Google Chrome (prior to 149.0.7827.53) can be triggered by a remote attacker who has already compromised the renderer process, using a crafted HTML page to exfiltrate sensitive cross-origin content. The CVSS vector (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) reflects high confidentiality impact but masks the realistic complexity: renderer compromise is an explicit prerequisite, making this a chained exploit rather than a standalone attack. No active exploitation has been confirmed (CISA KEV absent, SSVC exploitation=none, EPSS 0.05% at 15th percentile), and a vendor-released patch is available.
Navigation restriction bypass in Google Chrome's Extensions subsystem (all versions prior to 149.0.7827.53) enables circumvention of browser-enforced navigation controls when a user installs a crafted malicious extension. Rooted in CWE-284 (Improper Access Control), the flaw allows the extension to override navigation guards - potentially enabling unauthorized redirects or bypass of URL-based security policies - with a high integrity impact per CVSS (I:H). No public exploit has been identified at time of analysis, EPSS is 0.01% (1st percentile), and the vulnerability is not listed in CISA's KEV catalog, indicating low current exploitation momentum despite a medium CVSS score of 6.5.
Content Security Policy bypass in Google Chrome for Android prior to 149.0.7827.53 allows a remote attacker to circumvent CSP restrictions by delivering a crafted HTML page to a victim user. The flaw resides in Chrome's Navigation subsystem, where policy enforcement is insufficient, enabling injection or execution of content that CSP headers would otherwise block. No public exploit has been identified at time of analysis, and EPSS sits at the 4th percentile, but the zero-privilege-required, network-accessible attack surface warrants prompt patching on Android deployments.
Stack-based buffer overflow in the Skia graphics library shipped with Google Chrome versions prior to 149.0.7827.53 lets a remote attacker corrupt the renderer process stack by serving a crafted HTML page, with potential for arbitrary code execution within the sandbox. The flaw carries a CVSS 3.1 base score of 8.8 (network vector, user interaction required) and no public exploit identified at time of analysis, while a very low EPSS score of 0.03% (10th percentile) suggests no current mass-exploitation pressure despite the high impact rating.
Same-origin policy bypass in Google Chrome's WebAppInstalls component allows a remote attacker who has already compromised the renderer process to circumvent cross-origin protections via a crafted HTML page, yielding high integrity impact with no confidentiality or availability loss. All Chrome versions prior to 149.0.7827.53 are affected. No public exploit code has been identified and EPSS places this at the 6th percentile (0.02%), indicating very low observed exploitation probability; this is not listed in CISA KEV.
Same-origin policy bypass in Google Chrome DevTools (versions prior to 149.0.7827.53) enables a remote attacker who has already compromised the renderer process to cross origin boundaries via a crafted HTML page. The flaw stems from insufficient input validation (CWE-20) within the DevTools component, yielding a High integrity impact while leaving confidentiality and availability unaffected. No public exploit code exists at time of analysis, and EPSS sits at 0.02% (6th percentile), indicating low observed exploitation pressure; this vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog.
Sandbox escape in Google Chrome on Windows prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page that exploits insufficient input validation in the GPU component. The CVSS 9.6 score reflects the scope change from renderer to host, but real-world exploitation requires chaining with a separate renderer compromise and user interaction. EPSS is low at 0.05% and no public exploit is identified at time of analysis.
Cross-origin data disclosure in Google Chrome's Extensions component (versions prior to 149.0.7827.53) enables a remote attacker to read sensitive data belonging to other origins by delivering a crafted XML file to a victim. The CVSS vector confirms network-reachable, unauthenticated access (AV:N/PR:N) with High confidentiality impact, though user interaction is required (UI:R). No public exploit has been identified at time of analysis and EPSS probability sits at a low 0.03% (11th percentile), indicating limited exploitation likelihood despite the meaningful confidentiality impact.
Domain spoofing in the Google Chrome Payments component on Android (versions prior to 149.0.7827.53) enables integrity manipulation of payment flows when an attacker has already compromised the renderer process. By serving a crafted HTML page, the attacker can make the Chrome Payments UI display a spoofed domain, potentially deceiving users into authorizing payments to attacker-controlled origins. EPSS stands at 0.03% (11th percentile), no public exploit code has been identified, and this CVE does not appear in the CISA KEV catalog.
Navigation restriction bypass in Google Chrome prior to version 149.0.7827.53 enables a remote, unauthenticated attacker to circumvent browser navigation policies by delivering a crafted HTML page to a victim. The flaw resides in the 'Actor' component of the Chromium engine, where policy enforcement is insufficient, leading to a high-integrity-impact breach (CVSS I:H) without any compromise of confidentiality or availability. No public exploit code and no active exploitation have been identified at time of analysis; EPSS stands at 0.02% (4th percentile), reinforcing a currently low real-world exploitation probability.
Navigation restriction bypass in Google Chrome's Link Preview feature allows a remote attacker who has already compromised the renderer process to circumvent intended browsing boundaries via a crafted HTML page. All Chrome versions prior to 149.0.7827.53 on desktop are affected. The real-world threat is as a second-stage exploitation primitive within a browser attack chain - an attacker leverages this CWE-284 flaw to escape navigation controls after gaining an initial foothold in the renderer, achieving high integrity impact with no confidentiality or availability loss. No public exploit code has been identified and EPSS stands at 0.02% (4th percentile), indicating low observed exploitation probability at time of analysis.
Same origin policy bypass in Google Chrome's Network component (prior to 149.0.7827.53) enables an attacker who has already compromised the renderer process to exfiltrate or manipulate cross-origin data via a crafted HTML page. The integrity impact is rated High (I:H) with no confidentiality or availability impact, meaning the primary risk is unauthorized cross-origin writes or request forgery rather than data theft. No public exploit code has been identified at time of analysis, and EPSS sits at 0.02% (6th percentile), indicating low observed exploitation probability despite the medium CVSS score.
Out-of-bounds memory read in the WebGPU component of Google Chrome before 149.0.7827.53 allows a remote attacker to read memory outside intended buffer boundaries when a victim visits a crafted HTML page. The flaw carries a CVSS 8.1 score due to network reachability and high confidentiality/availability impact, but EPSS sits at 0.03% and SSVC reports no observed exploitation, so the practical risk is currently low despite the high CVSS. No public exploit identified at time of analysis.
Site isolation bypass in Google Chrome prior to version 149.0.7827.53 enables an attacker to circumvent Chrome's site isolation security boundary through a crafted malicious extension, resulting in high integrity impact (I:H per CVSS). The attack is gated by user interaction - specifically, the victim must be convinced to install the malicious extension - after which the extension exploits insufficient policy enforcement in Chrome's Extensions subsystem to cross site isolation boundaries without authorization. No public exploit has been identified at time of analysis, and the EPSS score of 0.01% (1st percentile) indicates negligible current exploitation interest.
Memory disclosure in Google Chrome's Network component (versions prior to 149.0.7827.53) allows an attacker who has already compromised the renderer process to read potentially sensitive data from process memory by delivering a crafted HTML page to the victim. This is a chained, two-stage attack: exploitation requires a prior renderer process compromise as an explicit prerequisite, which substantially elevates the real-world difficulty beyond what the CVSS 6.5 score alone implies. No active exploitation has been identified (SSVC Exploitation: none; EPSS: 0.05% at the 15th percentile), and no public exploit code exists at time of analysis.
Sandbox escape in Google Chrome on Android before 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a use-after-free in the Serial component. Exploitation requires user interaction with a crafted HTML page and a prior renderer compromise, making this a second-stage vulnerability typically chained with another bug. No public exploit identified at time of analysis and EPSS is very low (0.03%), but Google has shipped a patched stable channel build.
Site isolation bypass in Google Chrome's Password Manager prior to version 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to escape cross-origin protections via a crafted HTML page. The flaw stems from insufficient policy enforcement (CWE-602) and chains with a prior renderer compromise, making it a post-exploitation primitive rather than a standalone entry point. EPSS is very low (0.02%, 4th percentile) and no public exploit identified at time of analysis, though Google rates the underlying Chromium severity as Medium.
Sandbox escape in Google Chrome on Android prior to 149.0.7827.53 allows remote attackers who have already compromised the renderer process to break out of the sandbox via a crafted HTML page that triggers a use-after-free in the WebShare component. The flaw requires a pre-existing renderer compromise plus user interaction, and no public exploit identified at time of analysis, though Chromium-rated Medium severity and the patch availability suggest defenders should treat it as part of the standard Chrome update cycle.
Sandbox escape in Google Chrome on Windows versions prior to 149.0.7827.53 can be triggered by a remote attacker via a crafted HTML page that exploits a use-after-free condition in the USB component. The flaw carries a CVSS score of 9.6 due to its scope-changing impact, though Google rated the underlying Chromium security severity as Medium, and no public exploit has been identified at time of analysis with an EPSS score of just 0.03%.
Cross-origin data leakage in Google Chrome's WebAppInstalls component (versions prior to 149.0.7827.53) enables a remote attacker who has already compromised the renderer process to exfiltrate sensitive cross-origin data via a crafted HTML page. The CVSS 6.5 score captures the high confidentiality impact and network accessibility, but understates effective exploitation complexity because a prior renderer compromise is an explicit prerequisite. EPSS is very low at 0.04% (13th percentile), no public exploit code has been identified, and no CISA KEV listing exists at time of analysis, positioning this as a chained exploitation primitive rather than a standalone critical threat.
Cross-origin data leakage in Google Chrome's WebView component on Android exposes sensitive information to attackers who have already achieved renderer process compromise. Affected versions are all Chrome for Android releases prior to 149.0.7827.53. A remote attacker, operating from a compromised renderer context, can exfiltrate cross-origin data by delivering a specially crafted HTML page to the victim, bypassing same-origin policy protections. No public exploit code exists and EPSS stands at 0.04% (13th percentile), indicating low observed exploitation pressure at time of analysis; however, the high confidentiality impact (C:H) makes this a meaningful second-stage primitive in multi-vulnerability attack chains.
Out-of-bounds read in Chrome's Dawn WebGPU subsystem (versions prior to 149.0.7827.53) allows unauthenticated remote attackers to read arbitrary memory contents by tricking a user into visiting a crafted HTML page. The vulnerability carries a CVSS 6.5 (Medium) with high confidentiality impact and no integrity or availability impact, indicating targeted data-disclosure potential rather than code execution. EPSS is 0.03% (11th percentile) and the vulnerability is not listed in the CISA KEV catalog - no public exploit has been identified at time of analysis.
Out-of-bounds read in Chrome's ANGLE graphics layer on Windows exposes sensitive process memory to an attacker who has already achieved renderer compromise. Affected are all Chrome for Windows installations prior to 149.0.7827.53; macOS, Linux, Android, and iOS are not in scope per available data. No public exploit code exists and no active exploitation is confirmed - EPSS at 0.03% (11th percentile) and SSVC exploitation status of 'none' jointly indicate this is a low-priority real-world threat, functioning primarily as a post-exploitation information-disclosure step in a multi-stage browser attack chain rather than a standalone critical vulnerability.
Out-of-bounds read in ANGLE (Almost Native Graphics Layer Engine) within Google Chrome prior to 149.0.7827.53 enables an attacker who has already compromised the renderer process to leak potentially sensitive data from process memory via a crafted HTML page. The CVSS vector (AC:H, UI:R) reflects a two-stage exploitation requirement: the attacker must first achieve renderer compromise through a separate vulnerability, then chain this ANGLE flaw as a second-stage information disclosure primitive. No public exploit code has been identified and EPSS sits at 0.03% (11th percentile), indicating low real-world exploitation probability at time of analysis.
Remote code execution in Google Chrome versions prior to 149.0.7827.53 is possible through a use-after-free flaw in the WebRTC component, allowing a remote attacker to execute arbitrary code within the renderer sandbox when a victim visits a crafted HTML page. The issue carries a CVSS 3.1 score of 8.8 (High) and a vendor patch is available, though there is no public exploit identified at time of analysis and the flaw is rated Medium severity by Chromium's own security team.
Sandbox escape in Google Chrome's Autofill component prior to version 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. The flaw is a use-after-free (CWE-416) requiring user interaction (UI:R) and a chained renderer compromise, and no public exploit has been identified at time of analysis despite the very high 9.6 CVSS score driven by scope change.
UI spoofing in Google Chrome's Payments subsystem (versions prior to 149.0.7827.53) allows a remote unauthenticated attacker to manipulate what the victim sees during a payment flow, achieving high-integrity impact by deceiving users into authorizing fraudulent transactions or submitting payment credentials to attacker-controlled surfaces. The attack requires the victim to visit a crafted HTML page and perform specific UI gestures, as confirmed by the CVSS UI:R designation. No public exploit code has been identified at time of analysis, and the EPSS score of 0.03% at the 11th percentile indicates minimal current exploitation activity despite the network-reachable attack vector.
Remote code execution in Google Chrome on Linux prior to 149.0.7827.53 allows attackers to execute arbitrary code within the renderer sandbox by luring a user to a malicious web page that triggers a use-after-free condition in the Fonts component. The flaw carries a CVSS 3.1 base score of 8.8 (High) and no public exploit identified at time of analysis, though Chromium memory-corruption issues historically attract rapid POC development. Exploitation requires user interaction (visiting attacker-controlled content) but no authentication.
Integer overflow in Chrome's ANGLE graphics layer on Windows enables process memory disclosure for attackers who have already compromised the renderer process. Affected versions are all Google Chrome releases prior to 149.0.7827.53 on Windows. An attacker who has first achieved renderer compromise can trigger the ANGLE integer overflow via a crafted HTML page to read potentially sensitive data from process memory - functioning as a second-stage information leak within a chained exploit. No public exploit identified at time of analysis, and EPSS at 0.03% (11th percentile) reflects low observed exploitation probability.
Out-of-bounds memory read in Chrome's Media component allows a local-network-adjacent attacker to leak partial memory contents via specially crafted network traffic. Affects all Chrome releases prior to 149.0.7827.53 on desktop platforms, as confirmed by Google's stable channel advisory. No public exploit code exists and no active exploitation has been identified; SSVC assessment rates technical impact as partial with exploitation status none, placing this in a lower-priority remediation tier despite the unauthenticated vector.
Insufficient policy enforcement in Google Chrome's Extensions subsystem prior to version 149.0.7827.53 allows a crafted extension to bypass discretionary access controls (DAC), producing high-integrity impact with no confidentiality or availability consequence. Exploitation requires an attacker to socially engineer a user into installing a malicious extension, after which the extension subverts Chrome's permission boundary enforcement. No public exploit code has been identified and this CVE is not listed in the CISA KEV catalog; EPSS is extremely low at 0.01% (1st percentile), consistent with no observed mass exploitation.
Same Origin Policy bypass in Google Chrome's Workers implementation (versions prior to 149.0.7827.53) allows an unauthenticated remote attacker to violate cross-origin integrity boundaries by luring a victim to a crafted HTML page. The CVSS vector confirms no privileges are required but user interaction is necessary, yielding a High integrity impact with no confidentiality or availability consequence. No public exploit has been identified and EPSS stands at 0.02% (4th percentile), indicating no confirmed active exploitation at time of analysis.
Heap corruption in Google Chrome's TabStrip component before 149.0.7827.53 lets a remote attacker who can lure a user into specific UI interactions on a malicious HTML page trigger memory corruption with high impact to confidentiality, integrity, and availability. The flaw carries a CVSS 8.8 due to network reachability and lack of authentication, though user interaction is required; there is no public exploit identified at time of analysis and EPSS is very low at 0.03%.
Uninitialized memory read in Chrome's ANGLE graphics layer exposes process memory contents to remote attackers who can trick users into visiting a crafted HTML page. Affected are all Chrome releases prior to 149.0.7827.53 on desktop platforms, as confirmed by the Google Chrome Releases advisory. No public exploit identified at time of analysis, and the EPSS score of 0.03% (11th percentile) indicates low current exploitation probability; however, the CVSS confidentiality impact is rated High, meaning successful exploitation could yield sensitive in-process data such as credentials, tokens, or cryptographic material resident in memory.
Heap-based buffer overflow in the Skia graphics rendering library within Google Chrome versions prior to 149.0.7827.53 enables remote attackers to read sensitive data from renderer process memory. Exploitation requires no authentication (PR:N) but does require user interaction - a victim must visit a specially crafted HTML page - and yields high confidentiality impact (C:H) with no integrity or availability impact per the CVSS vector. No public exploit has been identified at time of analysis, and the EPSS score of 0.03% (10th percentile) indicates very low current exploitation probability; CISA KEV active exploitation status is not confirmed.
Memory disclosure in Google Chrome's Animation component (all versions prior to 149.0.7827.53) enables an unauthenticated remote attacker to read potentially sensitive data from the browser's process memory by directing a victim to a crafted HTML page. The flaw arises from insufficient data validation during animation processing - a class of bug that typically permits out-of-bounds or uninitialized memory reads rather than code execution. No public exploit code has been identified at time of analysis, and the EPSS score of 0.03% (11th percentile) confirms low current exploitation probability despite the CVSS confidentiality impact being rated High.
Remote code execution in Google Chrome's V8 JavaScript engine prior to version 149.0.7827.53 allows remote attackers to execute arbitrary code inside the renderer sandbox by serving a crafted HTML page and convincing a user to perform specific UI gestures. The flaw is a use-after-free (CWE-416) memory corruption issue with a high CVSS score of 8.8, rated Medium severity by Chromium; no public exploit identified at time of analysis.
Sandbox escape in Google Chrome's Glic component prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. The flaw is a use-after-free memory corruption issue (CWE-416) requiring user interaction and a chained renderer compromise; no public exploit identified at time of analysis and EPSS exploitation probability is very low at 0.03%.
Heap corruption in Google Chrome's V8 JavaScript engine prior to version 149.0.7827.53 allows remote attackers to potentially achieve code execution when a user visits a crafted HTML page and performs specific UI interactions. The flaw is rated High severity by Chromium and CVSS 8.8, though no public exploit identified at time of analysis and EPSS scoring places near-term mass exploitation probability at 0.03%. A vendor patch is already available through the Stable Channel update.
Sandbox escape in Google Chrome prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a use-after-free in the Views component, triggered by a crafted HTML page. Google rates the Chromium security severity as High and a vendor patch is available, though no public exploit has been identified at time of analysis and EPSS exploitation probability is currently very low (0.03%).
Remote code execution in Google Chrome versions prior to 149.0.7827.53 allows a remote attacker to execute arbitrary code within the renderer sandbox by serving a crafted HTML page that triggers an integer overflow in the V8 JavaScript engine. The flaw is rated High severity by Chromium and carries a CVSS 8.8 score requiring user interaction (visiting a malicious page). At time of analysis, no public exploit identified at time of analysis and the issue is not listed in CISA KEV, though Chrome V8 bugs are historically attractive targets for exploit developers.
Remote code execution in Google Chrome versions prior to 149.0.7827.53 allows a remote attacker to execute arbitrary code within the renderer sandbox by delivering a malicious media file. The flaw is rated High severity by Chromium and carries a CVSS 3.1 score of 8.8, requiring only that a user visit attacker-controlled content or open a crafted media resource. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.
Cross-origin data leakage in Google Chrome's Skia graphics library prior to version 149.0.7827.53 enables unauthenticated remote attackers to read out-of-bounds memory and exfiltrate data from foreign origins via a crafted HTML page. The CVSS vector (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) confirms high confidentiality impact with no privileges required, though a victim must visit an attacker-controlled page to trigger the read. No public exploit code has been identified at time of analysis, and the EPSS score of 0.03% (11th percentile) suggests limited exploitation activity; however, same-origin policy bypass in a mainstream browser is a meaningful web security concern warranting prompt patching.
UI spoofing in Google Chrome's Accessibility component on Android prior to 149.0.7827.53 enables remote attackers to misrepresent interface elements via a crafted HTML page. Per the CVSS vector (PR:N/UI:R), unauthenticated remote attackers can achieve this through user-visited pages, with limited integrity and availability impact (I:L/A:L) and no confidentiality breach. EPSS at 0.03% (11th percentile) indicates very low exploitation probability, no public exploit exists, and this vulnerability is not listed in the CISA KEV catalog.
Sandbox escape in Google Chrome's Dawn component (versions prior to 149.0.7827.53) allows remote attackers to break out of the renderer sandbox via a crafted HTML page when a user visits a malicious site. Google Chromium rates the severity as High and a fix has shipped in the stable channel; no public exploit identified at time of analysis and EPSS exploitation probability is currently very low (0.05%).
Remote code execution in Google Chrome versions prior to 149.0.7827.53 allows a remote attacker to execute arbitrary code within the renderer sandbox by enticing a user to visit a crafted HTML page that triggers a use-after-free in the WebXR component. Google rates the issue High severity and CVSS scores it 8.8, with user interaction required but no authentication or privileges needed; no public exploit identified at time of analysis.
Cross-origin data leakage in Google Chrome's Codecs subsystem affects all versions prior to 149.0.7827.53, enabling an attacker who has already compromised the renderer process to exfiltrate sensitive data from other origins via a crafted video file. The vulnerability bypasses Same-Origin Policy protections and exposes high-confidentiality content (CVSS C:H), though impact is scoped to information disclosure with no integrity or availability consequence. This CVE is not currently listed in CISA KEV, no public exploit has been identified at time of analysis, and EPSS at 0.05% (15th percentile) indicates low widespread exploitation probability.
Same-origin policy bypass in Google Chrome's DevTools component (all versions prior to 149.0.7827.53) allows a remote attacker who has already compromised the renderer process to bypass SOP protections via a crafted HTML page, resulting in a high-integrity impact with no confidentiality or availability loss. The attack requires user interaction (victim must visit a malicious page) and a prior renderer process compromise as a chained prerequisite, materially constraining real-world exploitability beyond the raw CVSS score implies. No public exploit code has been identified and this vulnerability is not listed in the CISA KEV catalog; EPSS probability stands at 0.02% (6th percentile), consistent with a low-probability exploitation scenario.
Out-of-bounds read in ANGLE (Chrome's graphics abstraction layer) affects all Google Chrome versions prior to 149.0.7827.53, enabling remote information disclosure from process memory. An unauthenticated remote attacker can trigger the memory leak by inducing a victim to visit a crafted HTML page - no privileges are required on the attacker's side, though user interaction is necessary. No public exploit identified at time of analysis and EPSS sits at 0.03% (11th percentile), indicating low current exploitation probability despite Google's 'High' Chromium severity rating.
Remote code execution in Google Chrome on Windows prior to version 149.0.7827.53 stems from a use-after-free flaw in the Chromoting (Chrome Remote Desktop) component. A remote attacker can deliver malicious network traffic that, combined with minimal user interaction, allows arbitrary code execution within the browser's renderer context. No public exploit identified at time of analysis, but Google rates the underlying Chromium severity as High.
Uninitialized memory use in Skia, Chrome's 2D graphics rendering engine, enables cross-origin data leakage in Google Chrome versions prior to 149.0.7827.53. Exploitation requires an attacker to have already compromised the renderer process and to deliver a crafted HTML page, making this a second-stage component in a multi-step attack chain rather than a standalone critical exploit. EPSS stands at 0.03% (11th percentile) and no active exploitation has been recorded in CISA KEV, aligning with its role as a chained, post-renderer-compromise primitive.
Information disclosure in Google Chrome versions prior to 149.0.7827.53 allows remote attackers to leak sensitive process memory through a crafted HTML page that triggers an uninitialized memory read in the Dawn WebGPU implementation. Google rates the underlying Chromium issue as High severity, and a patched stable channel build is available, though no public exploit has been identified at time of analysis and EPSS exploitation probability remains very low at 0.03%.
Remote code execution in Google Chrome versions prior to 149.0.7827.53 stems from a use-after-free flaw in the WebRTC component, enabling a remote attacker to execute arbitrary code inside the renderer sandbox by luring a victim to a crafted HTML page. The issue is rated High severity by Chromium and carries a CVSS 3.1 score of 8.8 (AV:N/AC:L/PR:N/UI:R), reflecting low complexity and no privilege requirement but requiring user interaction. No public exploit identified at time of analysis, and the CVE is not listed in CISA KEV.
Sandbox escape in Google Chrome's ANGLE graphics layer prior to version 149.0.7827.53 allows a remote attacker to break out of the renderer sandbox via a crafted HTML page when a victim visits a malicious site. The flaw is rated CVSS 9.6 due to scope change (S:C) and full CIA impact, though EPSS estimates only a 0.05% near-term exploitation probability and no public exploit has been identified at time of analysis.
Cross-origin data leakage in Google Chrome's Dawn WebGPU implementation prior to version 149.0.7827.53 allows a remote attacker to read sensitive data from other origins by luring a user to a crafted HTML page. Chromium rates this High severity and a vendor patch is available, though no public exploit has been identified at time of analysis and EPSS places exploitation probability at 1.64% (82nd percentile).
Sandbox escape in Google Chrome on Linux prior to 149.0.7827.53 allows a remote attacker to break out of the renderer process by luring a user to a crafted HTML page that triggers a use-after-free in the Ozone display/windowing layer. Google rates the underlying Chromium issue as High severity and a vendor patch is available; no public exploit identified at time of analysis and the EPSS score is very low (0.03%).
Sandbox escape in Google Chrome on Windows prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page abusing the Printing component. Chromium rates the issue High severity and a vendor patch is available, though no public exploit has been identified at time of analysis and EPSS remains very low at 0.05%.
Sandbox escape in Google Chrome versions prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page abusing the InterestGroups component. Google rates the Chromium severity as High, and CVSS scores it 8.3 with a changed scope reflecting the cross-boundary impact. No public exploit identified at time of analysis, though a vendor patch is available.
Privilege escalation in Google Chrome's Extensions component prior to version 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to escape sandbox restrictions via a crafted HTML page. Chromium rates the issue High severity; no public exploit has been identified at time of analysis and SSVC reports exploitation status as none, though the technical impact is total if chained successfully.
Cross-origin data disclosure in Google Chrome on Windows prior to 149.0.7827.53 allows remote attackers who have already compromised the renderer process to leak data from other origins via a crafted HTML page in the Dawn (WebGPU) component. Google rates the underlying issue High severity, but no public exploit identified at time of analysis and EPSS exploitation probability is very low at 0.05%.
Sandbox escape in Google Chrome on Android prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the Chrome sandbox via a crafted HTML page that triggers a use-after-free in the SurfaceCapture component. The flaw is rated High severity by Chromium and carries a CVSS 3.1 score of 8.3 with scope change, reflecting that successful exploitation crosses the renderer/browser security boundary. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Sandbox escape in Google Chrome versions prior to 149.0.7827.53 allows remote attackers to break out of the renderer process sandbox by delivering a crafted video file processed by the browser's codec implementation. The CVSS 9.6 score reflects a scope-changing impact across confidentiality, integrity, and availability, though exploitation requires user interaction such as visiting a malicious page. No public exploit identified at time of analysis, and EPSS exploitation probability remains low at 0.05%.
Remote code execution in Google Chrome versions prior to 149.0.7827.53 allows a remote attacker to execute arbitrary code inside the renderer sandbox by enticing a victim to visit a crafted HTML page that triggers an integer overflow in DevTools. Google has rated this Chromium issue as High severity and a vendor patch is available; no public exploit identified at time of analysis, and the bug is not currently listed in CISA KEV.
Remote code execution in Google Chrome versions prior to 149.0.7827.53 stems from an integer overflow in the V8 JavaScript engine, enabling a remote attacker to execute arbitrary code within the renderer sandbox via a crafted HTML page. The flaw is rated High severity by Chromium with a CVSS score of 8.8, requires user interaction (visiting a malicious page), and no public exploit has been identified at time of analysis. While exploitation is sandboxed, V8 RCE bugs historically chain with sandbox escapes to achieve full host compromise, making this a priority patch for browser fleets.
Remote code execution in Google Chrome's V8 JavaScript engine prior to version 149.0.7827.53 allows a remote attacker to execute arbitrary code within the renderer sandbox by luring a victim to a crafted HTML page. Google has rated the issue High severity and shipped a stable-channel patch; no public exploit has been identified at time of analysis, and the bug tracker entry remains access-restricted per Chromium's standard disclosure practice.
Remote code execution in Google Chrome before 149.0.7827.53 allows a remote attacker to execute arbitrary code inside the renderer sandbox by luring a user to a crafted HTML page that triggers a type confusion in the Media component. The flaw carries a CVSS 8.8 (High) rating and requires user interaction (visiting a page), and while no public exploit has been identified at time of analysis, Chromium-rated High Media bugs have historically been chained with sandbox escapes for full compromise.
Sandbox escape in Google Chrome for iOS before 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page exploiting a use-after-free condition. The flaw is rated High severity by Chromium and has a CVSS score of 8.3, but no public exploit has been identified at time of analysis and it is not listed in CISA KEV. Successful exploitation typically requires chaining with a separate renderer-compromise primitive, raising the practical bar.
Sandbox escape in Google Chrome versions prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page exploiting an uninitialized memory use in the Codecs component. Google has rated this Chromium security severity as High, and no public exploit has been identified at time of analysis. The flaw requires chaining with a separate renderer compromise, but combined with a renderer RCE it enables full host code execution outside Chrome's sandbox.
Sandboxed remote code execution in Google Chrome on Android prior to 149.0.7827.53 allows a remote attacker to execute arbitrary code inside the renderer sandbox by luring a user to a crafted HTML page. The flaw is a use-after-free in the Input component, rated High by Chromium and 8.8 by CVSS. No public exploit identified at time of analysis, but Chrome UAF bugs in renderer-reachable components are historically high-value targets for chained sandbox escapes.
Remote code execution in Google Chrome for iOS before 149.0.7827.53 allows a remote attacker to execute arbitrary code by enticing a user to visit a crafted HTML page and perform specific UI gestures, triggering a use-after-free condition. Google rates the underlying Chromium issue as High severity, and no public exploit has been identified at time of analysis. The flaw requires user interaction, which somewhat reduces but does not eliminate real-world risk given Chrome's massive install base on iOS.
Remote code execution in Google Chrome versions prior to 149.0.7827.53 stems from a use-after-free flaw in the Glic component, allowing a remote attacker to run arbitrary code within the renderer sandbox by luring a victim to a crafted HTML page. Google has rated the Chromium security severity as High, and a vendor patch is available, though no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.
Sandboxed remote code execution in Google Chrome before 149.0.7827.53 stems from a use-after-free flaw in the MimeHandlerView component, exploitable when a victim visits a crafted HTML page. Chromium rates the issue High severity and CVSS 8.8 reflects network-reachable exploitation with user interaction; no public exploit identified at time of analysis, and the bug is not on the CISA KEV list.
Type confusion in the ANGLE graphics translation layer of Google Chrome on Windows prior to 149.0.7827.53 enables remote attackers to trigger out-of-bounds memory access through a crafted HTML page, with potential for memory corruption leading to code execution in the renderer process. Chromium rates this High severity and a vendor patch is available, though no public exploit is identified at time of analysis and EPSS exploitation probability is currently 0.03%.
Remote code execution in Google Chrome versions prior to 149.0.7827.53 stems from a use-after-free flaw in the Actor component that lets a remote attacker run arbitrary code within the renderer sandbox via a malicious HTML page. The flaw carries CVSS 8.8 and requires user interaction (visiting a crafted page), and at time of analysis there is no public exploit identified, though Chromium rates the security severity as High and a vendor patch has shipped.
Sandbox escape in Google Chrome on Android versions prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. The flaw stems from a use-after-free condition in the Core component and is rated High severity by Chromium with a CVSS of 8.3. No public exploit identified at time of analysis, though the bug enables a critical post-exploitation chain step when paired with a renderer RCE.
Heap corruption in Google Chrome's Views component prior to version 149.0.7827.53 allows a remote attacker to potentially execute code in the renderer when a user is convinced to perform specific UI gestures on a crafted HTML page. The flaw is a use-after-free (CWE-416) carrying a CVSS 8.8 rating, but EPSS is very low at 0.03% (11th percentile) and no public exploit is identified at time of analysis. Google has shipped a patched stable channel build, and Chromium rates the underlying issue as Medium severity.
Sandbox escape in Google Chrome on Windows prior to 149.0.7827.53 enables a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page that exploits insufficient input validation in the Media component. The flaw requires user interaction (visiting a malicious page) and a prior renderer compromise, making it a second-stage capability typically chained with another bug; no public exploit identified at time of analysis and EPSS exploitation probability is low at 0.05%.
Sandbox escape in Google Chrome's ANGLE graphics layer prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. The flaw is a use-after-free (CWE-416) requiring user interaction to visit the malicious page, and no public exploit has been identified at time of analysis despite an EPSS score of 0.03% indicating very low near-term exploitation probability.
Cross-origin data leakage in Google Chrome's Skia graphics library (prior to 149.0.7827.53) enables a remote attacker to read sensitive data from other origins by enticing a user to visit a crafted HTML page. The flaw stems from uninitialized memory use (CWE-457) in Skia, Chrome's 2D rendering engine, where residual memory contents can be exposed across security boundaries. No active exploitation has been confirmed (not in CISA KEV) and EPSS sits at 0.03% (11th percentile), indicating low real-world exploitation probability at time of analysis, though the confidentiality impact is rated High by CVSS.
Subresource Integrity (SRI) policy enforcement failure in Google Chrome prior to 149.0.7827.53 enables remote attackers to bypass Content Security Policy protections via malicious network traffic. Affected users who visit attacker-influenced pages may have tampered scripts or resources loaded without the expected cryptographic hash validation that SRI is designed to enforce, undermining integrity guarantees that web applications depend on as a security boundary. No active exploitation is confirmed (not in CISA KEV), EPSS is very low at 0.02% (6th percentile), and a vendor patch is available at 149.0.7827.53.
Out-of-bounds write in Google Chrome's media Codecs component prior to version 149.0.7827.53 allows a remote attacker to potentially escape the renderer sandbox via a crafted video file. Successful exploitation requires the victim to load attacker-controlled video content, but the resulting scope change (S:C) means the attacker can break out of Chrome's renderer sandbox and impact resources beyond it. No public exploit has been identified at time of analysis and EPSS is very low (0.03%), but the high CVSS reflects the severe impact of a successful sandbox escape.
Same-origin policy bypass in Google Chrome prior to 149.0.7827.53 enables remote unauthenticated attackers to violate cross-origin isolation boundaries through a crafted HTML page, producing high integrity impact with no confidentiality or availability loss. Rooted in an inappropriate DOM implementation (CWE-346: Origin Validation Error), the flaw allows a malicious page to cross origin boundaries and manipulate content or state belonging to a different origin. No public exploit code and no CISA KEV listing exist at time of analysis; the EPSS score of 0.02% (4th percentile) reinforces limited real-world exploitation pressure despite the medium CVSS 6.5 rating.
Local privilege escalation in Google Chrome for Android prior to 149.0.7827.53 stems from an inappropriate implementation in the Custom Tabs component, where a crafted XML file processed by a local attacker can elevate privileges within the browser context. The flaw is rated CVSS 7.3 (Chromium severity Medium) and requires user interaction, with no public exploit identified at time of analysis and a very low EPSS score (0.02%, 4th percentile). A vendor patch is available in the Stable channel update referenced by the Chrome Releases advisory.
Universal Cross-Site Scripting (UXSS) in Google Chrome for Android's Tab Group Sync feature allows remote unauthenticated attackers to inject arbitrary scripts or HTML via malicious network traffic against Chrome versions prior to 149.0.7827.53. The CVSS Changed Scope (S:C) confirms that injected content escapes the vulnerable component's origin boundary, affecting other origins - the defining characteristic of UXSS, which is more severe than conventional XSS because it bypasses the browser-level same-origin policy rather than just application-level controls. No public exploit has been identified at time of analysis, and EPSS at 0.07% (22nd percentile) reflects low current exploitation probability; the vulnerability is not listed in CISA KEV.
Uninitialized memory read in Chrome's WebML component on macOS exposes potentially sensitive process memory contents to remote attackers. Affected are all Chrome versions prior to 149.0.7827.53 on Mac; exploitation requires convincing a user to visit a specially crafted HTML page. No public exploit code or active exploitation (CISA KEV) has been identified, and the EPSS score of 0.03% (10th percentile) reflects low real-world exploitation likelihood at time of analysis.
Cross-origin data leakage in Google Chrome's Password Manager component (versions prior to 149.0.7827.53) enables unauthenticated remote attackers to access sensitive data across security origin boundaries when a victim visits a specially crafted HTML page. The flaw involves an inappropriate implementation of origin validation (CWE-346) within the Password Manager subsystem, potentially exposing saved credentials or autofill data to a malicious origin. No active exploitation has been confirmed - SSVC classifies exploitation as none and EPSS places this in the 11th percentile - though the High confidentiality impact in the CVSS vector reflects meaningful data exposure if triggered.
UI spoofing in Google Chrome's Password Manager component (versions prior to 149.0.7827.53) allows remote unauthenticated attackers to manipulate browser interface elements via crafted malicious network traffic. The flaw stems from insufficient input validation (CWE-20) in the Password Manager subsystem, enabling an attacker to deceive victims about the legitimacy of password prompts or credential states. No public exploit code or active exploitation has been identified; EPSS at 0.05% (15th percentile) reflects low community-assessed exploitation probability, and the mandatory user interaction requirement prevents automated mass exploitation.
Remote heap corruption in Google Chrome prior to 149.0.7827.53 allows attackers to exploit a use-after-free condition in the Network component via crafted network traffic when a user visits or interacts with attacker-controlled content. Rated CVSS 8.8 with a patch available from Google, though EPSS exploitation probability is currently very low (0.03%, 11th percentile) and no public exploit has been identified at time of analysis.
Sandbox escape in Google Chrome on Android before 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page exploiting the Drag and Drop component. The flaw carries a CVSS 9.6 due to scope change, but no public exploit identified at time of analysis and EPSS is very low (0.05%, 15th percentile), indicating limited near-term exploitation likelihood. Google rates the underlying Chromium severity as Medium despite the high CVSS.
Sandbox-contained arbitrary code execution in Google Chrome's Media component affects Linux and ChromeOS builds prior to 149.0.7827.53, where a use-after-free flaw can be triggered via a crafted HTML page. Exploitation requires that the attacker has already compromised the renderer process, meaning this bug functions as a second-stage primitive in a multi-vulnerability chain rather than a standalone RCE. No public exploit identified at time of analysis, and Chromium rates the internal severity as Medium despite the NVD CVSS of 8.8.
Cross-origin data leakage in the Glic component of Google Chrome (prior to 149.0.7827.53) can be triggered by a remote attacker who has already compromised the renderer process, using a crafted HTML page to exfiltrate sensitive cross-origin content. The CVSS vector (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) reflects high confidentiality impact but masks the realistic complexity: renderer compromise is an explicit prerequisite, making this a chained exploit rather than a standalone attack. No active exploitation has been confirmed (CISA KEV absent, SSVC exploitation=none, EPSS 0.05% at 15th percentile), and a vendor-released patch is available.
Navigation restriction bypass in Google Chrome's Extensions subsystem (all versions prior to 149.0.7827.53) enables circumvention of browser-enforced navigation controls when a user installs a crafted malicious extension. Rooted in CWE-284 (Improper Access Control), the flaw allows the extension to override navigation guards - potentially enabling unauthorized redirects or bypass of URL-based security policies - with a high integrity impact per CVSS (I:H). No public exploit has been identified at time of analysis, EPSS is 0.01% (1st percentile), and the vulnerability is not listed in CISA's KEV catalog, indicating low current exploitation momentum despite a medium CVSS score of 6.5.
Content Security Policy bypass in Google Chrome for Android prior to 149.0.7827.53 allows a remote attacker to circumvent CSP restrictions by delivering a crafted HTML page to a victim user. The flaw resides in Chrome's Navigation subsystem, where policy enforcement is insufficient, enabling injection or execution of content that CSP headers would otherwise block. No public exploit has been identified at time of analysis, and EPSS sits at the 4th percentile, but the zero-privilege-required, network-accessible attack surface warrants prompt patching on Android deployments.
Stack-based buffer overflow in the Skia graphics library shipped with Google Chrome versions prior to 149.0.7827.53 lets a remote attacker corrupt the renderer process stack by serving a crafted HTML page, with potential for arbitrary code execution within the sandbox. The flaw carries a CVSS 3.1 base score of 8.8 (network vector, user interaction required) and no public exploit identified at time of analysis, while a very low EPSS score of 0.03% (10th percentile) suggests no current mass-exploitation pressure despite the high impact rating.
Same-origin policy bypass in Google Chrome's WebAppInstalls component allows a remote attacker who has already compromised the renderer process to circumvent cross-origin protections via a crafted HTML page, yielding high integrity impact with no confidentiality or availability loss. All Chrome versions prior to 149.0.7827.53 are affected. No public exploit code has been identified and EPSS places this at the 6th percentile (0.02%), indicating very low observed exploitation probability; this is not listed in CISA KEV.
Same-origin policy bypass in Google Chrome DevTools (versions prior to 149.0.7827.53) enables a remote attacker who has already compromised the renderer process to cross origin boundaries via a crafted HTML page. The flaw stems from insufficient input validation (CWE-20) within the DevTools component, yielding a High integrity impact while leaving confidentiality and availability unaffected. No public exploit code exists at time of analysis, and EPSS sits at 0.02% (6th percentile), indicating low observed exploitation pressure; this vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog.
Sandbox escape in Google Chrome on Windows prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page that exploits insufficient input validation in the GPU component. The CVSS 9.6 score reflects the scope change from renderer to host, but real-world exploitation requires chaining with a separate renderer compromise and user interaction. EPSS is low at 0.05% and no public exploit is identified at time of analysis.
Cross-origin data disclosure in Google Chrome's Extensions component (versions prior to 149.0.7827.53) enables a remote attacker to read sensitive data belonging to other origins by delivering a crafted XML file to a victim. The CVSS vector confirms network-reachable, unauthenticated access (AV:N/PR:N) with High confidentiality impact, though user interaction is required (UI:R). No public exploit has been identified at time of analysis and EPSS probability sits at a low 0.03% (11th percentile), indicating limited exploitation likelihood despite the meaningful confidentiality impact.
Domain spoofing in the Google Chrome Payments component on Android (versions prior to 149.0.7827.53) enables integrity manipulation of payment flows when an attacker has already compromised the renderer process. By serving a crafted HTML page, the attacker can make the Chrome Payments UI display a spoofed domain, potentially deceiving users into authorizing payments to attacker-controlled origins. EPSS stands at 0.03% (11th percentile), no public exploit code has been identified, and this CVE does not appear in the CISA KEV catalog.
Navigation restriction bypass in Google Chrome prior to version 149.0.7827.53 enables a remote, unauthenticated attacker to circumvent browser navigation policies by delivering a crafted HTML page to a victim. The flaw resides in the 'Actor' component of the Chromium engine, where policy enforcement is insufficient, leading to a high-integrity-impact breach (CVSS I:H) without any compromise of confidentiality or availability. No public exploit code and no active exploitation have been identified at time of analysis; EPSS stands at 0.02% (4th percentile), reinforcing a currently low real-world exploitation probability.
Navigation restriction bypass in Google Chrome's Link Preview feature allows a remote attacker who has already compromised the renderer process to circumvent intended browsing boundaries via a crafted HTML page. All Chrome versions prior to 149.0.7827.53 on desktop are affected. The real-world threat is as a second-stage exploitation primitive within a browser attack chain - an attacker leverages this CWE-284 flaw to escape navigation controls after gaining an initial foothold in the renderer, achieving high integrity impact with no confidentiality or availability loss. No public exploit code has been identified and EPSS stands at 0.02% (4th percentile), indicating low observed exploitation probability at time of analysis.
Same origin policy bypass in Google Chrome's Network component (prior to 149.0.7827.53) enables an attacker who has already compromised the renderer process to exfiltrate or manipulate cross-origin data via a crafted HTML page. The integrity impact is rated High (I:H) with no confidentiality or availability impact, meaning the primary risk is unauthorized cross-origin writes or request forgery rather than data theft. No public exploit code has been identified at time of analysis, and EPSS sits at 0.02% (6th percentile), indicating low observed exploitation probability despite the medium CVSS score.
Out-of-bounds memory read in the WebGPU component of Google Chrome before 149.0.7827.53 allows a remote attacker to read memory outside intended buffer boundaries when a victim visits a crafted HTML page. The flaw carries a CVSS 8.1 score due to network reachability and high confidentiality/availability impact, but EPSS sits at 0.03% and SSVC reports no observed exploitation, so the practical risk is currently low despite the high CVSS. No public exploit identified at time of analysis.
Site isolation bypass in Google Chrome prior to version 149.0.7827.53 enables an attacker to circumvent Chrome's site isolation security boundary through a crafted malicious extension, resulting in high integrity impact (I:H per CVSS). The attack is gated by user interaction - specifically, the victim must be convinced to install the malicious extension - after which the extension exploits insufficient policy enforcement in Chrome's Extensions subsystem to cross site isolation boundaries without authorization. No public exploit has been identified at time of analysis, and the EPSS score of 0.01% (1st percentile) indicates negligible current exploitation interest.
Memory disclosure in Google Chrome's Network component (versions prior to 149.0.7827.53) allows an attacker who has already compromised the renderer process to read potentially sensitive data from process memory by delivering a crafted HTML page to the victim. This is a chained, two-stage attack: exploitation requires a prior renderer process compromise as an explicit prerequisite, which substantially elevates the real-world difficulty beyond what the CVSS 6.5 score alone implies. No active exploitation has been identified (SSVC Exploitation: none; EPSS: 0.05% at the 15th percentile), and no public exploit code exists at time of analysis.
Sandbox escape in Google Chrome on Android before 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a use-after-free in the Serial component. Exploitation requires user interaction with a crafted HTML page and a prior renderer compromise, making this a second-stage vulnerability typically chained with another bug. No public exploit identified at time of analysis and EPSS is very low (0.03%), but Google has shipped a patched stable channel build.
Site isolation bypass in Google Chrome's Password Manager prior to version 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to escape cross-origin protections via a crafted HTML page. The flaw stems from insufficient policy enforcement (CWE-602) and chains with a prior renderer compromise, making it a post-exploitation primitive rather than a standalone entry point. EPSS is very low (0.02%, 4th percentile) and no public exploit identified at time of analysis, though Google rates the underlying Chromium severity as Medium.
Sandbox escape in Google Chrome on Android prior to 149.0.7827.53 allows remote attackers who have already compromised the renderer process to break out of the sandbox via a crafted HTML page that triggers a use-after-free in the WebShare component. The flaw requires a pre-existing renderer compromise plus user interaction, and no public exploit identified at time of analysis, though Chromium-rated Medium severity and the patch availability suggest defenders should treat it as part of the standard Chrome update cycle.
Sandbox escape in Google Chrome on Windows versions prior to 149.0.7827.53 can be triggered by a remote attacker via a crafted HTML page that exploits a use-after-free condition in the USB component. The flaw carries a CVSS score of 9.6 due to its scope-changing impact, though Google rated the underlying Chromium security severity as Medium, and no public exploit has been identified at time of analysis with an EPSS score of just 0.03%.
Cross-origin data leakage in Google Chrome's WebAppInstalls component (versions prior to 149.0.7827.53) enables a remote attacker who has already compromised the renderer process to exfiltrate sensitive cross-origin data via a crafted HTML page. The CVSS 6.5 score captures the high confidentiality impact and network accessibility, but understates effective exploitation complexity because a prior renderer compromise is an explicit prerequisite. EPSS is very low at 0.04% (13th percentile), no public exploit code has been identified, and no CISA KEV listing exists at time of analysis, positioning this as a chained exploitation primitive rather than a standalone critical threat.
Cross-origin data leakage in Google Chrome's WebView component on Android exposes sensitive information to attackers who have already achieved renderer process compromise. Affected versions are all Chrome for Android releases prior to 149.0.7827.53. A remote attacker, operating from a compromised renderer context, can exfiltrate cross-origin data by delivering a specially crafted HTML page to the victim, bypassing same-origin policy protections. No public exploit code exists and EPSS stands at 0.04% (13th percentile), indicating low observed exploitation pressure at time of analysis; however, the high confidentiality impact (C:H) makes this a meaningful second-stage primitive in multi-vulnerability attack chains.
Out-of-bounds read in Chrome's Dawn WebGPU subsystem (versions prior to 149.0.7827.53) allows unauthenticated remote attackers to read arbitrary memory contents by tricking a user into visiting a crafted HTML page. The vulnerability carries a CVSS 6.5 (Medium) with high confidentiality impact and no integrity or availability impact, indicating targeted data-disclosure potential rather than code execution. EPSS is 0.03% (11th percentile) and the vulnerability is not listed in the CISA KEV catalog - no public exploit has been identified at time of analysis.
Out-of-bounds read in Chrome's ANGLE graphics layer on Windows exposes sensitive process memory to an attacker who has already achieved renderer compromise. Affected are all Chrome for Windows installations prior to 149.0.7827.53; macOS, Linux, Android, and iOS are not in scope per available data. No public exploit code exists and no active exploitation is confirmed - EPSS at 0.03% (11th percentile) and SSVC exploitation status of 'none' jointly indicate this is a low-priority real-world threat, functioning primarily as a post-exploitation information-disclosure step in a multi-stage browser attack chain rather than a standalone critical vulnerability.
Out-of-bounds read in ANGLE (Almost Native Graphics Layer Engine) within Google Chrome prior to 149.0.7827.53 enables an attacker who has already compromised the renderer process to leak potentially sensitive data from process memory via a crafted HTML page. The CVSS vector (AC:H, UI:R) reflects a two-stage exploitation requirement: the attacker must first achieve renderer compromise through a separate vulnerability, then chain this ANGLE flaw as a second-stage information disclosure primitive. No public exploit code has been identified and EPSS sits at 0.03% (11th percentile), indicating low real-world exploitation probability at time of analysis.
Remote code execution in Google Chrome versions prior to 149.0.7827.53 is possible through a use-after-free flaw in the WebRTC component, allowing a remote attacker to execute arbitrary code within the renderer sandbox when a victim visits a crafted HTML page. The issue carries a CVSS 3.1 score of 8.8 (High) and a vendor patch is available, though there is no public exploit identified at time of analysis and the flaw is rated Medium severity by Chromium's own security team.
Sandbox escape in Google Chrome's Autofill component prior to version 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. The flaw is a use-after-free (CWE-416) requiring user interaction (UI:R) and a chained renderer compromise, and no public exploit has been identified at time of analysis despite the very high 9.6 CVSS score driven by scope change.
UI spoofing in Google Chrome's Payments subsystem (versions prior to 149.0.7827.53) allows a remote unauthenticated attacker to manipulate what the victim sees during a payment flow, achieving high-integrity impact by deceiving users into authorizing fraudulent transactions or submitting payment credentials to attacker-controlled surfaces. The attack requires the victim to visit a crafted HTML page and perform specific UI gestures, as confirmed by the CVSS UI:R designation. No public exploit code has been identified at time of analysis, and the EPSS score of 0.03% at the 11th percentile indicates minimal current exploitation activity despite the network-reachable attack vector.
Remote code execution in Google Chrome on Linux prior to 149.0.7827.53 allows attackers to execute arbitrary code within the renderer sandbox by luring a user to a malicious web page that triggers a use-after-free condition in the Fonts component. The flaw carries a CVSS 3.1 base score of 8.8 (High) and no public exploit identified at time of analysis, though Chromium memory-corruption issues historically attract rapid POC development. Exploitation requires user interaction (visiting attacker-controlled content) but no authentication.
Integer overflow in Chrome's ANGLE graphics layer on Windows enables process memory disclosure for attackers who have already compromised the renderer process. Affected versions are all Google Chrome releases prior to 149.0.7827.53 on Windows. An attacker who has first achieved renderer compromise can trigger the ANGLE integer overflow via a crafted HTML page to read potentially sensitive data from process memory - functioning as a second-stage information leak within a chained exploit. No public exploit identified at time of analysis, and EPSS at 0.03% (11th percentile) reflects low observed exploitation probability.
Out-of-bounds memory read in Chrome's Media component allows a local-network-adjacent attacker to leak partial memory contents via specially crafted network traffic. Affects all Chrome releases prior to 149.0.7827.53 on desktop platforms, as confirmed by Google's stable channel advisory. No public exploit code exists and no active exploitation has been identified; SSVC assessment rates technical impact as partial with exploitation status none, placing this in a lower-priority remediation tier despite the unauthenticated vector.
Insufficient policy enforcement in Google Chrome's Extensions subsystem prior to version 149.0.7827.53 allows a crafted extension to bypass discretionary access controls (DAC), producing high-integrity impact with no confidentiality or availability consequence. Exploitation requires an attacker to socially engineer a user into installing a malicious extension, after which the extension subverts Chrome's permission boundary enforcement. No public exploit code has been identified and this CVE is not listed in the CISA KEV catalog; EPSS is extremely low at 0.01% (1st percentile), consistent with no observed mass exploitation.
Same Origin Policy bypass in Google Chrome's Workers implementation (versions prior to 149.0.7827.53) allows an unauthenticated remote attacker to violate cross-origin integrity boundaries by luring a victim to a crafted HTML page. The CVSS vector confirms no privileges are required but user interaction is necessary, yielding a High integrity impact with no confidentiality or availability consequence. No public exploit has been identified and EPSS stands at 0.02% (4th percentile), indicating no confirmed active exploitation at time of analysis.
Heap corruption in Google Chrome's TabStrip component before 149.0.7827.53 lets a remote attacker who can lure a user into specific UI interactions on a malicious HTML page trigger memory corruption with high impact to confidentiality, integrity, and availability. The flaw carries a CVSS 8.8 due to network reachability and lack of authentication, though user interaction is required; there is no public exploit identified at time of analysis and EPSS is very low at 0.03%.
Uninitialized memory read in Chrome's ANGLE graphics layer exposes process memory contents to remote attackers who can trick users into visiting a crafted HTML page. Affected are all Chrome releases prior to 149.0.7827.53 on desktop platforms, as confirmed by the Google Chrome Releases advisory. No public exploit identified at time of analysis, and the EPSS score of 0.03% (11th percentile) indicates low current exploitation probability; however, the CVSS confidentiality impact is rated High, meaning successful exploitation could yield sensitive in-process data such as credentials, tokens, or cryptographic material resident in memory.
Heap-based buffer overflow in the Skia graphics rendering library within Google Chrome versions prior to 149.0.7827.53 enables remote attackers to read sensitive data from renderer process memory. Exploitation requires no authentication (PR:N) but does require user interaction - a victim must visit a specially crafted HTML page - and yields high confidentiality impact (C:H) with no integrity or availability impact per the CVSS vector. No public exploit has been identified at time of analysis, and the EPSS score of 0.03% (10th percentile) indicates very low current exploitation probability; CISA KEV active exploitation status is not confirmed.
Memory disclosure in Google Chrome's Animation component (all versions prior to 149.0.7827.53) enables an unauthenticated remote attacker to read potentially sensitive data from the browser's process memory by directing a victim to a crafted HTML page. The flaw arises from insufficient data validation during animation processing - a class of bug that typically permits out-of-bounds or uninitialized memory reads rather than code execution. No public exploit code has been identified at time of analysis, and the EPSS score of 0.03% (11th percentile) confirms low current exploitation probability despite the CVSS confidentiality impact being rated High.
Remote code execution in Google Chrome's V8 JavaScript engine prior to version 149.0.7827.53 allows remote attackers to execute arbitrary code inside the renderer sandbox by serving a crafted HTML page and convincing a user to perform specific UI gestures. The flaw is a use-after-free (CWE-416) memory corruption issue with a high CVSS score of 8.8, rated Medium severity by Chromium; no public exploit identified at time of analysis.
Sandbox escape in Google Chrome's Glic component prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. The flaw is a use-after-free memory corruption issue (CWE-416) requiring user interaction and a chained renderer compromise; no public exploit identified at time of analysis and EPSS exploitation probability is very low at 0.03%.
Heap corruption in Google Chrome's V8 JavaScript engine prior to version 149.0.7827.53 allows remote attackers to potentially achieve code execution when a user visits a crafted HTML page and performs specific UI interactions. The flaw is rated High severity by Chromium and CVSS 8.8, though no public exploit identified at time of analysis and EPSS scoring places near-term mass exploitation probability at 0.03%. A vendor patch is already available through the Stable Channel update.
Sandbox escape in Google Chrome prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a use-after-free in the Views component, triggered by a crafted HTML page. Google rates the Chromium security severity as High and a vendor patch is available, though no public exploit has been identified at time of analysis and EPSS exploitation probability is currently very low (0.03%).
Remote code execution in Google Chrome versions prior to 149.0.7827.53 allows a remote attacker to execute arbitrary code within the renderer sandbox by serving a crafted HTML page that triggers an integer overflow in the V8 JavaScript engine. The flaw is rated High severity by Chromium and carries a CVSS 8.8 score requiring user interaction (visiting a malicious page). At time of analysis, no public exploit identified at time of analysis and the issue is not listed in CISA KEV, though Chrome V8 bugs are historically attractive targets for exploit developers.
Remote code execution in Google Chrome versions prior to 149.0.7827.53 allows a remote attacker to execute arbitrary code within the renderer sandbox by delivering a malicious media file. The flaw is rated High severity by Chromium and carries a CVSS 3.1 score of 8.8, requiring only that a user visit attacker-controlled content or open a crafted media resource. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.
Cross-origin data leakage in Google Chrome's Skia graphics library prior to version 149.0.7827.53 enables unauthenticated remote attackers to read out-of-bounds memory and exfiltrate data from foreign origins via a crafted HTML page. The CVSS vector (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) confirms high confidentiality impact with no privileges required, though a victim must visit an attacker-controlled page to trigger the read. No public exploit code has been identified at time of analysis, and the EPSS score of 0.03% (11th percentile) suggests limited exploitation activity; however, same-origin policy bypass in a mainstream browser is a meaningful web security concern warranting prompt patching.
UI spoofing in Google Chrome's Accessibility component on Android prior to 149.0.7827.53 enables remote attackers to misrepresent interface elements via a crafted HTML page. Per the CVSS vector (PR:N/UI:R), unauthenticated remote attackers can achieve this through user-visited pages, with limited integrity and availability impact (I:L/A:L) and no confidentiality breach. EPSS at 0.03% (11th percentile) indicates very low exploitation probability, no public exploit exists, and this vulnerability is not listed in the CISA KEV catalog.
Sandbox escape in Google Chrome's Dawn component (versions prior to 149.0.7827.53) allows remote attackers to break out of the renderer sandbox via a crafted HTML page when a user visits a malicious site. Google Chromium rates the severity as High and a fix has shipped in the stable channel; no public exploit identified at time of analysis and EPSS exploitation probability is currently very low (0.05%).
Remote code execution in Google Chrome versions prior to 149.0.7827.53 allows a remote attacker to execute arbitrary code within the renderer sandbox by enticing a user to visit a crafted HTML page that triggers a use-after-free in the WebXR component. Google rates the issue High severity and CVSS scores it 8.8, with user interaction required but no authentication or privileges needed; no public exploit identified at time of analysis.
Cross-origin data leakage in Google Chrome's Codecs subsystem affects all versions prior to 149.0.7827.53, enabling an attacker who has already compromised the renderer process to exfiltrate sensitive data from other origins via a crafted video file. The vulnerability bypasses Same-Origin Policy protections and exposes high-confidentiality content (CVSS C:H), though impact is scoped to information disclosure with no integrity or availability consequence. This CVE is not currently listed in CISA KEV, no public exploit has been identified at time of analysis, and EPSS at 0.05% (15th percentile) indicates low widespread exploitation probability.
Same-origin policy bypass in Google Chrome's DevTools component (all versions prior to 149.0.7827.53) allows a remote attacker who has already compromised the renderer process to bypass SOP protections via a crafted HTML page, resulting in a high-integrity impact with no confidentiality or availability loss. The attack requires user interaction (victim must visit a malicious page) and a prior renderer process compromise as a chained prerequisite, materially constraining real-world exploitability beyond the raw CVSS score implies. No public exploit code has been identified and this vulnerability is not listed in the CISA KEV catalog; EPSS probability stands at 0.02% (6th percentile), consistent with a low-probability exploitation scenario.
Out-of-bounds read in ANGLE (Chrome's graphics abstraction layer) affects all Google Chrome versions prior to 149.0.7827.53, enabling remote information disclosure from process memory. An unauthenticated remote attacker can trigger the memory leak by inducing a victim to visit a crafted HTML page - no privileges are required on the attacker's side, though user interaction is necessary. No public exploit identified at time of analysis and EPSS sits at 0.03% (11th percentile), indicating low current exploitation probability despite Google's 'High' Chromium severity rating.
Remote code execution in Google Chrome on Windows prior to version 149.0.7827.53 stems from a use-after-free flaw in the Chromoting (Chrome Remote Desktop) component. A remote attacker can deliver malicious network traffic that, combined with minimal user interaction, allows arbitrary code execution within the browser's renderer context. No public exploit identified at time of analysis, but Google rates the underlying Chromium severity as High.
Uninitialized memory use in Skia, Chrome's 2D graphics rendering engine, enables cross-origin data leakage in Google Chrome versions prior to 149.0.7827.53. Exploitation requires an attacker to have already compromised the renderer process and to deliver a crafted HTML page, making this a second-stage component in a multi-step attack chain rather than a standalone critical exploit. EPSS stands at 0.03% (11th percentile) and no active exploitation has been recorded in CISA KEV, aligning with its role as a chained, post-renderer-compromise primitive.
Information disclosure in Google Chrome versions prior to 149.0.7827.53 allows remote attackers to leak sensitive process memory through a crafted HTML page that triggers an uninitialized memory read in the Dawn WebGPU implementation. Google rates the underlying Chromium issue as High severity, and a patched stable channel build is available, though no public exploit has been identified at time of analysis and EPSS exploitation probability remains very low at 0.03%.
Remote code execution in Google Chrome versions prior to 149.0.7827.53 stems from a use-after-free flaw in the WebRTC component, enabling a remote attacker to execute arbitrary code inside the renderer sandbox by luring a victim to a crafted HTML page. The issue is rated High severity by Chromium and carries a CVSS 3.1 score of 8.8 (AV:N/AC:L/PR:N/UI:R), reflecting low complexity and no privilege requirement but requiring user interaction. No public exploit identified at time of analysis, and the CVE is not listed in CISA KEV.
Sandbox escape in Google Chrome's ANGLE graphics layer prior to version 149.0.7827.53 allows a remote attacker to break out of the renderer sandbox via a crafted HTML page when a victim visits a malicious site. The flaw is rated CVSS 9.6 due to scope change (S:C) and full CIA impact, though EPSS estimates only a 0.05% near-term exploitation probability and no public exploit has been identified at time of analysis.
Cross-origin data leakage in Google Chrome's Dawn WebGPU implementation prior to version 149.0.7827.53 allows a remote attacker to read sensitive data from other origins by luring a user to a crafted HTML page. Chromium rates this High severity and a vendor patch is available, though no public exploit has been identified at time of analysis and EPSS places exploitation probability at 1.64% (82nd percentile).
Sandbox escape in Google Chrome on Linux prior to 149.0.7827.53 allows a remote attacker to break out of the renderer process by luring a user to a crafted HTML page that triggers a use-after-free in the Ozone display/windowing layer. Google rates the underlying Chromium issue as High severity and a vendor patch is available; no public exploit identified at time of analysis and the EPSS score is very low (0.03%).
Sandbox escape in Google Chrome on Windows prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page abusing the Printing component. Chromium rates the issue High severity and a vendor patch is available, though no public exploit has been identified at time of analysis and EPSS remains very low at 0.05%.
Sandbox escape in Google Chrome versions prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page abusing the InterestGroups component. Google rates the Chromium severity as High, and CVSS scores it 8.3 with a changed scope reflecting the cross-boundary impact. No public exploit identified at time of analysis, though a vendor patch is available.
Privilege escalation in Google Chrome's Extensions component prior to version 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to escape sandbox restrictions via a crafted HTML page. Chromium rates the issue High severity; no public exploit has been identified at time of analysis and SSVC reports exploitation status as none, though the technical impact is total if chained successfully.
Cross-origin data disclosure in Google Chrome on Windows prior to 149.0.7827.53 allows remote attackers who have already compromised the renderer process to leak data from other origins via a crafted HTML page in the Dawn (WebGPU) component. Google rates the underlying issue High severity, but no public exploit identified at time of analysis and EPSS exploitation probability is very low at 0.05%.
Sandbox escape in Google Chrome on Android prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the Chrome sandbox via a crafted HTML page that triggers a use-after-free in the SurfaceCapture component. The flaw is rated High severity by Chromium and carries a CVSS 3.1 score of 8.3 with scope change, reflecting that successful exploitation crosses the renderer/browser security boundary. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Sandbox escape in Google Chrome versions prior to 149.0.7827.53 allows remote attackers to break out of the renderer process sandbox by delivering a crafted video file processed by the browser's codec implementation. The CVSS 9.6 score reflects a scope-changing impact across confidentiality, integrity, and availability, though exploitation requires user interaction such as visiting a malicious page. No public exploit identified at time of analysis, and EPSS exploitation probability remains low at 0.05%.
Remote code execution in Google Chrome versions prior to 149.0.7827.53 allows a remote attacker to execute arbitrary code inside the renderer sandbox by enticing a victim to visit a crafted HTML page that triggers an integer overflow in DevTools. Google has rated this Chromium issue as High severity and a vendor patch is available; no public exploit identified at time of analysis, and the bug is not currently listed in CISA KEV.
Remote code execution in Google Chrome versions prior to 149.0.7827.53 stems from an integer overflow in the V8 JavaScript engine, enabling a remote attacker to execute arbitrary code within the renderer sandbox via a crafted HTML page. The flaw is rated High severity by Chromium with a CVSS score of 8.8, requires user interaction (visiting a malicious page), and no public exploit has been identified at time of analysis. While exploitation is sandboxed, V8 RCE bugs historically chain with sandbox escapes to achieve full host compromise, making this a priority patch for browser fleets.
Remote code execution in Google Chrome's V8 JavaScript engine prior to version 149.0.7827.53 allows a remote attacker to execute arbitrary code within the renderer sandbox by luring a victim to a crafted HTML page. Google has rated the issue High severity and shipped a stable-channel patch; no public exploit has been identified at time of analysis, and the bug tracker entry remains access-restricted per Chromium's standard disclosure practice.
Remote code execution in Google Chrome before 149.0.7827.53 allows a remote attacker to execute arbitrary code inside the renderer sandbox by luring a user to a crafted HTML page that triggers a type confusion in the Media component. The flaw carries a CVSS 8.8 (High) rating and requires user interaction (visiting a page), and while no public exploit has been identified at time of analysis, Chromium-rated High Media bugs have historically been chained with sandbox escapes for full compromise.
Sandbox escape in Google Chrome for iOS before 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page exploiting a use-after-free condition. The flaw is rated High severity by Chromium and has a CVSS score of 8.3, but no public exploit has been identified at time of analysis and it is not listed in CISA KEV. Successful exploitation typically requires chaining with a separate renderer-compromise primitive, raising the practical bar.
Sandbox escape in Google Chrome versions prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page exploiting an uninitialized memory use in the Codecs component. Google has rated this Chromium security severity as High, and no public exploit has been identified at time of analysis. The flaw requires chaining with a separate renderer compromise, but combined with a renderer RCE it enables full host code execution outside Chrome's sandbox.
Sandboxed remote code execution in Google Chrome on Android prior to 149.0.7827.53 allows a remote attacker to execute arbitrary code inside the renderer sandbox by luring a user to a crafted HTML page. The flaw is a use-after-free in the Input component, rated High by Chromium and 8.8 by CVSS. No public exploit identified at time of analysis, but Chrome UAF bugs in renderer-reachable components are historically high-value targets for chained sandbox escapes.
Remote code execution in Google Chrome for iOS before 149.0.7827.53 allows a remote attacker to execute arbitrary code by enticing a user to visit a crafted HTML page and perform specific UI gestures, triggering a use-after-free condition. Google rates the underlying Chromium issue as High severity, and no public exploit has been identified at time of analysis. The flaw requires user interaction, which somewhat reduces but does not eliminate real-world risk given Chrome's massive install base on iOS.
Remote code execution in Google Chrome versions prior to 149.0.7827.53 stems from a use-after-free flaw in the Glic component, allowing a remote attacker to run arbitrary code within the renderer sandbox by luring a victim to a crafted HTML page. Google has rated the Chromium security severity as High, and a vendor patch is available, though no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.
Sandboxed remote code execution in Google Chrome before 149.0.7827.53 stems from a use-after-free flaw in the MimeHandlerView component, exploitable when a victim visits a crafted HTML page. Chromium rates the issue High severity and CVSS 8.8 reflects network-reachable exploitation with user interaction; no public exploit identified at time of analysis, and the bug is not on the CISA KEV list.
Type confusion in the ANGLE graphics translation layer of Google Chrome on Windows prior to 149.0.7827.53 enables remote attackers to trigger out-of-bounds memory access through a crafted HTML page, with potential for memory corruption leading to code execution in the renderer process. Chromium rates this High severity and a vendor patch is available, though no public exploit is identified at time of analysis and EPSS exploitation probability is currently 0.03%.
Remote code execution in Google Chrome versions prior to 149.0.7827.53 stems from a use-after-free flaw in the Actor component that lets a remote attacker run arbitrary code within the renderer sandbox via a malicious HTML page. The flaw carries CVSS 8.8 and requires user interaction (visiting a crafted page), and at time of analysis there is no public exploit identified, though Chromium rates the security severity as High and a vendor patch has shipped.
Sandbox escape in Google Chrome on Android versions prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. The flaw stems from a use-after-free condition in the Core component and is rated High severity by Chromium with a CVSS of 8.3. No public exploit identified at time of analysis, though the bug enables a critical post-exploitation chain step when paired with a renderer RCE.