Skip to main content

Red Hat

8632 CVEs vendor

Monthly

CVE-2026-53469 CRITICAL Act Now

Mass data deletion in Red Hat's kubev2v migration-planner SaaS platform allows attackers to wipe all customer sources, agents, and assessments via an unprotected DELETE /api/v1/sources endpoint. The endpoint lacks both authorization checks and tenant filtering, so a single request destroys data across the entire multi-tenant deployment. No public exploit identified at time of analysis, but the upstream fix (PR #1227) removes the endpoint entirely, confirming the issue is real and trivially reachable.

Authentication Bypass Red Hat
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-53442 MEDIUM This Month

Unencrypted secret storage in Jenkins 2.567 and earlier (LTS 2.555.2 and earlier) exposes credentials submitted via POST config.xml to any user holding Item/Extended Read permission or with read access to the Jenkins controller filesystem. Secrets that should be encrypted at rest are written as plaintext into job config.xml files, making them directly readable through Jenkins' built-in permission model or OS-level file access. No public exploit code has been identified and this CVE is not listed in the CISA KEV catalog, but the privileged insider and lateral-movement risk is significant for organizations embedding CI/CD credentials in job configurations.

Information Disclosure Jenkins Red Hat
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-53440 MEDIUM This Month

Open redirect in Jenkins 2.567 and earlier (LTS 2.555.2 and earlier) enables unauthenticated remote attackers to craft login URLs with a malicious external domain in the 'from' parameter under the 'Delegate to servlet container' security realm, silently redirecting authenticated users to attacker-controlled sites post-login for phishing purposes. The CVSS vector (PR:N, UI:R) confirms no attacker authentication is needed, but victim interaction is mandatory - the user must click a crafted link and complete a login. No public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV; vendor-released patches are available as of 2026-06-10.

Jenkins Open Redirect Red Hat
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-53439 MEDIUM This Month

Missing authorization checks in Jenkins 2.567 and earlier (LTS 2.555.2 and earlier) expose user-specific configuration data to any authenticated user holding the Overall/Read permission. Authenticated low-privilege users can query the timezone setting of any Jenkins user account and enumerate the names of views configured within other users' 'My Views' personal dashboards, constituting an information disclosure weakness. No public exploit code exists and this CVE is not listed in the CISA KEV catalog at time of analysis, placing real-world risk in the low-moderate tier primarily relevant to multi-tenant or shared Jenkins deployments.

Authentication Bypass Jenkins Red Hat
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-53438 MEDIUM This Month

Missing authorization enforcement in Jenkins allows low-privileged authenticated users to cancel build queue items they lack permission to view. Affecting Jenkins 2.567 and earlier (LTS 2.555.2 and earlier), this CWE-862 flaw breaks the expected access control invariant that Item/Cancel should be constrained by Item/Read visibility. No public exploit code exists and this vulnerability is not listed in CISA KEV at time of analysis, but the low attack complexity and network accessibility make it a realistic threat in multi-tenant Jenkins deployments where fine-grained RBAC is in use.

Authentication Bypass Jenkins Red Hat
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-53436 MEDIUM This Month

Open redirect exploitation in Jenkins allows unauthenticated network attackers to craft login URLs that bypass the post-authentication redirect validation and forward users to attacker-controlled external sites. Affected are Jenkins weekly releases through 2.567 and LTS releases through 2.555.2, where the redirect URL legitimacy check fails when the URL contains relative path segments such as `./` or `../`. No active exploitation is confirmed (not listed in CISA KEV) and no public exploit code has been identified at time of analysis, placing this in a moderate-risk, phishing-enablement category rather than a direct system compromise class.

Jenkins Open Redirect Red Hat
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-71329 HIGH POC PATCH Monitor

Denial of service in the image-size Node.js library through version 2.0.2 allows remote unauthenticated attackers to permanently hang the Node.js event loop by supplying a crafted JXL or HEIF image containing a box with a zero-valued size field. Publicly available exploit code exists and an upstream fix has been merged, making this a credible availability threat for any service that accepts user-supplied images and runs them through image-size. No active exploitation has been reported in CISA KEV at time of analysis.

Denial Of Service Node.js Image Size Red Hat Suse
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-71330 HIGH POC PATCH This Week

Denial of service in the image-size Node.js library (versions up to and including 2.0.2) allows remote unauthenticated attackers to permanently stall the Node.js event loop by submitting a malformed ICNS image. The flaw stems from an infinite loop in the ICNS parser when an entry length field is zero, and publicly available exploit code exists per VulnCheck and an independent write-up; no public exploit identified at time of analysis indicates active exploitation, but the POC makes weaponization trivial.

Denial Of Service Node.js Image Size Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-49762 MEDIUM PATCH This Month

Denial of service in Elixir's standard library Version module (versions 1.5.0 through 1.20.0) allows any caller passing an attacker-controlled version string to exhaust CPU and memory or crash the calling BEAM process. The five public entry points - Version.parse/1, Version.parse!/1, Version.match?/3, Version.compare/2, and Version.parse_requirement/1 - pass numeric version components to :erlang.binary_to_integer/1 without length bounds, triggering super-linear arbitrary-precision integer conversion; a single ~1 MB all-digit component suffices. Applications routinely invoke these functions on untrusted input (HTTP parameters, package metadata), making the effective attack surface broader than the CVSS AV:L classification implies. No public exploit has been identified at time of analysis, and the vulnerability is not listed in CISA KEV.

Denial Of Service Suse Red Hat
NVD GitHub
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-42766 MEDIUM PATCH This Month

Null pointer dereference in OpenSSL's password-based CMS decryption path enables remote denial of service against applications that process CMS EnvelopedData with password-based key derivation. The flaw affects a wide range of OpenSSL branches spanning 1.0.2 through 4.0.0, making the exposure surface unusually broad across long-term support and current releases. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis; the CVSS score of 5.9 (Medium) reflects the high attack complexity required to trigger the condition.

Denial Of Service Null Pointer Dereference OpenSSL Red Hat
NVD GitHub VulDB
CVSS 3.1
5.9
EPSS
0.1%
CVE-2026-42764 HIGH PATCH This Week

Denial of service in OpenSSL 3.5.x, 3.6.x, and 4.0.0 stems from a NULL pointer dereference triggered during QUIC server initial packet handling, allowing remote unauthenticated attackers to crash affected servers by sending crafted QUIC traffic. The flaw was disclosed via the OpenSSL 4.0.1 security release on 2026-06-09 alongside multiple other CVEs; no public exploit identified at time of analysis and no CISA KEV listing. Patched versions are available from the upstream project and downstream distributions including Ubuntu (USN-8414-1).

Denial Of Service Null Pointer Dereference OpenSSL Red Hat
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-34180 HIGH PATCH This Week

Denial-of-service in OpenSSL's ASN.1 content parser allows remote unauthenticated attackers to trigger a heap buffer over-read that can crash applications relying on the library for cryptographic parsing. Disclosed via the OpenSSL 4.0.1 security release on 2026-06-09 alongside more than a dozen other fixes, this issue affects every supported branch from 1.0.2 through 3.6 and 4.0. No public exploit identified at time of analysis and the flaw is not listed in CISA KEV, but the broad install base of OpenSSL across servers, clients, and embedded devices makes patching a priority.

OpenSSL Information Disclosure Buffer Overflow Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-34183 HIGH PATCH This Week

Denial of service in OpenSSL QUIC implementation allows remote unauthenticated attackers to exhaust server memory by sending crafted PATH_CHALLENGE frames that trigger unbounded memory growth in the QUIC handler. The flaw affects OpenSSL branches 3.4.x, 3.5.x, 3.6.x, and 4.0.0, and is fixed in the 4.0.1 security release alongside numerous other CVEs. No public exploit identified at time of analysis and EPSS is very low (0.02%), but the network-reachable, no-auth nature of QUIC server endpoints makes the issue operationally relevant for TLS/QUIC-facing services.

Information Disclosure OpenSSL Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-34181 HIGH PATCH This Week

Integrity-check bypass in OpenSSL 3.4.x, 3.5.x, 3.6.x, and 4.0.0 allows PKCS#12 files protected with PBMAC1 to be accepted even when secured by dangerously short HMAC keys, undermining the authentication of the keystore contents. Vendor patches are available in 3.4.6, 3.5.7, 3.6.3, and 4.0.1, and no public exploit identified at time of analysis; EPSS is 0.00% and the issue is not on the CISA KEV list.

Information Disclosure OpenSSL Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-42769 MEDIUM PATCH This Month

Trust anchor substitution in OpenSSL's CMP rootCaKeyUpdate handler allows a network-positioned attacker with low privileges to bypass certificate validation via a cert/issuer field confusion bug (CWE-295), affecting four actively maintained OpenSSL branches. The high confidentiality impact (C:H) reflects the potential for a substituted malicious trust anchor to undermine TLS certificate chains, enabling downstream interception of protected communications. No public exploit identified at time of analysis; vendor patch released 2026-06-09 across all affected branches.

OpenSSL Information Disclosure Red Hat
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-34182 CRITICAL PATCH NEWS Act Now

Pre-NVD disclosure via GitHub release 'OpenSSL 4.0.1' (openssl/openssl). OpenSSL 4.0.1 is a security patch release. The most severe CVE fixed in this release is High. This release incorporates the following bug fixes and mitigations: * Fixed heap use-after-free in `PKCS7_verify()`. ([CVE-2026-45447]) * Fixed CMS `AuthEnvelopedData` processing may accept forged messages. ([CVE-2026-34182]) * Fixed unbounded memory growth in the QUIC `PATH_CHALLENGE` handler. ([CVE-2026-34183]) * Fixed double-free when checking OCSP stapled respo

OpenSSL Information Disclosure Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-42767 MEDIUM PATCH This Month

NULL pointer dereference in OpenSSL's CRMF EncryptedValue decryption path crashes the affected process, creating a remotely triggerable denial-of-service condition across five actively maintained OpenSSL branches (3.0.x, 3.4.x, 3.5.x, 3.6.x, and 4.0.x). The CVSS vector (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H, score 5.9) confirms network reachability with no authentication required, but high attack complexity limits trivial mass exploitation. No public exploit code and no CISA KEV listing have been identified at time of analysis; however, the broad version coverage and OpenSSL's ubiquitous deployment make patching a priority for any infrastructure using certificate management protocols.

Denial Of Service Null Pointer Dereference OpenSSL Red Hat
NVD GitHub VulDB
CVSS 3.1
5.9
EPSS
0.1%
CVE-2026-41715 MEDIUM PATCH This Month

Credential leakage in the Reactor Netty HTTP client exposes authentication material when following redirects that cross security boundaries from HTTPS to HTTP. Affected are all four supported release lines: 1.0.x through 1.0.51, 1.1.x through 1.1.35, 1.2.x through 1.2.17, and 1.3.x through 1.3.5. An attacker who controls or can influence a redirect response can cause the client to transmit credentials over an unencrypted channel, where they may be intercepted. No public exploit code has been identified at time of analysis and this CVE is not listed in the CISA KEV catalog.

Information Disclosure Reactor Netty Red Hat
NVD VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-11701 MEDIUM PATCH This Month

UI spoofing in Google Chrome's Guest View component prior to 149.0.7827.103 enables a remote unauthenticated attacker to deceive users about page content or origin by delivering a crafted HTML page. The CVSS vector (AV:N/AC:L/PR:N/UI:R) confirms exploitation requires no privileges and no special network position, but does require the victim to visit a malicious page. With an EPSS score of 0.05% at the 15th percentile and no CISA KEV listing, real-world exploitation is currently assessed as low probability, though the zero-friction delivery mechanism (a link) keeps the attack surface broad.

Information Disclosure Google Red Hat Suse
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-11700 HIGH PATCH This Week

Sandbox escape in Google Chrome prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a use-after-free flaw in the Tracing component, triggered through a crafted HTML page. No public exploit identified at time of analysis, and SSVC indicates exploitation status is 'none', but the technical impact is rated total because a successful escape grants code execution at browser-process privileges. Google has shipped a fix and rates the underlying Chromium severity as Medium, while the assigned CVSS is 8.3 due to scope change and high CIA impact.

Denial Of Service Use After Free Memory Corruption Google Red Hat +1
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-11699 HIGH PATCH This Week

Heap corruption in Google Chrome on macOS prior to version 149.0.7827.103 can be triggered remotely through a crafted HTML page that exploits a use-after-free condition in the browser's Bluetooth component. Successful exploitation requires the victim to visit attacker-controlled content but no authentication, and Google has rated the underlying Chromium severity as High with no public exploit identified at time of analysis.

Denial Of Service Use After Free Memory Corruption Google Red Hat +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-11698 HIGH PATCH This Week

Heap corruption in Google Chrome on macOS prior to version 149.0.7827.103 allows remote attackers to potentially execute arbitrary code by luring a victim to a crafted HTML page that triggers a use-after-free in the browser's Bluetooth component. Google has released a patched stable channel update, and while no public exploit has been identified at time of analysis, the CVSS 8.8 score reflects the high impact achievable with only a single user click. CISA SSVC currently scores exploitation as 'none' but technical impact as 'total', consistent with a serious but not yet weaponized browser flaw.

Denial Of Service Use After Free Memory Corruption Google Red Hat +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-11697 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome prior to 149.0.7827.103 allows a remote attacker to break out of the browser's renderer sandbox via a crafted HTML page that exploits insufficient input validation in the UI layer. The scope-changing CVSS 9.6 reflects that successful exploitation crosses the sandbox security boundary, though user interaction (visiting a malicious page) is required. No public exploit identified at time of analysis and the issue is not currently listed in CISA KEV, but Google rates the underlying Chromium severity as High.

Information Disclosure Google Red Hat Suse
NVD VulDB
CVSS 3.1
9.6
EPSS
0.1%
CVE-2026-11696 MEDIUM PATCH This Month

Uninitialized memory use in the Video component of Google Chrome on Windows (prior to 149.0.7827.103) allows an attacker who has already compromised the renderer process to read potentially sensitive data from process memory by directing the victim to a crafted HTML page. The vulnerability is Windows-specific, rated High severity by Chromium's internal scale, and carries a CVSS 5.3 due to the high attack complexity and required user interaction stacking atop the renderer-compromise prerequisite. No public exploit identified at time of analysis; Google has released a fix in version 149.0.7827.103.

Information Disclosure Google Microsoft Red Hat Suse
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-11695 MEDIUM PATCH This Month

Cross-origin data leakage in Google Chrome's Passwords feature (all versions prior to 149.0.7827.103) can be triggered by a remote unauthenticated attacker delivering a crafted HTML page to a victim. The flaw results from an inappropriate implementation classified under CWE-693 (Protection Mechanism Failure), meaning the browser's same-origin policy enforcement is bypassed specifically within the Passwords subsystem. With a CVSS score of 4.3 and no public exploit or CISA KEV listing identified at time of analysis, this is a medium-severity information disclosure risk requiring user interaction to exploit.

Information Disclosure Google Red Hat Suse
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-11694 HIGH PATCH This Week

Sandboxed remote code execution in Google Chrome versions prior to 149.0.7827.103 allows attackers who have already compromised the renderer process to execute arbitrary code via a crafted HTML page that triggers a use-after-free in the ServiceWorker component. Rated High severity by Chromium with a CVSS 7.5, the flaw requires user interaction (visiting a malicious page) and a pre-existing renderer compromise, and no public exploit has been identified at time of analysis. The vendor has released a patched Stable channel update.

Google Memory Corruption RCE Use After Free Denial Of Service +2
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-11693 HIGH PATCH This Week

Site isolation bypass in Google Chrome versions prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to escape cross-origin boundaries via a crafted HTML page. The flaw is rated High severity by Chromium and carries a CVSS score of 8.1, though EPSS is very low at 0.02% and no public exploit identified at time of analysis. This is a second-stage vulnerability requiring prior renderer compromise, typically chained with a separate RCE in the renderer sandbox.

Authentication Bypass Google Red Hat Suse
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-11692 HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 149.0.7827.103 allows remote attackers who have already compromised the renderer process to break out of the sandbox via a use-after-free in the Read Anything component when processing a crafted HTML page. Google rates this Chromium-severity High, and no public exploit has been identified at time of analysis, but the CVSS 8.3 score reflects the severity of full sandbox escape leading to scoped impact beyond the renderer. This is a second-stage bug requiring chaining with a renderer compromise, not a one-shot drive-by.

Denial Of Service Use After Free Memory Corruption Google Red Hat +1
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-11690 HIGH PATCH This Week

Sandbox-confined arbitrary code execution in Google Chrome on macOS versions prior to 149.0.7827.103 stems from an out-of-bounds read and write in the Media component, exploitable by a remote attacker who has already compromised the renderer process and lures a user to a crafted HTML page. Google rates the Chromium severity as High and has released a patched stable channel update; no public exploit identified at time of analysis, and SSVC reports no observed exploitation.

Information Disclosure Google Buffer Overflow RCE Red Hat +1
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-11688 HIGH PATCH This Week

Sandboxed remote code execution in Google Chrome versions prior to 149.0.7827.103 allows a remote attacker to execute arbitrary code within the renderer sandbox by enticing a user to visit a crafted HTML page that abuses an inappropriate SVG implementation. Google rates the underlying Chromium issue as High severity, and no public exploit identified at time of analysis, though the user-interaction requirement (UI:R) and high CVSS of 8.8 make this a meaningful drive-by browsing risk once a patch is reverse-engineered.

Code Injection Google RCE Red Hat Suse
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-11687 HIGH PATCH This Week

Heap corruption in Google Chrome on macOS prior to 149.0.7827.103 enables remote attackers to potentially execute arbitrary code by luring a user to a crafted HTML page that exploits a use-after-free in the Dawn WebGPU implementation. The flaw carries a CVSS 8.8 (High) rating and Chromium rates it High severity; no public exploit has been identified at time of analysis, but Chrome browser bugs of this class are historically attractive targets for in-the-wild exploitation. Patch is available from Google.

Denial Of Service Use After Free Memory Corruption Google Red Hat +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-11685 MEDIUM PATCH This Month

Cross-origin data leakage in Google Chrome's MediaCapture implementation on macOS allows a remote attacker to read data from other origins by enticing a user to visit a specially crafted HTML page. Affected versions are all Chrome releases on Mac prior to 149.0.7827.103. The flaw carries a CVSS score of 4.3 (Medium) with no authentication required, though user interaction is necessary; no public exploit code has been identified at time of analysis, and the issue is not listed in the CISA KEV catalog.

Information Disclosure Google Red Hat Suse
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-11683 HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 149.0.7827.103 allows attackers to execute arbitrary code within the browser sandbox by luring users to a malicious HTML page that triggers a use-after-free in the WebCodecs component. Chromium rates this as High severity with a CVSS score of 8.8, and while a vendor patch is available, no public exploit has been identified at time of analysis. Exploitation requires user interaction (visiting a crafted page), which moderates real-world risk somewhat but still places this in the high-priority browser-patching tier.

Google Memory Corruption RCE Use After Free Denial Of Service +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-11682 HIGH PATCH This Week

Sandbox escape in Google Chrome on Linux prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page, escalating from a contained renderer context to broader host access. Chromium rates this High severity, and while no public exploit has been identified at time of analysis, the CVSS 8.3 score reflects the serious consequence of bypassing one of the browser's core security boundaries. The flaw resides in the Views component and requires user interaction (UI:R) plus a prior renderer compromise, making it a second-stage vulnerability in a multi-bug exploit chain.

Information Disclosure Google Red Hat Suse
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-11681 HIGH PATCH This Week

Heap corruption in Google Chrome's Ozone component on Linux before version 149.0.7827.103 allows remote attackers to potentially achieve arbitrary code execution within the browser process when a victim visits a crafted HTML page. The flaw is a use-after-free rated High severity by Chromium, with CVSS 8.8 reflecting network-reachable exploitation requiring only minimal user interaction. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

Denial Of Service Use After Free Memory Corruption Google Red Hat +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-11680 HIGH PATCH This Week

Remote code execution in Google Chrome on Windows prior to 149.0.7827.103 allows attackers to run arbitrary code inside the renderer sandbox when a victim visits a crafted HTML page, triggering a use-after-free condition in the Media component. The flaw carries a CVSS 8.8 (High) rating and is tagged by Chromium as High severity. No public exploit has been identified at time of analysis, and the issue is not listed in CISA KEV.

Google Memory Corruption RCE Use After Free Microsoft +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-11679 HIGH PATCH This Week

Sandbox escape in Google Chrome on Windows before 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a use-after-free in the Codecs component triggered by a crafted HTML page. Google rates this Chromium security severity as High, and a vendor patch is available; no public exploit was identified at time of analysis, though the scope-changed CVSS 8.3 reflects the cross-boundary impact of breaching the sandbox.

Google Memory Corruption Use After Free Microsoft Denial Of Service +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-11678 MEDIUM PATCH This Month

Integer overflow in libyuv allows a renderer-compromised attacker to read sensitive process memory in Google Chrome prior to 149.0.7827.103. This is a chained, post-exploitation vulnerability: the attacker must first control the Chrome renderer process (via a separate exploit), then serve a crafted HTML page that triggers the libyuv integer overflow to extract memory contents - making this a privilege escalation and data exfiltration primitive within a broader attack chain. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in CISA KEV.

Information Disclosure Google Red Hat Suse
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-11677 HIGH PATCH This Week

Sandbox escape in Google Chrome on macOS versions prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer/network process to break out of the browser sandbox via a race condition triggered by a crafted HTML page. Chromium rates the severity as High and a vendor patch is available, though no public exploit has been identified at time of analysis.

Information Disclosure Google Race Condition Red Hat Suse
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-11676 HIGH PATCH This Week

Sandbox escape in Google Chrome and ChromeOS on Linux prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page abusing the Dawn (WebGPU) component. Chromium rates the severity High, and while no public exploit identified at time of analysis, sandbox-escape bugs in Dawn are historically chained with renderer RCE bugs in exploit chains. The CVSS 8.3 score reflects the high attack complexity and required user interaction, but the scope change (S:C) signals a meaningful trust-boundary break.

Information Disclosure Google Red Hat Suse
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-11674 HIGH PATCH This Week

Remote code execution in Google Chrome's Guest View component prior to version 149.0.7827.103 allows attackers to execute arbitrary code within the renderer sandbox by luring users to a crafted HTML page. The flaw is a use-after-free memory corruption issue rated High severity by Chromium with a CVSS of 8.8, and while no public exploit has been identified at time of analysis, Google has shipped a patched stable channel build. Exploitation requires user interaction (visiting a malicious page) and code execution is confined to the sandbox, meaning a sandbox escape would be needed for full host compromise.

Google Memory Corruption RCE Use After Free Denial Of Service +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-11673 HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 149.0.7827.103 stems from a use-after-free flaw in the InterestGroups component, enabling a remote attacker to execute arbitrary code within the renderer sandbox via a crafted HTML page. The vulnerability carries a CVSS 8.8 (High) score and is rated High severity by Chromium, but no public exploit identified at time of analysis and SSVC indicates exploitation status of none. Attack requires user interaction (visiting a malicious page) but no authentication.

Google Memory Corruption RCE Use After Free Denial Of Service +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-11672 HIGH PATCH This Week

Sandbox escape in Google Chrome on Android prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of Chrome's sandbox via a heap buffer overflow in the GPU process triggered by a crafted HTML page. Rated High severity by Chromium with a CVSS 8.3 reflecting scope change and full CIA impact; no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Google Memory Corruption Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-11671 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome before 149.0.7827.103 allows a remote attacker to break out of the renderer sandbox through a use-after-free in the Navigation component when a victim visits a crafted HTML page. The CVSS 9.6 score reflects a scope-changing impact on confidentiality, integrity, and availability with only user interaction (visiting a page) required, and no public exploit was identified at time of analysis.

Denial Of Service Use After Free Memory Corruption Google Red Hat +1
NVD VulDB
CVSS 3.1
9.6
EPSS
0.1%
CVE-2026-11670 HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 149.0.7827.103 stems from a use-after-free flaw in the PDF component, enabling a remote attacker who lures a user into opening a crafted PDF to execute arbitrary code within the renderer sandbox. Rated High by Chromium with CVSS 8.8, the issue requires user interaction but no authentication, and currently has no public exploit identified at time of analysis.

Google Memory Corruption RCE Use After Free Denial Of Service +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-11669 MEDIUM PATCH This Month

Out-of-bounds read in Chrome's Media component on ChromeOS allows an attacker who has already compromised the renderer process to exfiltrate potentially sensitive data from process memory via a crafted HTML page. Affected are all Chrome for ChromeOS releases prior to 149.0.7827.103. No public exploit code or CISA KEV listing has been identified at time of analysis, and exploitation is constrained by both the ChromeOS-only scope and the mandatory prerequisite of a pre-compromised renderer, making this a chained attack scenario rather than a standalone critical threat.

Google Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-11668 MEDIUM PATCH This Month

Cross-origin data leakage in Google Chrome's codec subsystem on Linux and ChromeOS (versions prior to 149.0.7827.103) enables remote unauthenticated attackers to exfiltrate sensitive data from other origins by delivering a specially crafted video file to a target user. The root cause is uninitialized memory use (CWE-457) within the codec pipeline, where memory contents from other origin contexts may be exposed during video processing. No public exploit code has been identified at time of analysis, and CISA SSVC classifies exploitation status as 'none'; however, the network-accessible attack surface and lack of authentication requirement make patching a prudent priority for Linux and ChromeOS deployments.

Information Disclosure Google Red Hat Suse
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-11667 HIGH PATCH This Week

Out-of-bounds read in the WebRTC component of Google Chrome before 149.0.7827.103 enables a remote attacker who has already compromised the GPU process to escalate into heap corruption via a crafted HTML page. Google rates this High severity and a vendor patch is available; no public exploit identified at time of analysis. The flaw is a chained-exploitation primitive rather than a standalone RCE, requiring a prior sandbox-adjacent foothold plus user interaction.

Information Disclosure Google Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-11666 MEDIUM PATCH This Month

UI spoofing in Google Chrome prior to 149.0.7827.103 enables remote unauthenticated attackers to deceive users into interacting with falsified browser interface elements via a crafted HTML page. The vulnerability exploits insufficient input validation in Chrome's Input component (CWE-20), carrying a moderate CVSS 5.4 with confirmed low confidentiality impact and an Information Disclosure tag suggesting data exposure risk through spoofed UI surfaces such as fake dialogs or address bar manipulation. EPSS probability is very low at 0.05% (15th percentile), no public exploit has been identified, and no CISA KEV listing exists at time of analysis.

Information Disclosure Google Red Hat Suse
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-11665 MEDIUM PATCH This Month

Out-of-bounds read in Dawn, Chrome's WebGPU graphics API layer, on Windows enables unauthenticated remote attackers to leak cross-origin data by serving a crafted HTML page. Affected versions of Google Chrome on Windows are all releases prior to 149.0.7827.103. The CVSS vector (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N) confirms this is a network-exploitable, low-complexity information disclosure with no authentication requirement - limited only by the need for a user to visit the attacker-controlled page. No public exploit code or CISA KEV listing has been identified at time of analysis.

Information Disclosure Google Microsoft Buffer Overflow Red Hat +1
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-11664 HIGH PATCH This Week

Heap corruption in Google Chrome's Payments component before 149.0.7827.103 allows remote attackers to exploit a use-after-free condition by enticing a victim to visit a crafted HTML page, potentially achieving arbitrary code execution within the renderer sandbox. Chromium rates the severity as High, and CVSS 8.8 reflects network-reachable exploitation with low complexity, though successful exploitation requires user interaction (visiting an attacker-controlled page). No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Denial Of Service Use After Free Memory Corruption Google Red Hat +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-11663 HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of the Chromium sandbox via a use-after-free in the Skia graphics library. The flaw is rated High severity by Chromium and carries a CVSS 8.3, but exploitation requires both a prior renderer compromise and user interaction with a crafted HTML page. No public exploit identified at time of analysis.

Denial Of Service Use After Free Memory Corruption Google Red Hat +1
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-11662 HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 149.0.7827.103 allows a remote attacker to execute arbitrary code within the renderer sandbox by enticing a victim to visit a crafted HTML page. The flaw stems from a type confusion bug in Chromium's Bindings layer (CWE-843), rated High severity by Chromium and CVSS 8.8 due to network-based exploitation requiring only user interaction. No public exploit identified at time of analysis and EPSS data was not provided, but Chromium V8/bindings issues historically attract exploit development.

Google Memory Corruption RCE Red Hat Suse
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-11661 HIGH PATCH This Week

Sandbox escape in Google Chrome on Windows prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a use-after-free in the Views component, triggered through a crafted HTML page. Google rates this Chromium security severity High and a vendor patch is available; no public exploit identified at time of analysis and the bug is not currently listed in CISA KEV.

Google Memory Corruption Use After Free Microsoft Denial Of Service +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-11660 HIGH PATCH This Week

Sandbox escape in Google Chrome prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of the Chromium sandbox via a crafted HTML page served through the New Tab Page. Google rates the underlying Chromium severity as High and a fix is shipped in the stable channel, but no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Information Disclosure Google Red Hat Suse
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-11659 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on Linux prior to 149.0.7827.103 can be triggered by an integer overflow in the browser's UI component when a victim visits a crafted HTML page. Rated CVSS 9.6 with scope change, this issue allows a remote attacker to break out of the Chrome renderer sandbox after one click or navigation, though no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.

Google Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
9.6
EPSS
0.1%
CVE-2026-11658 MEDIUM PATCH This Month

Site isolation bypass in Google Chrome's Extensions subsystem prior to 149.0.7827.103 enables a remote attacker who has already compromised the renderer process to defeat cross-origin security boundaries via a crafted HTML page requiring one user interaction. The root cause is CWE-20 (Improper Input Validation) in the Extensions layer, meaning the Extensions subsystem fails to adequately validate untrusted input before acting on it across site isolation boundaries. EPSS is low at 0.02% (6th percentile), no public exploit code or CISA KEV listing exists at time of analysis, and a vendor patch is confirmed at 149.0.7827.103.

Authentication Bypass Google Red Hat Suse
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-11657 HIGH PATCH This Week

Remote code execution in Google Chrome on macOS prior to version 149.0.7827.103 stems from a use-after-free flaw in the Payments component, allowing a remote attacker to run arbitrary code in the renderer process via a crafted HTML page. The issue carries a CVSS 8.8 (High) rating and was reported through Google's internal Chrome security process; no public exploit identified at time of analysis. Exploitation requires the victim to load attacker-controlled web content (UI:R), but no authentication or special privileges are needed.

Google Memory Corruption RCE Use After Free Denial Of Service +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-11656 HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 149.0.7827.103 stems from a use-after-free condition in the ServiceWorker component, allowing an attacker to break out of Chrome's renderer sandbox through a crafted malicious extension. The flaw is rated Chromium severity High with CVSS 8.3 and no public exploit identified at time of analysis, but the scope-change (S:C) and full CIA impact mean a successful escape grants meaningful control over the host browser process. Exploitation requires the victim to install the attacker's extension, which constrains opportunistic mass exploitation but is realistic against targeted users.

Denial Of Service Use After Free Memory Corruption Google Red Hat +1
NVD VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-11655 HIGH PATCH This Week

Sandbox escape in Google Chrome on macOS prior to version 149.0.7827.103 enables a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page that triggers an integer overflow in the Media component. Google rates the Chromium severity as High, and no public exploit has been identified at time of analysis. Because exploitation requires chaining with a separate renderer compromise plus user interaction (visiting a malicious page), the attack complexity is High despite the network attack vector.

Google Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-11654 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome for Mac (versions prior to 149.0.7827.103) stems from a use-after-free condition in the CameraCapture component, enabling a remote attacker to break out of the renderer sandbox via a crafted HTML page. With a CVSS of 9.6 (scope-changed, high impact across CIA) and an upstream fix released by Google, the bug carries high severity but requires user interaction to load the malicious page; no public exploit identified at time of analysis.

Denial Of Service Use After Free Memory Corruption Google Red Hat +1
NVD VulDB
CVSS 3.1
9.6
EPSS
0.1%
CVE-2026-11653 MEDIUM PATCH This Month

Site isolation bypass in Google Chrome Extensions (versions prior to 149.0.7827.103) enables a remote attacker who has already compromised the renderer process to escape cross-origin content boundaries via a crafted HTML page. The vulnerability stems from improper input validation (CWE-20) in the Extensions subsystem, producing a high integrity impact (I:H) with no confidentiality or availability loss per the CVSS vector. No public exploit code exists and no active exploitation has been confirmed, with EPSS at 0.02% (6th percentile), consistent with a chained, high-complexity attack path.

Authentication Bypass Google Red Hat Suse
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-11652 HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 149.0.7827.103 enables a remote attacker who has already compromised the renderer process to break out of the browser sandbox through a use-after-free flaw in the Extensions component, triggered via a crafted HTML page. Google rates the underlying Chromium severity as High and a vendor patch is available, though no public exploit has been identified at time of analysis and the issue is not listed in CISA KEV. The vulnerability is meaningful as the second stage in a multi-bug renderer-to-system exploit chain rather than as a single-shot drive-by.

Denial Of Service Use After Free Memory Corruption Google Red Hat +1
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-11651 CRITICAL PATCH Act Now

Remote code execution in Google Chrome's Network component before version 149.0.7827.103 allows a remote attacker to execute arbitrary code within the renderer sandbox by luring a user to a crafted HTML page. The flaw is a use-after-free (CWE-416) classified High severity by Chromium with a CVSS 9.6 due to scope change and user-interaction prerequisite. No public exploit identified at time of analysis, but a vendor patch is already shipped via the Stable channel update.

Google Memory Corruption RCE Use After Free Denial Of Service +2
NVD VulDB
CVSS 3.1
9.6
EPSS
0.1%
CVE-2026-11650 HIGH PATCH This Week

Remote code execution in Google Chrome's V8 JavaScript engine prior to version 149.0.7827.103 allows a remote attacker to execute arbitrary code within the renderer sandbox by enticing a user to visit a crafted HTML page. The flaw is a use-after-free memory corruption issue rated High severity by Chromium and carries a CVSS 8.8 score; no public exploit identified at time of analysis, but V8 UAF bugs are historically high-value targets for exploit chains.

Google Memory Corruption RCE Use After Free Denial Of Service +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-11649 HIGH PATCH This Week

Remote code execution in Google Chrome's V8 JavaScript engine prior to version 149.0.7827.103 allows attackers to execute arbitrary code within the renderer sandbox by luring a user to a crafted HTML page. The flaw is a use-after-free memory corruption issue rated High severity by Chromium, with a CVSS 8.8 score reflecting low attack complexity but requiring user interaction. No public exploit identified at time of analysis, though V8 use-after-frees historically attract rapid weaponization for browser exploit chains.

Google Memory Corruption RCE Use After Free Denial Of Service +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-11648 HIGH PATCH This Week

Heap corruption via use-after-free in Google Chrome's FullScreen component on Windows prior to 149.0.7827.103 enables remote attackers to potentially achieve code execution when a victim visits a malicious HTML page. Chromium rates this High severity and a vendor patch is available, though no public exploit has been identified at time of analysis. The CVSS 8.8 score reflects the network-reachable, low-complexity nature of the bug, tempered by required user interaction (UI:R).

Google Memory Corruption Use After Free Microsoft Denial Of Service +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-11647 HIGH PATCH This Week

Sandbox escape in Google Chrome on Android prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page exploiting a use-after-free in the Printing component. Google rates this High severity, and a vendor patch is available, but no public exploit identified at time of analysis and the vulnerability requires chaining with a separate renderer compromise plus user interaction with a print flow.

Denial Of Service Use After Free Memory Corruption Google Red Hat +1
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-11646 HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 149.0.7827.103 stems from a use-after-free condition in the ViewTransitions component, allowing a remote attacker to execute arbitrary code within the browser's renderer sandbox by serving a crafted HTML page. Google rates the Chromium security severity as High and a vendor patch is available, though no public exploit has been identified at time of analysis and the flaw is not listed in CISA KEV.

Google Memory Corruption RCE Use After Free Denial Of Service +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-11645 HIGH POC KEV PATCH THREAT Act Now

Remote code execution in Google Chrome's V8 JavaScript engine prior to 149.0.7827.103 allows a remote attacker to execute arbitrary code inside the renderer sandbox by enticing a victim to visit a crafted HTML page. The flaw is an out-of-bounds read and write (CWE-125) rated High severity by Chromium with a CVSS 8.8, and no public exploit identified at time of analysis, though V8 memory-corruption issues historically attract exploit development.

Information Disclosure Google Buffer Overflow RCE Red Hat +1
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
Threat
4.8
CVE-2026-11644 HIGH PATCH This Week

Use-after-free in the Views component of Google Chrome on Linux prior to 149.0.7827.103 allows remote attackers to execute arbitrary code by tricking a user into installing a crafted malicious extension. Chromium rates the underlying flaw Critical, though the NVD CVSS score of 7.5 reflects the high attack complexity and required user interaction. No public exploit identified at time of analysis.

Google Memory Corruption RCE Use After Free Denial Of Service +2
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-11643 HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 149.0.7827.103 stems from a use-after-free condition in the Proxy component, enabling remote attackers to execute arbitrary code by delivering malicious network traffic. Chromium has rated this issue Critical severity, and while no public exploit is identified at the time of analysis, the network-reachable nature of the Proxy subsystem and Chrome's massive deployment footprint make this a high-priority browser patch. The CVSS 8.1 score reflects high attack complexity offset by no required privileges or user interaction.

Google Memory Corruption RCE Use After Free Denial Of Service +2
NVD VulDB
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-11642 HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page exploiting a use-after-free in Web Apps. Chromium rates the severity as Critical, and a vendor patch is available, though no public exploit has been identified at time of analysis. This is a second-stage vulnerability typically chained with a renderer RCE to achieve full browser compromise.

Denial Of Service Use After Free Memory Corruption Google Red Hat +1
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-11641 HIGH PATCH This Week

Remote code execution in Google Chrome on Windows prior to 149.0.7827.103 can be triggered via a use-after-free flaw in the Bluetooth component, allowing a remote attacker to execute arbitrary code when a victim visits a crafted HTML page and performs specific UI gestures. Chromium rates the severity as Critical, though the CVSS 3.1 score of 7.5 reflects high attack complexity and required user interaction. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

Google Memory Corruption RCE Use After Free Microsoft +3
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-11640 HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 149.0.7827.103 enables a remote attacker who has already compromised the renderer process to break out of the browser sandbox via an integer overflow in the libyuv image conversion library. Exploitation requires user interaction with a crafted HTML page and a chained renderer compromise, but Google rated the underlying issue Critical because a successful chain yields code execution outside Chrome's sandbox. There is no public exploit identified at time of analysis and EPSS exploitation probability is low at 0.03%.

Google Buffer Overflow Red Hat Suse
NVD VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-11639 HIGH PATCH This Week

Remote code execution in Google Chrome on macOS prior to version 149.0.7827.103 allows a remote attacker to exploit a use-after-free flaw in the Compositing component via a crafted HTML page. Google has rated the underlying Chromium security severity as Critical, and no public exploit identified at time of analysis, though the bug is patched in the latest stable channel. Successful exploitation requires user interaction (visiting a malicious page) and high attack complexity, which moderates real-world risk despite the high impact.

Google Memory Corruption RCE Use After Free Denial Of Service +2
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-11638 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome versions prior to 149.0.7827.103 enables remote attackers to break out of the browser's renderer sandbox via a crafted HTML page that triggers a use-after-free in the Printing component. Chromium rated this issue Critical severity, and the CVSS scope change (S:C) confirms the sandbox boundary is crossed; no public exploit identified at time of analysis, but the attack only requires the victim to load attacker-controlled content.

Denial Of Service Use After Free Memory Corruption Google Red Hat +1
NVD VulDB
CVSS 3.1
9.6
EPSS
0.1%
CVE-2026-11637 HIGH PATCH This Week

Remote code execution in Google Chrome on macOS prior to version 149.0.7827.103 stems from a use-after-free flaw in the Views UI component, enabling a remote attacker to run arbitrary code when a victim visits a crafted HTML page. Google rates the underlying Chromium severity as Critical, and a vendor patch is available; no public exploit identified at time of analysis. The CVSS 8.8 score reflects network-reachable exploitation with low complexity but requiring user interaction (visiting the malicious page).

Google Memory Corruption RCE Use After Free Denial Of Service +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-11636 HIGH PATCH This Week

Heap corruption in Google Chrome's Autofill component on Windows versions prior to 149.0.7827.103 allows remote attackers to potentially achieve code execution by luring users to a malicious HTML page and convincing them to perform specific UI interactions. Chromium rates the underlying flaw as Critical severity, though CVSS scores it 7.5 due to required user interaction and high attack complexity. No public exploit identified at time of analysis.

Google Memory Corruption Use After Free Microsoft Denial Of Service +2
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-11635 HIGH PATCH This Week

Sandbox escape in Google Chrome on macOS prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a use-after-free flaw in the Bluetooth component, triggered by a crafted HTML page. Chromium rates the severity as Critical, and a vendor patch is available; no public exploit has been identified at time of analysis, though the bug is tracked in the Chromium issue tracker (516987814).

Denial Of Service Use After Free Memory Corruption Google Red Hat +1
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-11634 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on Windows prior to 149.0.7827.103 allows remote attackers to exploit a use-after-free flaw in the Gamepad component via a crafted HTML page, requiring only that a victim visit a malicious site. Chromium rates this Critical severity and the CVSS score of 9.6 reflects scope change (sandbox escape) with high impact across confidentiality, integrity, and availability. No public exploit identified at time of analysis, but the bug class and Critical Chromium rating make it a high-priority browser patch.

Google Memory Corruption Use After Free Microsoft Denial Of Service +2
NVD VulDB
CVSS 3.1
9.6
EPSS
0.1%
CVE-2026-11633 HIGH PATCH This Week

Remote code execution in Google Chrome on macOS prior to 149.0.7827.103 stems from a use-after-free condition in the browser's Bluetooth subsystem, rated Critical by Chromium's internal severity scale and CVSS 8.8 by NVD. A remote attacker operating a malicious Bluetooth peripheral can trigger memory corruption to execute arbitrary code in the browser process after the victim performs minimal interaction. No public exploit identified at time of analysis, though Google has released a patched Stable channel build addressing the flaw.

Google Memory Corruption RCE Use After Free Denial Of Service +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-11632 HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 149.0.7827.103 stems from a use-after-free flaw in the TabStrip UI component, allowing remote attackers to execute arbitrary code when victims interact with a malicious HTML page via specific UI gestures. Google rates the Chromium severity as Critical, and a vendor-released patch is available; no public exploit has been identified at time of analysis. The high attack complexity (AC:H) and required user interaction (UI:R) constrain mass exploitation despite the severe technical impact.

Google Memory Corruption RCE Use After Free Denial Of Service +2
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-11631 HIGH PATCH This Week

Sandbox escape in Google Chrome on Windows versions prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page exploiting a use-after-free in the Aura UI framework. Google rates the underlying Chromium issue as Critical severity, though exploitation requires a prior renderer compromise and user interaction (visiting a malicious page). No public exploit has been identified at time of analysis and the CVE is not listed in CISA KEV.

Google Memory Corruption Use After Free Microsoft Denial Of Service +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-11630 HIGH PATCH This Week

Heap corruption in Google Chrome's File Input component before version 149.0.7827.103 allows a remote attacker to exploit a use-after-free condition by luring a user to a crafted HTML page, with Chromium rating the issue Critical. No public exploit identified at time of analysis, but the high CVSS 8.8 score and browser attack surface make this a priority patch for desktop fleets.

Denial Of Service Use After Free Memory Corruption Google Red Hat +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-11629 HIGH PATCH This Week

Heap corruption in Google Chrome's Ozone display server component prior to version 149.0.7827.103 allows remote attackers to exploit a use-after-free condition through a malicious web page, with Chromium rating this as Critical severity. Successful exploitation requires the victim to visit attacker-controlled HTML content, but yields high impact on confidentiality, integrity, and availability in the renderer process. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Denial Of Service Use After Free Memory Corruption Google Red Hat +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-11628 MEDIUM PATCH This Month

Heap corruption via use-after-free in Chrome's Ozone display subsystem (versions prior to 149.0.7827.103) enables a local attacker with physical device access to achieve high-impact compromise across confidentiality, integrity, and availability. The CVSS vector (AV:P/AC:L/PR:N/UI:N) confirms physical presence is the primary prerequisite, with no authentication or user interaction required once access is obtained. No public exploit code or CISA KEV listing has been identified at time of analysis; a vendor-released patch is available in Chrome 149.0.7827.103.

Denial Of Service Use After Free Memory Corruption Google Red Hat +1
NVD VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-47734 PyPI MEDIUM PATCH GHSA This Month

Memory exhaustion denial-of-service in Dulwich's git-receive-pack handler allows any client with push access to crash the server by sending a ~174-byte crafted thin pack. The pack's delta header declares an arbitrarily large dest_size value, causing dulwich's add_thin_pack/apply_delta code to allocate hundreds of megabytes of memory with no relationship to the actual bytes received. No public exploit code and no CISA KEV listing exist at time of analysis; the CVSS 5.7 Medium score reflects the low-privilege network vector but is bounded by the requirement that the attacker hold push credentials.

Denial Of Service Red Hat Suse
NVD GitHub
CVSS 3.1
5.7
EPSS
0.0%
CVE-2026-47244 Maven MEDIUM PATCH GHSA This Month

Unbounded HTTP/2 stream creation in Netty's netty-codec-http2 library exposes any Netty HTTP/2 server running on default configuration to memory exhaustion from a single TCP connection. Because DefaultHttp2Connection.DefaultEndpoint initializes stream limits to Integer.MAX_VALUE and Http2Settings never advertises SETTINGS_MAX_CONCURRENT_STREAMS unless the application explicitly calls initialSettings().maxConcurrentStreams(n), a remote unauthenticated attacker can sustain hundreds of thousands of simultaneous streams, each forcing JVM heap allocations for DefaultStream objects, PropertyMap slots, flow-controller state, and IntObjectHashMap entries. This misconfiguration is also the structural precondition for CVE-2023-44487-style HTTP/2 Rapid Reset amplification. No public exploit has been identified at time of analysis; vendor-released patches are available in 4.1.135.Final and 4.2.15.Final.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-45673 Maven MEDIUM PATCH GHSA This Month

DNS cache poisoning in Netty's resolver component (io.netty:netty-resolver-dns) enables remote unauthenticated attackers to redirect downstream application traffic to attacker-controlled IPs through a Kaminsky-style spoofing attack. The vulnerability combines two compounding weaknesses present in the default configuration: DNS transaction IDs shuffled with a mathematically predictable Linear Congruential Generator (ThreadLocalRandom), and a static UDP source port resulting from the default ChannelPerResolver channel strategy. No public exploit has been identified at time of analysis and the issue is not listed in CISA KEV, but the Netty project rated it high severity and released fixes in versions 4.1.135.Final and 4.2.15.Final.

Information Disclosure Java Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.8
EPSS
0.0%
EPSS 0% CVSS 9.1
CRITICAL Act Now

Mass data deletion in Red Hat's kubev2v migration-planner SaaS platform allows attackers to wipe all customer sources, agents, and assessments via an unprotected DELETE /api/v1/sources endpoint. The endpoint lacks both authorization checks and tenant filtering, so a single request destroys data across the entire multi-tenant deployment. No public exploit identified at time of analysis, but the upstream fix (PR #1227) removes the endpoint entirely, confirming the issue is real and trivially reachable.

Authentication Bypass Red Hat
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

Unencrypted secret storage in Jenkins 2.567 and earlier (LTS 2.555.2 and earlier) exposes credentials submitted via POST config.xml to any user holding Item/Extended Read permission or with read access to the Jenkins controller filesystem. Secrets that should be encrypted at rest are written as plaintext into job config.xml files, making them directly readable through Jenkins' built-in permission model or OS-level file access. No public exploit code has been identified and this CVE is not listed in the CISA KEV catalog, but the privileged insider and lateral-movement risk is significant for organizations embedding CI/CD credentials in job configurations.

Information Disclosure Jenkins Red Hat
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

Open redirect in Jenkins 2.567 and earlier (LTS 2.555.2 and earlier) enables unauthenticated remote attackers to craft login URLs with a malicious external domain in the 'from' parameter under the 'Delegate to servlet container' security realm, silently redirecting authenticated users to attacker-controlled sites post-login for phishing purposes. The CVSS vector (PR:N, UI:R) confirms no attacker authentication is needed, but victim interaction is mandatory - the user must click a crafted link and complete a login. No public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV; vendor-released patches are available as of 2026-06-10.

Jenkins Open Redirect Red Hat
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

Missing authorization checks in Jenkins 2.567 and earlier (LTS 2.555.2 and earlier) expose user-specific configuration data to any authenticated user holding the Overall/Read permission. Authenticated low-privilege users can query the timezone setting of any Jenkins user account and enumerate the names of views configured within other users' 'My Views' personal dashboards, constituting an information disclosure weakness. No public exploit code exists and this CVE is not listed in the CISA KEV catalog at time of analysis, placing real-world risk in the low-moderate tier primarily relevant to multi-tenant or shared Jenkins deployments.

Authentication Bypass Jenkins Red Hat
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

Missing authorization enforcement in Jenkins allows low-privileged authenticated users to cancel build queue items they lack permission to view. Affecting Jenkins 2.567 and earlier (LTS 2.555.2 and earlier), this CWE-862 flaw breaks the expected access control invariant that Item/Cancel should be constrained by Item/Read visibility. No public exploit code exists and this vulnerability is not listed in CISA KEV at time of analysis, but the low attack complexity and network accessibility make it a realistic threat in multi-tenant Jenkins deployments where fine-grained RBAC is in use.

Authentication Bypass Jenkins Red Hat
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

Open redirect exploitation in Jenkins allows unauthenticated network attackers to craft login URLs that bypass the post-authentication redirect validation and forward users to attacker-controlled external sites. Affected are Jenkins weekly releases through 2.567 and LTS releases through 2.555.2, where the redirect URL legitimacy check fails when the URL contains relative path segments such as `./` or `../`. No active exploitation is confirmed (not listed in CISA KEV) and no public exploit code has been identified at time of analysis, placing this in a moderate-risk, phishing-enablement category rather than a direct system compromise class.

Jenkins Open Redirect Red Hat
NVD VulDB
EPSS 0% CVSS 8.7
HIGH POC PATCH Monitor

Denial of service in the image-size Node.js library through version 2.0.2 allows remote unauthenticated attackers to permanently hang the Node.js event loop by supplying a crafted JXL or HEIF image containing a box with a zero-valued size field. Publicly available exploit code exists and an upstream fix has been merged, making this a credible availability threat for any service that accepts user-supplied images and runs them through image-size. No active exploitation has been reported in CISA KEV at time of analysis.

Denial Of Service Node.js Image Size +2
NVD GitHub
EPSS 0% CVSS 8.7
HIGH POC PATCH This Week

Denial of service in the image-size Node.js library (versions up to and including 2.0.2) allows remote unauthenticated attackers to permanently stall the Node.js event loop by submitting a malformed ICNS image. The flaw stems from an infinite loop in the ICNS parser when an entry length field is zero, and publicly available exploit code exists per VulnCheck and an independent write-up; no public exploit identified at time of analysis indicates active exploitation, but the POC makes weaponization trivial.

Denial Of Service Node.js Image Size +2
NVD GitHub VulDB
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

Denial of service in Elixir's standard library Version module (versions 1.5.0 through 1.20.0) allows any caller passing an attacker-controlled version string to exhaust CPU and memory or crash the calling BEAM process. The five public entry points - Version.parse/1, Version.parse!/1, Version.match?/3, Version.compare/2, and Version.parse_requirement/1 - pass numeric version components to :erlang.binary_to_integer/1 without length bounds, triggering super-linear arbitrary-precision integer conversion; a single ~1 MB all-digit component suffices. Applications routinely invoke these functions on untrusted input (HTTP parameters, package metadata), making the effective attack surface broader than the CVSS AV:L classification implies. No public exploit has been identified at time of analysis, and the vulnerability is not listed in CISA KEV.

Denial Of Service Suse Red Hat
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Null pointer dereference in OpenSSL's password-based CMS decryption path enables remote denial of service against applications that process CMS EnvelopedData with password-based key derivation. The flaw affects a wide range of OpenSSL branches spanning 1.0.2 through 4.0.0, making the exposure surface unusually broad across long-term support and current releases. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis; the CVSS score of 5.9 (Medium) reflects the high attack complexity required to trigger the condition.

Denial Of Service Null Pointer Dereference OpenSSL +1
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in OpenSSL 3.5.x, 3.6.x, and 4.0.0 stems from a NULL pointer dereference triggered during QUIC server initial packet handling, allowing remote unauthenticated attackers to crash affected servers by sending crafted QUIC traffic. The flaw was disclosed via the OpenSSL 4.0.1 security release on 2026-06-09 alongside multiple other CVEs; no public exploit identified at time of analysis and no CISA KEV listing. Patched versions are available from the upstream project and downstream distributions including Ubuntu (USN-8414-1).

Denial Of Service Null Pointer Dereference OpenSSL +1
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial-of-service in OpenSSL's ASN.1 content parser allows remote unauthenticated attackers to trigger a heap buffer over-read that can crash applications relying on the library for cryptographic parsing. Disclosed via the OpenSSL 4.0.1 security release on 2026-06-09 alongside more than a dozen other fixes, this issue affects every supported branch from 1.0.2 through 3.6 and 4.0. No public exploit identified at time of analysis and the flaw is not listed in CISA KEV, but the broad install base of OpenSSL across servers, clients, and embedded devices makes patching a priority.

OpenSSL Information Disclosure Buffer Overflow +2
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in OpenSSL QUIC implementation allows remote unauthenticated attackers to exhaust server memory by sending crafted PATH_CHALLENGE frames that trigger unbounded memory growth in the QUIC handler. The flaw affects OpenSSL branches 3.4.x, 3.5.x, 3.6.x, and 4.0.0, and is fixed in the 4.0.1 security release alongside numerous other CVEs. No public exploit identified at time of analysis and EPSS is very low (0.02%), but the network-reachable, no-auth nature of QUIC server endpoints makes the issue operationally relevant for TLS/QUIC-facing services.

Information Disclosure OpenSSL Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 7.4
HIGH PATCH This Week

Integrity-check bypass in OpenSSL 3.4.x, 3.5.x, 3.6.x, and 4.0.0 allows PKCS#12 files protected with PBMAC1 to be accepted even when secured by dangerously short HMAC keys, undermining the authentication of the keystore contents. Vendor patches are available in 3.4.6, 3.5.7, 3.6.3, and 4.0.1, and no public exploit identified at time of analysis; EPSS is 0.00% and the issue is not on the CISA KEV list.

Information Disclosure OpenSSL Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Trust anchor substitution in OpenSSL's CMP rootCaKeyUpdate handler allows a network-positioned attacker with low privileges to bypass certificate validation via a cert/issuer field confusion bug (CWE-295), affecting four actively maintained OpenSSL branches. The high confidentiality impact (C:H) reflects the potential for a substituted malicious trust anchor to undermine TLS certificate chains, enabling downstream interception of protected communications. No public exploit identified at time of analysis; vendor patch released 2026-06-09 across all affected branches.

OpenSSL Information Disclosure Red Hat
NVD GitHub VulDB
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Pre-NVD disclosure via GitHub release 'OpenSSL 4.0.1' (openssl/openssl). OpenSSL 4.0.1 is a security patch release. The most severe CVE fixed in this release is High. This release incorporates the following bug fixes and mitigations: * Fixed heap use-after-free in `PKCS7_verify()`. ([CVE-2026-45447]) * Fixed CMS `AuthEnvelopedData` processing may accept forged messages. ([CVE-2026-34182]) * Fixed unbounded memory growth in the QUIC `PATH_CHALLENGE` handler. ([CVE-2026-34183]) * Fixed double-free when checking OCSP stapled respo

OpenSSL Information Disclosure Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

NULL pointer dereference in OpenSSL's CRMF EncryptedValue decryption path crashes the affected process, creating a remotely triggerable denial-of-service condition across five actively maintained OpenSSL branches (3.0.x, 3.4.x, 3.5.x, 3.6.x, and 4.0.x). The CVSS vector (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H, score 5.9) confirms network reachability with no authentication required, but high attack complexity limits trivial mass exploitation. No public exploit code and no CISA KEV listing have been identified at time of analysis; however, the broad version coverage and OpenSSL's ubiquitous deployment make patching a priority for any infrastructure using certificate management protocols.

Denial Of Service Null Pointer Dereference OpenSSL +1
NVD GitHub VulDB
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Credential leakage in the Reactor Netty HTTP client exposes authentication material when following redirects that cross security boundaries from HTTPS to HTTP. Affected are all four supported release lines: 1.0.x through 1.0.51, 1.1.x through 1.1.35, 1.2.x through 1.2.17, and 1.3.x through 1.3.5. An attacker who controls or can influence a redirect response can cause the client to transmit credentials over an unencrypted channel, where they may be intercepted. No public exploit code has been identified at time of analysis and this CVE is not listed in the CISA KEV catalog.

Information Disclosure Reactor Netty Red Hat
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

UI spoofing in Google Chrome's Guest View component prior to 149.0.7827.103 enables a remote unauthenticated attacker to deceive users about page content or origin by delivering a crafted HTML page. The CVSS vector (AV:N/AC:L/PR:N/UI:R) confirms exploitation requires no privileges and no special network position, but does require the victim to visit a malicious page. With an EPSS score of 0.05% at the 15th percentile and no CISA KEV listing, real-world exploitation is currently assessed as low probability, though the zero-friction delivery mechanism (a link) keeps the attack surface broad.

Information Disclosure Google Red Hat +1
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a use-after-free flaw in the Tracing component, triggered through a crafted HTML page. No public exploit identified at time of analysis, and SSVC indicates exploitation status is 'none', but the technical impact is rated total because a successful escape grants code execution at browser-process privileges. Google has shipped a fix and rates the underlying Chromium severity as Medium, while the assigned CVSS is 8.3 due to scope change and high CIA impact.

Denial Of Service Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap corruption in Google Chrome on macOS prior to version 149.0.7827.103 can be triggered remotely through a crafted HTML page that exploits a use-after-free condition in the browser's Bluetooth component. Successful exploitation requires the victim to visit attacker-controlled content but no authentication, and Google has rated the underlying Chromium severity as High with no public exploit identified at time of analysis.

Denial Of Service Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap corruption in Google Chrome on macOS prior to version 149.0.7827.103 allows remote attackers to potentially execute arbitrary code by luring a victim to a crafted HTML page that triggers a use-after-free in the browser's Bluetooth component. Google has released a patched stable channel update, and while no public exploit has been identified at time of analysis, the CVSS 8.8 score reflects the high impact achievable with only a single user click. CISA SSVC currently scores exploitation as 'none' but technical impact as 'total', consistent with a serious but not yet weaponized browser flaw.

Denial Of Service Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape in Google Chrome prior to 149.0.7827.103 allows a remote attacker to break out of the browser's renderer sandbox via a crafted HTML page that exploits insufficient input validation in the UI layer. The scope-changing CVSS 9.6 reflects that successful exploitation crosses the sandbox security boundary, though user interaction (visiting a malicious page) is required. No public exploit identified at time of analysis and the issue is not currently listed in CISA KEV, but Google rates the underlying Chromium severity as High.

Information Disclosure Google Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Uninitialized memory use in the Video component of Google Chrome on Windows (prior to 149.0.7827.103) allows an attacker who has already compromised the renderer process to read potentially sensitive data from process memory by directing the victim to a crafted HTML page. The vulnerability is Windows-specific, rated High severity by Chromium's internal scale, and carries a CVSS 5.3 due to the high attack complexity and required user interaction stacking atop the renderer-compromise prerequisite. No public exploit identified at time of analysis; Google has released a fix in version 149.0.7827.103.

Information Disclosure Google Microsoft +2
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Cross-origin data leakage in Google Chrome's Passwords feature (all versions prior to 149.0.7827.103) can be triggered by a remote unauthenticated attacker delivering a crafted HTML page to a victim. The flaw results from an inappropriate implementation classified under CWE-693 (Protection Mechanism Failure), meaning the browser's same-origin policy enforcement is bypassed specifically within the Passwords subsystem. With a CVSS score of 4.3 and no public exploit or CISA KEV listing identified at time of analysis, this is a medium-severity information disclosure risk requiring user interaction to exploit.

Information Disclosure Google Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Sandboxed remote code execution in Google Chrome versions prior to 149.0.7827.103 allows attackers who have already compromised the renderer process to execute arbitrary code via a crafted HTML page that triggers a use-after-free in the ServiceWorker component. Rated High severity by Chromium with a CVSS 7.5, the flaw requires user interaction (visiting a malicious page) and a pre-existing renderer compromise, and no public exploit has been identified at time of analysis. The vendor has released a patched Stable channel update.

Google Memory Corruption RCE +4
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Site isolation bypass in Google Chrome versions prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to escape cross-origin boundaries via a crafted HTML page. The flaw is rated High severity by Chromium and carries a CVSS score of 8.1, though EPSS is very low at 0.02% and no public exploit identified at time of analysis. This is a second-stage vulnerability requiring prior renderer compromise, typically chained with a separate RCE in the renderer sandbox.

Authentication Bypass Google Red Hat +1
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 149.0.7827.103 allows remote attackers who have already compromised the renderer process to break out of the sandbox via a use-after-free in the Read Anything component when processing a crafted HTML page. Google rates this Chromium-severity High, and no public exploit has been identified at time of analysis, but the CVSS 8.3 score reflects the severity of full sandbox escape leading to scoped impact beyond the renderer. This is a second-stage bug requiring chaining with a renderer compromise, not a one-shot drive-by.

Denial Of Service Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Sandbox-confined arbitrary code execution in Google Chrome on macOS versions prior to 149.0.7827.103 stems from an out-of-bounds read and write in the Media component, exploitable by a remote attacker who has already compromised the renderer process and lures a user to a crafted HTML page. Google rates the Chromium severity as High and has released a patched stable channel update; no public exploit identified at time of analysis, and SSVC reports no observed exploitation.

Information Disclosure Google Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Sandboxed remote code execution in Google Chrome versions prior to 149.0.7827.103 allows a remote attacker to execute arbitrary code within the renderer sandbox by enticing a user to visit a crafted HTML page that abuses an inappropriate SVG implementation. Google rates the underlying Chromium issue as High severity, and no public exploit identified at time of analysis, though the user-interaction requirement (UI:R) and high CVSS of 8.8 make this a meaningful drive-by browsing risk once a patch is reverse-engineered.

Code Injection Google RCE +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap corruption in Google Chrome on macOS prior to 149.0.7827.103 enables remote attackers to potentially execute arbitrary code by luring a user to a crafted HTML page that exploits a use-after-free in the Dawn WebGPU implementation. The flaw carries a CVSS 8.8 (High) rating and Chromium rates it High severity; no public exploit has been identified at time of analysis, but Chrome browser bugs of this class are historically attractive targets for in-the-wild exploitation. Patch is available from Google.

Denial Of Service Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Cross-origin data leakage in Google Chrome's MediaCapture implementation on macOS allows a remote attacker to read data from other origins by enticing a user to visit a specially crafted HTML page. Affected versions are all Chrome releases on Mac prior to 149.0.7827.103. The flaw carries a CVSS score of 4.3 (Medium) with no authentication required, though user interaction is necessary; no public exploit code has been identified at time of analysis, and the issue is not listed in the CISA KEV catalog.

Information Disclosure Google Red Hat +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 149.0.7827.103 allows attackers to execute arbitrary code within the browser sandbox by luring users to a malicious HTML page that triggers a use-after-free in the WebCodecs component. Chromium rates this as High severity with a CVSS score of 8.8, and while a vendor patch is available, no public exploit has been identified at time of analysis. Exploitation requires user interaction (visiting a crafted page), which moderates real-world risk somewhat but still places this in the high-priority browser-patching tier.

Google Memory Corruption RCE +4
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome on Linux prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page, escalating from a contained renderer context to broader host access. Chromium rates this High severity, and while no public exploit has been identified at time of analysis, the CVSS 8.3 score reflects the serious consequence of bypassing one of the browser's core security boundaries. The flaw resides in the Views component and requires user interaction (UI:R) plus a prior renderer compromise, making it a second-stage vulnerability in a multi-bug exploit chain.

Information Disclosure Google Red Hat +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap corruption in Google Chrome's Ozone component on Linux before version 149.0.7827.103 allows remote attackers to potentially achieve arbitrary code execution within the browser process when a victim visits a crafted HTML page. The flaw is a use-after-free rated High severity by Chromium, with CVSS 8.8 reflecting network-reachable exploitation requiring only minimal user interaction. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

Denial Of Service Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome on Windows prior to 149.0.7827.103 allows attackers to run arbitrary code inside the renderer sandbox when a victim visits a crafted HTML page, triggering a use-after-free condition in the Media component. The flaw carries a CVSS 8.8 (High) rating and is tagged by Chromium as High severity. No public exploit has been identified at time of analysis, and the issue is not listed in CISA KEV.

Google Memory Corruption RCE +5
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome on Windows before 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a use-after-free in the Codecs component triggered by a crafted HTML page. Google rates this Chromium security severity as High, and a vendor patch is available; no public exploit was identified at time of analysis, though the scope-changed CVSS 8.3 reflects the cross-boundary impact of breaching the sandbox.

Google Memory Corruption Use After Free +4
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Integer overflow in libyuv allows a renderer-compromised attacker to read sensitive process memory in Google Chrome prior to 149.0.7827.103. This is a chained, post-exploitation vulnerability: the attacker must first control the Chrome renderer process (via a separate exploit), then serve a crafted HTML page that triggers the libyuv integer overflow to extract memory contents - making this a privilege escalation and data exfiltration primitive within a broader attack chain. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in CISA KEV.

Information Disclosure Google Red Hat +1
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome on macOS versions prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer/network process to break out of the browser sandbox via a race condition triggered by a crafted HTML page. Chromium rates the severity as High and a vendor patch is available, though no public exploit has been identified at time of analysis.

Information Disclosure Google Race Condition +2
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome and ChromeOS on Linux prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page abusing the Dawn (WebGPU) component. Chromium rates the severity High, and while no public exploit identified at time of analysis, sandbox-escape bugs in Dawn are historically chained with renderer RCE bugs in exploit chains. The CVSS 8.3 score reflects the high attack complexity and required user interaction, but the scope change (S:C) signals a meaningful trust-boundary break.

Information Disclosure Google Red Hat +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome's Guest View component prior to version 149.0.7827.103 allows attackers to execute arbitrary code within the renderer sandbox by luring users to a crafted HTML page. The flaw is a use-after-free memory corruption issue rated High severity by Chromium with a CVSS of 8.8, and while no public exploit has been identified at time of analysis, Google has shipped a patched stable channel build. Exploitation requires user interaction (visiting a malicious page) and code execution is confined to the sandbox, meaning a sandbox escape would be needed for full host compromise.

Google Memory Corruption RCE +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 149.0.7827.103 stems from a use-after-free flaw in the InterestGroups component, enabling a remote attacker to execute arbitrary code within the renderer sandbox via a crafted HTML page. The vulnerability carries a CVSS 8.8 (High) score and is rated High severity by Chromium, but no public exploit identified at time of analysis and SSVC indicates exploitation status of none. Attack requires user interaction (visiting a malicious page) but no authentication.

Google Memory Corruption RCE +4
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome on Android prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of Chrome's sandbox via a heap buffer overflow in the GPU process triggered by a crafted HTML page. Rated High severity by Chromium with a CVSS 8.3 reflecting scope change and full CIA impact; no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Google Memory Corruption Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape in Google Chrome before 149.0.7827.103 allows a remote attacker to break out of the renderer sandbox through a use-after-free in the Navigation component when a victim visits a crafted HTML page. The CVSS 9.6 score reflects a scope-changing impact on confidentiality, integrity, and availability with only user interaction (visiting a page) required, and no public exploit was identified at time of analysis.

Denial Of Service Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 149.0.7827.103 stems from a use-after-free flaw in the PDF component, enabling a remote attacker who lures a user into opening a crafted PDF to execute arbitrary code within the renderer sandbox. Rated High by Chromium with CVSS 8.8, the issue requires user interaction but no authentication, and currently has no public exploit identified at time of analysis.

Google Memory Corruption RCE +4
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Out-of-bounds read in Chrome's Media component on ChromeOS allows an attacker who has already compromised the renderer process to exfiltrate potentially sensitive data from process memory via a crafted HTML page. Affected are all Chrome for ChromeOS releases prior to 149.0.7827.103. No public exploit code or CISA KEV listing has been identified at time of analysis, and exploitation is constrained by both the ChromeOS-only scope and the mandatory prerequisite of a pre-compromised renderer, making this a chained attack scenario rather than a standalone critical threat.

Google Buffer Overflow Red Hat +1
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Cross-origin data leakage in Google Chrome's codec subsystem on Linux and ChromeOS (versions prior to 149.0.7827.103) enables remote unauthenticated attackers to exfiltrate sensitive data from other origins by delivering a specially crafted video file to a target user. The root cause is uninitialized memory use (CWE-457) within the codec pipeline, where memory contents from other origin contexts may be exposed during video processing. No public exploit code has been identified at time of analysis, and CISA SSVC classifies exploitation status as 'none'; however, the network-accessible attack surface and lack of authentication requirement make patching a prudent priority for Linux and ChromeOS deployments.

Information Disclosure Google Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Out-of-bounds read in the WebRTC component of Google Chrome before 149.0.7827.103 enables a remote attacker who has already compromised the GPU process to escalate into heap corruption via a crafted HTML page. Google rates this High severity and a vendor patch is available; no public exploit identified at time of analysis. The flaw is a chained-exploitation primitive rather than a standalone RCE, requiring a prior sandbox-adjacent foothold plus user interaction.

Information Disclosure Google Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

UI spoofing in Google Chrome prior to 149.0.7827.103 enables remote unauthenticated attackers to deceive users into interacting with falsified browser interface elements via a crafted HTML page. The vulnerability exploits insufficient input validation in Chrome's Input component (CWE-20), carrying a moderate CVSS 5.4 with confirmed low confidentiality impact and an Information Disclosure tag suggesting data exposure risk through spoofed UI surfaces such as fake dialogs or address bar manipulation. EPSS probability is very low at 0.05% (15th percentile), no public exploit has been identified, and no CISA KEV listing exists at time of analysis.

Information Disclosure Google Red Hat +1
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Out-of-bounds read in Dawn, Chrome's WebGPU graphics API layer, on Windows enables unauthenticated remote attackers to leak cross-origin data by serving a crafted HTML page. Affected versions of Google Chrome on Windows are all releases prior to 149.0.7827.103. The CVSS vector (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N) confirms this is a network-exploitable, low-complexity information disclosure with no authentication requirement - limited only by the need for a user to visit the attacker-controlled page. No public exploit code or CISA KEV listing has been identified at time of analysis.

Information Disclosure Google Microsoft +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap corruption in Google Chrome's Payments component before 149.0.7827.103 allows remote attackers to exploit a use-after-free condition by enticing a victim to visit a crafted HTML page, potentially achieving arbitrary code execution within the renderer sandbox. Chromium rates the severity as High, and CVSS 8.8 reflects network-reachable exploitation with low complexity, though successful exploitation requires user interaction (visiting an attacker-controlled page). No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Denial Of Service Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of the Chromium sandbox via a use-after-free in the Skia graphics library. The flaw is rated High severity by Chromium and carries a CVSS 8.3, but exploitation requires both a prior renderer compromise and user interaction with a crafted HTML page. No public exploit identified at time of analysis.

Denial Of Service Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 149.0.7827.103 allows a remote attacker to execute arbitrary code within the renderer sandbox by enticing a victim to visit a crafted HTML page. The flaw stems from a type confusion bug in Chromium's Bindings layer (CWE-843), rated High severity by Chromium and CVSS 8.8 due to network-based exploitation requiring only user interaction. No public exploit identified at time of analysis and EPSS data was not provided, but Chromium V8/bindings issues historically attract exploit development.

Google Memory Corruption RCE +2
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome on Windows prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a use-after-free in the Views component, triggered through a crafted HTML page. Google rates this Chromium security severity High and a vendor patch is available; no public exploit identified at time of analysis and the bug is not currently listed in CISA KEV.

Google Memory Corruption Use After Free +4
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of the Chromium sandbox via a crafted HTML page served through the New Tab Page. Google rates the underlying Chromium severity as High and a fix is shipped in the stable channel, but no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Information Disclosure Google Red Hat +1
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on Linux prior to 149.0.7827.103 can be triggered by an integer overflow in the browser's UI component when a victim visits a crafted HTML page. Rated CVSS 9.6 with scope change, this issue allows a remote attacker to break out of the Chrome renderer sandbox after one click or navigation, though no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.

Google Buffer Overflow Red Hat +1
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Site isolation bypass in Google Chrome's Extensions subsystem prior to 149.0.7827.103 enables a remote attacker who has already compromised the renderer process to defeat cross-origin security boundaries via a crafted HTML page requiring one user interaction. The root cause is CWE-20 (Improper Input Validation) in the Extensions layer, meaning the Extensions subsystem fails to adequately validate untrusted input before acting on it across site isolation boundaries. EPSS is low at 0.02% (6th percentile), no public exploit code or CISA KEV listing exists at time of analysis, and a vendor patch is confirmed at 149.0.7827.103.

Authentication Bypass Google Red Hat +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome on macOS prior to version 149.0.7827.103 stems from a use-after-free flaw in the Payments component, allowing a remote attacker to run arbitrary code in the renderer process via a crafted HTML page. The issue carries a CVSS 8.8 (High) rating and was reported through Google's internal Chrome security process; no public exploit identified at time of analysis. Exploitation requires the victim to load attacker-controlled web content (UI:R), but no authentication or special privileges are needed.

Google Memory Corruption RCE +4
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 149.0.7827.103 stems from a use-after-free condition in the ServiceWorker component, allowing an attacker to break out of Chrome's renderer sandbox through a crafted malicious extension. The flaw is rated Chromium severity High with CVSS 8.3 and no public exploit identified at time of analysis, but the scope-change (S:C) and full CIA impact mean a successful escape grants meaningful control over the host browser process. Exploitation requires the victim to install the attacker's extension, which constrains opportunistic mass exploitation but is realistic against targeted users.

Denial Of Service Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome on macOS prior to version 149.0.7827.103 enables a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page that triggers an integer overflow in the Media component. Google rates the Chromium severity as High, and no public exploit has been identified at time of analysis. Because exploitation requires chaining with a separate renderer compromise plus user interaction (visiting a malicious page), the attack complexity is High despite the network attack vector.

Google Buffer Overflow Red Hat +1
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape in Google Chrome for Mac (versions prior to 149.0.7827.103) stems from a use-after-free condition in the CameraCapture component, enabling a remote attacker to break out of the renderer sandbox via a crafted HTML page. With a CVSS of 9.6 (scope-changed, high impact across CIA) and an upstream fix released by Google, the bug carries high severity but requires user interaction to load the malicious page; no public exploit identified at time of analysis.

Denial Of Service Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Site isolation bypass in Google Chrome Extensions (versions prior to 149.0.7827.103) enables a remote attacker who has already compromised the renderer process to escape cross-origin content boundaries via a crafted HTML page. The vulnerability stems from improper input validation (CWE-20) in the Extensions subsystem, producing a high integrity impact (I:H) with no confidentiality or availability loss per the CVSS vector. No public exploit code exists and no active exploitation has been confirmed, with EPSS at 0.02% (6th percentile), consistent with a chained, high-complexity attack path.

Authentication Bypass Google Red Hat +1
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 149.0.7827.103 enables a remote attacker who has already compromised the renderer process to break out of the browser sandbox through a use-after-free flaw in the Extensions component, triggered via a crafted HTML page. Google rates the underlying Chromium severity as High and a vendor patch is available, though no public exploit has been identified at time of analysis and the issue is not listed in CISA KEV. The vulnerability is meaningful as the second stage in a multi-bug renderer-to-system exploit chain rather than as a single-shot drive-by.

Denial Of Service Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Remote code execution in Google Chrome's Network component before version 149.0.7827.103 allows a remote attacker to execute arbitrary code within the renderer sandbox by luring a user to a crafted HTML page. The flaw is a use-after-free (CWE-416) classified High severity by Chromium with a CVSS 9.6 due to scope change and user-interaction prerequisite. No public exploit identified at time of analysis, but a vendor patch is already shipped via the Stable channel update.

Google Memory Corruption RCE +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome's V8 JavaScript engine prior to version 149.0.7827.103 allows a remote attacker to execute arbitrary code within the renderer sandbox by enticing a user to visit a crafted HTML page. The flaw is a use-after-free memory corruption issue rated High severity by Chromium and carries a CVSS 8.8 score; no public exploit identified at time of analysis, but V8 UAF bugs are historically high-value targets for exploit chains.

Google Memory Corruption RCE +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome's V8 JavaScript engine prior to version 149.0.7827.103 allows attackers to execute arbitrary code within the renderer sandbox by luring a user to a crafted HTML page. The flaw is a use-after-free memory corruption issue rated High severity by Chromium, with a CVSS 8.8 score reflecting low attack complexity but requiring user interaction. No public exploit identified at time of analysis, though V8 use-after-frees historically attract rapid weaponization for browser exploit chains.

Google Memory Corruption RCE +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap corruption via use-after-free in Google Chrome's FullScreen component on Windows prior to 149.0.7827.103 enables remote attackers to potentially achieve code execution when a victim visits a malicious HTML page. Chromium rates this High severity and a vendor patch is available, though no public exploit has been identified at time of analysis. The CVSS 8.8 score reflects the network-reachable, low-complexity nature of the bug, tempered by required user interaction (UI:R).

Google Memory Corruption Use After Free +4
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome on Android prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page exploiting a use-after-free in the Printing component. Google rates this High severity, and a vendor patch is available, but no public exploit identified at time of analysis and the vulnerability requires chaining with a separate renderer compromise plus user interaction with a print flow.

Denial Of Service Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 149.0.7827.103 stems from a use-after-free condition in the ViewTransitions component, allowing a remote attacker to execute arbitrary code within the browser's renderer sandbox by serving a crafted HTML page. Google rates the Chromium security severity as High and a vendor patch is available, though no public exploit has been identified at time of analysis and the flaw is not listed in CISA KEV.

Google Memory Corruption RCE +4
NVD VulDB
EPSS 0% 4.8 CVSS 8.8
HIGH POC KEV PATCH THREAT Act Now

Remote code execution in Google Chrome's V8 JavaScript engine prior to 149.0.7827.103 allows a remote attacker to execute arbitrary code inside the renderer sandbox by enticing a victim to visit a crafted HTML page. The flaw is an out-of-bounds read and write (CWE-125) rated High severity by Chromium with a CVSS 8.8, and no public exploit identified at time of analysis, though V8 memory-corruption issues historically attract exploit development.

Information Disclosure Google Buffer Overflow +3
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Use-after-free in the Views component of Google Chrome on Linux prior to 149.0.7827.103 allows remote attackers to execute arbitrary code by tricking a user into installing a crafted malicious extension. Chromium rates the underlying flaw Critical, though the NVD CVSS score of 7.5 reflects the high attack complexity and required user interaction. No public exploit identified at time of analysis.

Google Memory Corruption RCE +4
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 149.0.7827.103 stems from a use-after-free condition in the Proxy component, enabling remote attackers to execute arbitrary code by delivering malicious network traffic. Chromium has rated this issue Critical severity, and while no public exploit is identified at the time of analysis, the network-reachable nature of the Proxy subsystem and Chrome's massive deployment footprint make this a high-priority browser patch. The CVSS 8.1 score reflects high attack complexity offset by no required privileges or user interaction.

Google Memory Corruption RCE +4
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page exploiting a use-after-free in Web Apps. Chromium rates the severity as Critical, and a vendor patch is available, though no public exploit has been identified at time of analysis. This is a second-stage vulnerability typically chained with a renderer RCE to achieve full browser compromise.

Denial Of Service Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote code execution in Google Chrome on Windows prior to 149.0.7827.103 can be triggered via a use-after-free flaw in the Bluetooth component, allowing a remote attacker to execute arbitrary code when a victim visits a crafted HTML page and performs specific UI gestures. Chromium rates the severity as Critical, though the CVSS 3.1 score of 7.5 reflects high attack complexity and required user interaction. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

Google Memory Corruption RCE +5
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 149.0.7827.103 enables a remote attacker who has already compromised the renderer process to break out of the browser sandbox via an integer overflow in the libyuv image conversion library. Exploitation requires user interaction with a crafted HTML page and a chained renderer compromise, but Google rated the underlying issue Critical because a successful chain yields code execution outside Chrome's sandbox. There is no public exploit identified at time of analysis and EPSS exploitation probability is low at 0.03%.

Google Buffer Overflow Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote code execution in Google Chrome on macOS prior to version 149.0.7827.103 allows a remote attacker to exploit a use-after-free flaw in the Compositing component via a crafted HTML page. Google has rated the underlying Chromium security severity as Critical, and no public exploit identified at time of analysis, though the bug is patched in the latest stable channel. Successful exploitation requires user interaction (visiting a malicious page) and high attack complexity, which moderates real-world risk despite the high impact.

Google Memory Corruption RCE +4
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape in Google Chrome versions prior to 149.0.7827.103 enables remote attackers to break out of the browser's renderer sandbox via a crafted HTML page that triggers a use-after-free in the Printing component. Chromium rated this issue Critical severity, and the CVSS scope change (S:C) confirms the sandbox boundary is crossed; no public exploit identified at time of analysis, but the attack only requires the victim to load attacker-controlled content.

Denial Of Service Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome on macOS prior to version 149.0.7827.103 stems from a use-after-free flaw in the Views UI component, enabling a remote attacker to run arbitrary code when a victim visits a crafted HTML page. Google rates the underlying Chromium severity as Critical, and a vendor patch is available; no public exploit identified at time of analysis. The CVSS 8.8 score reflects network-reachable exploitation with low complexity but requiring user interaction (visiting the malicious page).

Google Memory Corruption RCE +4
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Heap corruption in Google Chrome's Autofill component on Windows versions prior to 149.0.7827.103 allows remote attackers to potentially achieve code execution by luring users to a malicious HTML page and convincing them to perform specific UI interactions. Chromium rates the underlying flaw as Critical severity, though CVSS scores it 7.5 due to required user interaction and high attack complexity. No public exploit identified at time of analysis.

Google Memory Corruption Use After Free +4
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome on macOS prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a use-after-free flaw in the Bluetooth component, triggered by a crafted HTML page. Chromium rates the severity as Critical, and a vendor patch is available; no public exploit has been identified at time of analysis, though the bug is tracked in the Chromium issue tracker (516987814).

Denial Of Service Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on Windows prior to 149.0.7827.103 allows remote attackers to exploit a use-after-free flaw in the Gamepad component via a crafted HTML page, requiring only that a victim visit a malicious site. Chromium rates this Critical severity and the CVSS score of 9.6 reflects scope change (sandbox escape) with high impact across confidentiality, integrity, and availability. No public exploit identified at time of analysis, but the bug class and Critical Chromium rating make it a high-priority browser patch.

Google Memory Corruption Use After Free +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome on macOS prior to 149.0.7827.103 stems from a use-after-free condition in the browser's Bluetooth subsystem, rated Critical by Chromium's internal severity scale and CVSS 8.8 by NVD. A remote attacker operating a malicious Bluetooth peripheral can trigger memory corruption to execute arbitrary code in the browser process after the victim performs minimal interaction. No public exploit identified at time of analysis, though Google has released a patched Stable channel build addressing the flaw.

Google Memory Corruption RCE +4
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 149.0.7827.103 stems from a use-after-free flaw in the TabStrip UI component, allowing remote attackers to execute arbitrary code when victims interact with a malicious HTML page via specific UI gestures. Google rates the Chromium severity as Critical, and a vendor-released patch is available; no public exploit has been identified at time of analysis. The high attack complexity (AC:H) and required user interaction (UI:R) constrain mass exploitation despite the severe technical impact.

Google Memory Corruption RCE +4
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome on Windows versions prior to 149.0.7827.103 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page exploiting a use-after-free in the Aura UI framework. Google rates the underlying Chromium issue as Critical severity, though exploitation requires a prior renderer compromise and user interaction (visiting a malicious page). No public exploit has been identified at time of analysis and the CVE is not listed in CISA KEV.

Google Memory Corruption Use After Free +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap corruption in Google Chrome's File Input component before version 149.0.7827.103 allows a remote attacker to exploit a use-after-free condition by luring a user to a crafted HTML page, with Chromium rating the issue Critical. No public exploit identified at time of analysis, but the high CVSS 8.8 score and browser attack surface make this a priority patch for desktop fleets.

Denial Of Service Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap corruption in Google Chrome's Ozone display server component prior to version 149.0.7827.103 allows remote attackers to exploit a use-after-free condition through a malicious web page, with Chromium rating this as Critical severity. Successful exploitation requires the victim to visit attacker-controlled HTML content, but yields high impact on confidentiality, integrity, and availability in the renderer process. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Denial Of Service Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Heap corruption via use-after-free in Chrome's Ozone display subsystem (versions prior to 149.0.7827.103) enables a local attacker with physical device access to achieve high-impact compromise across confidentiality, integrity, and availability. The CVSS vector (AV:P/AC:L/PR:N/UI:N) confirms physical presence is the primary prerequisite, with no authentication or user interaction required once access is obtained. No public exploit code or CISA KEV listing has been identified at time of analysis; a vendor-released patch is available in Chrome 149.0.7827.103.

Denial Of Service Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 5.7
MEDIUM PATCH This Month

Memory exhaustion denial-of-service in Dulwich's git-receive-pack handler allows any client with push access to crash the server by sending a ~174-byte crafted thin pack. The pack's delta header declares an arbitrarily large dest_size value, causing dulwich's add_thin_pack/apply_delta code to allocate hundreds of megabytes of memory with no relationship to the actual bytes received. No public exploit code and no CISA KEV listing exist at time of analysis; the CVSS 5.7 Medium score reflects the low-privilege network vector but is bounded by the requirement that the attacker hold push credentials.

Denial Of Service Red Hat Suse
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Unbounded HTTP/2 stream creation in Netty's netty-codec-http2 library exposes any Netty HTTP/2 server running on default configuration to memory exhaustion from a single TCP connection. Because DefaultHttp2Connection.DefaultEndpoint initializes stream limits to Integer.MAX_VALUE and Http2Settings never advertises SETTINGS_MAX_CONCURRENT_STREAMS unless the application explicitly calls initialSettings().maxConcurrentStreams(n), a remote unauthenticated attacker can sustain hundreds of thousands of simultaneous streams, each forcing JVM heap allocations for DefaultStream objects, PropertyMap slots, flow-controller state, and IntObjectHashMap entries. This misconfiguration is also the structural precondition for CVE-2023-44487-style HTTP/2 Rapid Reset amplification. No public exploit has been identified at time of analysis; vendor-released patches are available in 4.1.135.Final and 4.2.15.Final.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

DNS cache poisoning in Netty's resolver component (io.netty:netty-resolver-dns) enables remote unauthenticated attackers to redirect downstream application traffic to attacker-controlled IPs through a Kaminsky-style spoofing attack. The vulnerability combines two compounding weaknesses present in the default configuration: DNS transaction IDs shuffled with a mathematically predictable Linear Congruential Generator (ThreadLocalRandom), and a static UDP source port resulting from the default ChannelPerResolver channel strategy. No public exploit has been identified at time of analysis and the issue is not listed in CISA KEV, but the Netty project rated it high severity and released fixes in versions 4.1.135.Final and 4.2.15.Final.

Information Disclosure Java Red Hat +1
NVD GitHub VulDB
Prev Page 4 of 96 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy