Red Hat
Monthly
Out-of-bounds read in Apache HTTP Server 2.4.0 through 2.4.67 arises from an interaction between mod_headers, mod_mime, and multi-language content negotiation, allowing unauthenticated remote attackers to trigger memory reads beyond allocated buffer boundaries. The CVSS vector (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) confirms low-complexity, unauthenticated network exploitation yielding limited confidentiality and integrity impact with no availability consequence. No active exploitation confirmed in CISA KEV, and no public exploit code has been identified at time of analysis.
Improper path handling in the mod_dav_fs module of Apache HTTP Server 2.4.67 and earlier permits a WebDAV content author to directly manipulate trusted DAV property databases, leading to integrity violations and child process crashes. With a CVSS of 9.1 (AV:N/AC:L/PR:N/UI:N) and SSVC technical impact rated 'total' with automatable=yes, the flaw is highly impactful, though there is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Denial of service in Apache HTTP Server versions 2.4.0 through 2.4.67 stems from a heap-based buffer overflow triggered when the server processes responses from a malicious backend while ProxyPassReverseCookieDomain or ProxyPassReverseCookiePath directives are in use. Remote attackers controlling or compromising an upstream backend can crash the front-end Apache process, impacting availability of the reverse proxy without affecting confidentiality or integrity. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Cross-site scripting in Apache HTTP Server's mod_proxy_ftp module allows a network-accessible attacker to inject malicious scripts into HTML directory listings generated when the server proxies FTP directory contents. Affected are all versions of Apache HTTP Server up to and including 2.4.67, in both forward and reverse proxy configurations. No public exploit code has been identified at time of analysis, and CISA KEV listing is absent, but the Changed scope (S:C) in the CVSS vector means injected scripts execute in victims' browsers under the origin of the proxy host, elevating the effective impact beyond the medium base score.
Denial-of-service in the Linux kernel's DRM VKMS (Virtual Kernel Mode Setting) subsystem arises from an improperly managed custom hrtimer used for vblank timing, replaced in the fix by DRM's standard vblank timer implementation. Local users with low-privileged access to the VKMS device can trigger a kernel availability failure - likely a crash or hang - due to the divergent timer lifecycle in struct vkms_output. EPSS is negligible at 0.02% and no active exploitation is confirmed; this is a low-urgency kernel hardening fix affecting development and CI-focused deployments.
Stored cross-site scripting in Red Hat Quay 3.x allows an authenticated user with repository write access to upload a malicious SVG file via the filedrop endpoint, which lacks MIME type validation. The uploaded file is persisted and served inline through the CDN, meaning any victim who visits the archive URL will have attacker-controlled JavaScript execute in their browser. No public exploit has been identified at time of analysis, and exploitation requires both repository write privileges and victim interaction, limiting opportunistic mass exploitation.
Insufficient policy enforcement in Google Chrome for iOS (prior to 149.0.7827.53) allows remote unauthenticated attackers to bypass discretionary access controls via a crafted HTML page, resulting in limited integrity impact. User interaction is required, and exploitation probability is extremely low - EPSS sits at 0.02% (4th percentile). No public exploit identified at time of analysis, and Chromium's own security team rated this as 'Low' severity, consistent with the CVSS 4.3 score and SSVC's 'partial' technical impact assessment.
Same-origin policy bypass in Google Chrome on iOS prior to 149.0.7827.53 allows a remote, unauthenticated attacker to violate cross-origin isolation by delivering a crafted HTML page to a victim. The flaw stems from an inappropriate implementation (CWE-346) in the iOS-specific Chrome codebase, meaning the iOS browser incorrectly validates origin boundaries in a way the desktop build does not. No active exploitation is confirmed (no CISA KEV listing), EPSS is 0.02% (4th percentile), and SSVC rates exploitation as none - placing this firmly in a routine patching priority rather than an emergency response.
UI spoofing in Google Chrome for iOS prior to version 149.0.7827.53 enables a remote unauthenticated attacker to misrepresent critical browser interface elements through a crafted HTML page, requiring only that the victim visit the malicious page. The vulnerability stems from an inappropriate implementation specific to the iOS platform build of Chrome (CWE-451), with impact limited to integrity - no confidentiality or availability loss. No public exploit identified at time of analysis; EPSS sits at 0.03% (11th percentile) and Chromium's own severity rating is Low, aligning with the constrained real-world impact.
UI spoofing in Google Chrome on iOS (prior to 149.0.7827.53) allows an unauthenticated remote attacker to present a deceptive interface to users by serving a crafted HTML page, specifically targeting the Signin flow. The root cause is an inappropriate implementation classified under CWE-20 (Improper Input Validation), meaning Chrome fails to sufficiently validate or constrain inputs that influence the rendered signin UI. No public exploit code exists and no active exploitation has been confirmed; EPSS of 0.05% (15th percentile) indicates very low near-term exploitation probability, consistent with the Low Chromium severity rating.
Insufficient policy enforcement in Google Chrome for iOS (prior to 149.0.7827.53) enables remote attackers to bypass discretionary access controls by directing a victim to a crafted HTML page. The CVSS vector (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) confirms the attack is network-reachable, requires no authentication, and produces a limited integrity impact with no confidentiality or availability consequences. No public exploit has been identified at time of analysis, and the EPSS score of 0.02% (4th percentile) reflects very low exploitation probability; Chromium internally rated this Low severity.
Discretionary access control bypass in Google Chrome's Cast feature (prior to 149.0.7827.53) allows an attacker positioned on the local network segment to interfere with Cast functionality via crafted malicious network traffic. The vulnerability stems from improper privilege management (CWE-269) within the Cast implementation, resulting in limited confidentiality and integrity impact (CVSS 5.1). No public exploit code has been identified at time of analysis, and CISA KEV listing is absent; however, the no-authentication-required condition and the network-adjacent attack surface make this relevant for environments where Chrome's Cast feature is actively used on shared or untrusted network segments.
Navigation restriction bypass in Google Chrome's DOM Distiller component on iOS allows a remote attacker to circumvent page navigation controls by serving a specially crafted HTML page. Affected users are running Chrome on iOS prior to version 149.0.7827.53, and exploitation requires the victim to visit an attacker-controlled page. No public exploit identified at time of analysis and EPSS probability sits at 0.02% (4th percentile), consistent with the vendor's own 'Low' severity classification - real-world impact is limited to integrity degradation with no confidentiality or availability consequence.
Privilege escalation in Google Chrome for iOS prior to 149.0.7827.53 allows remote attackers to elevate privileges when a victim is lured into performing specific UI gestures on a crafted HTML page. The flaw stems from insufficient input validation in the Reading List feature and carries a CVSS 3.1 score of 8.8, though EPSS is low at 0.05% and no public exploit identified at time of analysis. Google rates the underlying Chromium severity as Low despite the high CVSS, suggesting realistic exploitability is constrained by the required user interaction.
Remote code execution in Google Chrome versions prior to 149.0.7827.53 stems from a use-after-free flaw in the TabStrip component, enabling a remote attacker who lures a victim to a crafted HTML page to corrupt memory and execute arbitrary code within the renderer context. Google rates the underlying Chromium severity as Low, but the CVSS base score of 8.8 reflects the potential impact when chained with a sandbox escape. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.
Sandbox escape in Google Chrome's GPU process prior to version 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page that triggers an integer overflow. The flaw, tagged as a buffer overflow with information disclosure potential, requires user interaction and a chained renderer compromise, and no public exploit has been identified at time of analysis despite Chromium rating the underlying severity as Low.
Cross-origin data leakage in Google Chrome's Storage Access API affects desktop versions prior to 149.0.7827.53, enabling a remote attacker who has already compromised the renderer process to exfiltrate sensitive cross-origin information via a specially crafted HTML page. Google rates the underlying Chromium severity as Low, though NVD assigns CVSS 7.5 due to the unauthenticated network vector, and no public exploit identified at time of analysis.
UI spoofing in Google Chrome's Permissions implementation prior to version 149.0.7827.53 allows a remote, unauthenticated attacker to deceive users through manipulated browser permission dialogs via a crafted HTML page. Exploitation requires user interaction - a victim must visit a malicious page - and the real-world impact is limited to low-integrity outcomes such as misleading users into granting or denying permissions under false pretenses. No public exploit code exists and this vulnerability has not been added to the CISA KEV catalog at time of analysis.
Cross-origin data leakage in Google Chrome's Permissions subsystem (prior to 149.0.7827.53) enables remote unauthenticated attackers to read data across origin boundaries via a crafted HTML page. The flaw, classified as a race condition (CWE-362) in the Permissions implementation, undermines the browser's Same-Origin Policy enforcement - a foundational web isolation mechanism. No public exploit identified at time of analysis; a vendor-released patch is available in version 149.0.7827.53, and Google has rated this Low severity in Chromium security terms.
Content Settings policy enforcement bypass in Google Chrome prior to 149.0.7827.53 enables remote attackers to circumvent discretionary access control by delivering a crafted HTML page to a victim who must interact with it. Rooted in CWE-284 (Improper Access Control), the flaw affects Chrome's Content Settings subsystem - which governs site-level permissions such as cookies, notifications, and script access - yielding a limited integrity impact with no confidentiality or availability consequences. No public exploit has been identified and the vulnerability is absent from CISA KEV; the vendor itself rates this as Low severity, consistent with the CVSS 4.3 base score.
Information disclosure in Google Chrome DevTools prior to version 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to read potentially sensitive data from process memory by serving a crafted HTML page. The flaw stems from a use-after-free condition (CWE-416) in DevTools, and while Google rates the underlying Chromium severity as Low, the NVD CVSS of 9.6 reflects the cross-origin scope change possible when chained with a prior renderer compromise. No public exploit identified at time of analysis.
Use-after-free in the Network component of Google Chrome prior to version 149.0.7827.53 enables an attacker who has already compromised the renderer process to read potentially sensitive data from process memory by delivering a crafted HTML page. The Changed scope (S:C) in the CVSS vector confirms the vulnerability crosses security boundaries - specifically from the renderer sandbox into the Network process - making this a secondary exploitation step rather than an initial access vector. No public exploit code exists and the vulnerability is not listed in the CISA KEV catalog; Google has released a patched stable channel build.
Navigation restriction bypass in Google Chrome's Lens component prior to version 149.0.7827.53 allows a remote attacker to circumvent browser security boundaries via a crafted HTML page. The flaw requires user interaction (UI:R) to trigger, but no authentication, and Google classifies the Chromium security severity as Low despite the NVD CVSS of 8.8. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Same-origin policy bypass in Google Chrome's IndexedDB implementation affects all versions prior to 149.0.7827.53, enabling an attacker who has already compromised the renderer process to cross origin boundaries via a crafted HTML page. The integrity-only impact (C:N/I:H/A:N) means a successful exploitation could allow unauthorized writes or data manipulation across origins, but does not directly expose confidential data. No public exploit code has been identified at time of analysis, and Google's own Chromium security team rated this Low severity; a vendor-released patch is available at version 149.0.7827.53.
UI spoofing in Google Chrome's Payments component prior to version 149.0.7827.53 enables a remote unauthenticated attacker to mislead users about payment interface elements via a crafted HTML page. The vulnerability stems from inappropriate implementation logic (CWE-451) that allows visual misrepresentation of critical payment-related UI, potentially facilitating phishing or payment fraud against end users who interact with a malicious page. No public exploit code has been identified at time of analysis, and Chromium's internal severity rating is Low, consistent with its limited integrity-only, user-interaction-dependent impact.
Navigation restriction bypass in Google Chrome's Downloads subsystem prior to version 149.0.7827.53 enables a remote unauthenticated attacker to circumvent browser navigation controls by luring a user to a crafted HTML page. The flaw is rooted in an inappropriate implementation classified as CWE-346 (Origin Validation Error), meaning Chrome fails to properly validate the origin of requests or data within the Downloads flow. Rated Medium by CVSS (5.4) and Low by Chromium's own severity scale, no public exploit code or CISA KEV listing has been identified at time of analysis.
Cross-origin data disclosure in Google Chrome versions prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to leak data across origin boundaries by serving a crafted HTML page through the Plugins component. No public exploit has been identified at time of analysis, and Chromium rates the underlying issue as Low severity despite the NVD CVSS of 7.5. The flaw stems from insufficient validation of untrusted input (CWE-20) within Chrome's plugin handling path.
Privilege escalation in Google Chrome's Cast component (versions prior to 149.0.7827.53) allows an adjacent network attacker to elevate privileges by delivering a crafted HTML page that exploits insufficient input validation. Exploitation requires the victim to interact with the malicious content, and no public exploit has been identified at time of analysis despite a CVSS score of 8.0. Google has classified the Chromium security severity as Low, suggesting the practical impact is more constrained than the numeric score implies.
Privilege escalation in Google Chrome prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to escape sandbox-style restrictions via the Extensions subsystem using a crafted HTML page. The flaw requires user interaction and high attack complexity, and is rated Low severity by the Chromium team despite the 7.5 CVSS score; no public exploit identified at time of analysis.
Inappropriate implementation in Google Chrome's DevTools component prior to version 149.0.7827.53 allows a crafted Chrome Extension to access and read sensitive data from process memory. Exploitation requires social engineering a target user into installing a malicious extension, after which the extension can invoke under-guarded DevTools APIs to extract potentially sensitive in-memory content such as credentials, tokens, or session data. No public exploit has been identified at time of analysis, and the EPSS score of 0.01% indicates very low observed exploitation probability; however, the confidentiality impact is rated High by CVSS.
Tab Hover Cards in Google Chrome prior to 149.0.7827.53 render domain names incorrectly, enabling a remote unauthenticated attacker to spoof displayed domain identity via a crafted domain name, misleading users about the true destination of a browser tab. CVSS rates Integrity impact as High (I:H), reflecting the real deception potential in phishing scenarios, while Chromium itself labels this Low severity - a notable contrast worth flagging. No public exploit identified at time of analysis, and EPSS at 0.03% (11th percentile) reflects minimal current exploitation interest.
Same-origin policy bypass in the PreviewTab component of Google Chrome for Android (versions prior to 149.0.7827.53) enables a remote unauthenticated attacker to violate cross-origin isolation and corrupt content integrity. Exploitation requires social engineering - the victim must visit a crafted HTML page and be manipulated into performing specific UI gestures within the PreviewTab interface. The CVSS vector scores high integrity impact (I:H) with no confidentiality or availability impact, indicating an attacker can alter or inject content across origin boundaries but cannot directly exfiltrate data. No public exploit code or CISA KEV listing has been identified; EPSS sits at 0.02% (4th percentile), reflecting very low current exploitation probability.
Domain spoofing in Google Chrome's WebUI component (versions prior to 149.0.7827.53) allows unauthenticated remote attackers to display a misleading domain name in the browser UI by delivering a crafted domain to a victim. The CVSS vector (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) assigns High integrity impact, reflecting the ability to undermine a user's origin-trust decisions - the cornerstone of browser security. No public exploit code exists and EPSS sits at 0.03% (10th percentile), consistent with Google's own 'Low' Chromium severity rating; risk is realistic but non-urgent outside phishing-focused threat models.
Remote code execution in Google Chrome on Linux versions prior to 149.0.7827.53 allows a remote attacker to exploit a use-after-free condition in the Chromoting component via malicious network traffic. The flaw carries a CVSS 3.1 score of 8.1 (high) with no public exploit identified at time of analysis and an EPSS probability of 0.04%, though Google rates the Chromium severity as Low. The vendor has shipped a fix in the stable channel update for desktop.
Same-origin policy bypass in Google Chrome's Network component (versions prior to 149.0.7827.53) enables a post-compromise attacker who already controls the renderer process to subvert cross-origin enforcement via a crafted HTML page. The CVSS integrity impact is rated High (I:H), but exploitation is gated behind a required renderer-process pre-compromise, substantially raising the real-world attack bar. No public exploit code exists and no CISA KEV listing is present; EPSS stands at 0.02% (6th percentile), consistent with Google's own Low severity rating for this issue.
Domain spoofing via Tab Strip UI misrepresentation in Google Chrome prior to 149.0.7827.53 enables remote unauthenticated attackers to deceive users into believing they are visiting a legitimate domain by serving a crafted HTML page that corrupts the displayed origin in the tab strip. The CVSS vector (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) confirms network-accessible exploitation requiring no privileges but requiring user interaction, with integrity impact reflecting successful identity deception rather than data exfiltration or code execution. No public exploit code exists and EPSS at 0.03% (11th percentile) reflects negligible observed exploitation activity; this is not currently listed in the CISA KEV catalog.
UI spoofing in Google Chrome's PointerLock API prior to version 149.0.7827.53 allows an attacker who has already compromised the renderer process to manipulate browser UI presentation via a crafted HTML page. The CVSS score of 4.3 (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) reflects limited integrity-only impact with no confidentiality or availability consequences, and Google itself rated this 'Low' severity. No public exploit has been identified and the EPSS score of 0.05% (15th percentile) confirms very low real-world exploitation probability at time of analysis.
Site isolation bypass in Google Chrome's Navigation component allows a remote attacker who has already compromised the renderer process to break Chrome's cross-origin security boundary via a crafted HTML page. Affected versions are all Chrome releases prior to 149.0.7827.53. The CVSS vector (I:H) reflects high integrity impact against protected origins, but the real-world risk is substantially gated by the prerequisite of renderer process compromise - a condition Google itself rates as 'Low' severity in Chromium's internal classification. No public exploit code or CISA KEV listing has been identified at time of analysis.
Navigation restriction bypass in Google Chrome prior to 149.0.7827.53 allows remote unauthenticated attackers to circumvent Chrome's built-in navigation controls by delivering a crafted HTML page to a victim. The flaw stems from an inappropriate implementation in Chrome's Navigation subsystem (CWE-693: Protection Mechanism Failure), yielding low integrity impact with no confidentiality or availability consequences. No public exploit has been identified at time of analysis and EPSS exploitation probability is 0.02% (4th percentile), consistent with Google Chromium's own Low severity classification for this issue.
Remote code execution in Google Chrome on Windows prior to version 149.0.7827.53 allows a remote attacker to run arbitrary code when a victim is lured into performing specific UI gestures involving a malicious file delivered through the PlatformIntegration component. The flaw stems from improper input validation (CWE-20) and, while a vendor patch is available, no public exploit has been identified at time of analysis and EPSS scoring (0.04%) indicates very low near-term exploitation probability.
Site isolation bypass in Google Chrome's Fenced Frames component allows an attacker who has already compromised the renderer process to cross origin boundaries via a crafted HTML page. Affected versions are all Chrome releases prior to 149.0.7827.53 on desktop platforms. No public exploit code has been identified at time of analysis, and EPSS sits at a low 0.02% (4th percentile), consistent with Chromium's own 'Low' severity rating despite the 6.5 CVSS score - real-world risk is contingent on a separate, preceding renderer exploit.
UI spoofing in Google Chrome's File Input component (versions prior to 149.0.7827.53) enables remote attackers to misrepresent security-critical interface elements to users through specially crafted HTML pages. The attacker must convince a target to perform specific UI gestures - such as drag-and-drop or deliberate click sequences - to trigger incorrect rendering of the browser's file selection security UI. No public exploit identified at time of analysis; EPSS at 0.03% (11th percentile) signals very low exploitation probability, consistent with no CISA KEV listing.
Domain spoofing in Google Chrome's Cronet networking library on Android (versions prior to 149.0.7827.53) enables remote unauthenticated attackers to misrepresent domain names to victims browsing on Android devices. The CVSS vector (AV:N/AC:L/PR:N/UI:R/I:H) confirms high integrity impact with no privileges required, contingent on victim interaction with a crafted URL. EPSS at 0.03% (11th percentile) and no CISA KEV listing indicate no public exploitation at time of analysis, making this primarily a targeted phishing-enablement risk rather than an actively weaponized vector.
Cross-origin data leakage in Google Chrome for iOS prior to version 149.0.7827.53 enables a remote unauthenticated attacker to read sensitive data from cross-origin resources by tricking a user into visiting a crafted HTML page. The flaw stems from an inappropriate implementation in the iOS-specific Chrome code path (CWE-346: Origin Validation Error), undermining the browser's Same-Origin Policy enforcement on Apple's platform. No public exploit code exists and no active exploitation is confirmed; with an EPSS of 0.03% (11th percentile), real-world risk is currently assessed as low despite the high confidentiality impact in the CVSS scoring.
Sandbox escape in Google Chrome prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page that abuses Reading Mode's insufficient input validation. The CVSS 9.6 rating reflects the scope-changing impact (S:C) when chained from a renderer compromise, though EPSS is very low (0.05%) and no public exploit identified at time of analysis. Chromium rates the underlying issue Medium severity, reflecting that prior renderer compromise is a prerequisite.
Cross-origin data leakage in Google Chrome's DevTools component (prior to 149.0.7827.53) enables an attacker to bypass same-origin policy enforcement through a crafted malicious extension. Exploitation requires convincing a target user to install the attacker-controlled extension, after which cross-origin data can be exfiltrated via insufficient DevTools policy controls. No public exploit code has been identified at time of analysis, and the EPSS score of 0.01% (1st percentile) indicates very low observed exploitation probability; the vulnerability is not listed in the CISA KEV catalog.
Safe Browsing bypass in Google Chrome prior to 149.0.7827.53 allows a remote attacker to circumvent discretionary access control protections by delivering a specially crafted RAR file to a victim who interacts with it. The CVSS vector (AV:N/AC:L/PR:N/UI:R) confirms no authentication or elevated privileges are required on the attacker side, but exploitation depends on user interaction - the victim must engage with the malicious RAR file. The integrity impact is rated High (I:H) with no confidentiality or availability impact, indicating the primary risk is bypassing file-based access controls enforced by the Safe Browsing subsystem. No public exploit identified at time of analysis, and EPSS at 0.02% (4th percentile) reflects very low observed exploitation probability.
Sensitive information disclosure in Google Chrome's Passwords component (prior to 149.0.7827.53) allows a remote attacker who has already compromised the renderer process to read potentially sensitive data - including password material - from process memory by delivering a crafted HTML page. The attack carries a CVSS 6.5 (Medium) rating with high confidentiality impact and no integrity or availability consequence. No public exploit has been identified at time of analysis, and EPSS places exploitation probability at 0.03% (11th percentile), consistent with the non-trivial prerequisite of prior renderer compromise.
Memory information disclosure in Google Chrome's Codecs component affects all desktop versions prior to 149.0.7827.53, enabling remote unauthenticated attackers to read potentially sensitive data from browser process memory when a user visits a specially crafted HTML page. The root cause is a use-after-free (CWE-416) in the media codec subsystem, yielding high confidentiality impact with no integrity or availability consequences per CVSS. EPSS is very low at 0.03% (11th percentile) and SSVC confirms no active exploitation, placing this firmly in the routine patch category despite its Medium severity score.
Sandbox escape in Google Chrome versions prior to 149.0.7827.53 allows remote attackers to break out of the browser's renderer sandbox by sending malicious network traffic processed by the Autofill component. The flaw is rated CVSS 9.6 due to scope change and high impact across confidentiality, integrity, and availability, though Chromium itself assigns it Medium severity and EPSS exploitation probability is currently very low (0.05%). No public exploit identified at time of analysis, but a vendor-released patch is available.
Cross-origin data leakage via ServiceWorker policy bypass in Google Chrome affects all desktop versions prior to 149.0.7827.53. Insufficient policy enforcement in Chrome's ServiceWorker API allows unauthenticated remote attackers to read sensitive cross-origin data from a victim's browser session by directing the victim to a crafted HTML page. EPSS exploitation probability is very low at 0.03% (11th percentile), no public exploit code has been identified, and no CISA KEV listing exists at time of analysis - making this a moderate confidentiality risk that warrants patching but is not an immediate emergency for most organizations.
Universal Cross-Site Scripting (UXSS) in Google Chrome for iOS prior to 149.0.7827.53 allows a remote, unauthenticated attacker to inject arbitrary scripts or HTML across origin boundaries by delivering a crafted QR code and convincing the target to perform specific UI gestures within the browser. The CVSS Scope:Changed rating confirms this bypasses the same-origin policy, meaning injected scripts can access sessions and data from other open origins. No public exploit code has been identified at time of analysis, and the EPSS score of 0.07% (22nd percentile) indicates low observed exploitation probability, though the attack is fully network-accessible once social engineering is achieved. Note: the 'RCE' tag attached to this CVE is inconsistent with the description, which describes UXSS - not OS-level code execution - and should be treated as a tagging error.
Navigation restriction bypass in Google Chrome for iOS (versions prior to 149.0.7827.53) exploits an inappropriate implementation within the Signin component, enabling a remote attacker to circumvent navigation controls by delivering a crafted HTML page to a victim. Per CVSS (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N), no authentication is required by the attacker, but user interaction is necessary - the victim must visit or load the malicious page. No public exploit has been identified at time of analysis, SSVC reports exploitation as none, and the EPSS score of 0.02% (4th percentile) indicates very low likelihood of opportunistic exploitation; nevertheless, the high integrity impact warrants prompt patching on all managed iOS Chrome deployments.
Cross-origin data leakage in Google Chrome's GPU implementation on macOS allows remote unauthenticated attackers to exfiltrate sensitive cross-origin information by luring a user to a crafted HTML page. Affected are all Chrome releases on Mac prior to 149.0.7827.53. The vulnerability stems from an inappropriate GPU implementation (CWE-200) and carries no publicly available exploit at time of analysis; EPSS sits at 0.03% (11th percentile), indicating low current exploitation probability. No active exploitation has been confirmed by CISA KEV.
Sandbox escape in Google Chrome for iOS prior to 149.0.7827.53 allows a remote attacker who lures a victim to a malicious page to potentially break out of Chrome's renderer sandbox via crafted HTML. The flaw is rated CVSS 8.8 (High) due to high confidentiality, integrity, and availability impact, though Chromium internally classifies severity as Medium and EPSS exploitation probability is currently very low (0.05%). No public exploit identified at time of analysis.
Remote code execution in Google Chrome versions prior to 149.0.7827.53 stems from a use-after-free condition in the ServiceWorker component that can be triggered by a malicious browser extension. An attacker who convinces a user to install a crafted Chrome Extension can achieve arbitrary code execution within the renderer context. No public exploit has been identified at time of analysis and EPSS exploitation probability is very low at 0.01%, but the high CVSS score (8.8) reflects the severe potential impact.
Cross-origin data leakage in Google Chrome's WebRTC subsystem (versions prior to 149.0.7827.53) allows a remote unauthenticated attacker to read data across origin boundaries when a victim visits a crafted HTML page. The vulnerability carries a CVSS 6.5 Medium score with high confidentiality impact, but mandatory user interaction prevents automated mass exploitation - consistent with SSVC Automatable: no and an EPSS of 0.03% (10th percentile). No public exploit code exists and this CVE is not listed in the CISA Known Exploited Vulnerabilities catalog at time of analysis.
Cross-origin data leakage in Google Chrome's WebRTC implementation allows a network-positioned attacker to extract sensitive cross-origin information via crafted malicious network traffic. Affected versions are all Chrome releases prior to 149.0.7827.53; the fix is available in the stable channel update. No public exploit exists and no active exploitation has been identified - EPSS sits at 0.02% (4th percentile) and CISA SSVC assesses exploitation as none and automation as not feasible, placing real-world urgency well below the raw CVSS confidentiality impact suggests.
Sandbox escape in Google Chrome versions prior to 149.0.7827.53 allows a remote attacker to break out of the browser's renderer sandbox by serving a crafted video file processed by Chrome's media codec stack. The flaw stems from insufficient validation of untrusted input in the Codecs component and requires the victim to load attacker-controlled video content, but successful exploitation yields cross-origin impact (Scope: Changed) with high confidentiality, integrity, and availability impact. No public exploit identified at time of analysis and EPSS exploitation probability is low (0.05%, 15th percentile), though the 9.6 CVSS rating and sandbox-escape primitive make this a high-priority browser patch.
Same-origin policy bypass in Google Chrome's Workers subsystem (versions prior to 149.0.7827.53) permits a remote attacker who has already compromised the renderer process to circumvent cross-origin restrictions via a crafted HTML page, resulting in high-severity integrity impact (CVSS I:H). The flaw, rooted in insufficient policy enforcement (CWE-284), functions as a second-stage chained exploit rather than an initial access vector, requiring renderer compromise as a prerequisite. No active exploitation has been identified (SSVC: exploitation none; EPSS 0.02%), and a vendor-released patch is available as of Chrome 149.0.7827.53.
Sandbox escape in Google Chrome for Android before 149.0.7827.53 lets a remote attacker exploit a use-after-free in the USB component by luring a victim to a crafted HTML page, potentially breaking out of the renderer sandbox. CVSS 8.8 reflects the high impact across confidentiality, integrity, and availability, though successful attack requires user interaction (visiting the page). No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Navigation restriction bypass in Google Chrome's Glic component (versions prior to 149.0.7827.53) enables remote attackers to circumvent browser navigation controls by delivering a crafted HTML page that the victim must open. The vulnerability is rooted in an inappropriate implementation (CWE-284, Improper Access Control) within the Glic subsystem and yields limited but multi-dimensional impact across confidentiality, integrity, and availability (C:L/I:L/A:L). No public exploit identified at time of analysis and this CVE does not appear in CISA KEV; Google has assigned a 'Medium' severity rating consistent with the CVSS 6.3 score.
Universal Cross-Site Scripting (UXSS) in Google Chrome's CSS implementation prior to version 149.0.7827.53 allows remote unauthenticated attackers to inject arbitrary scripts or HTML across origin boundaries via a crafted HTML page, requiring only user interaction. The Scope:Changed CVSS component (S:C) confirms this bypasses Chrome's Same-Origin Policy, enabling access to content from other origins in the victim's browser session. No public exploit code has been identified at time of analysis, and this is not listed in CISA KEV; however, UXSS classes in major browsers are historically targeted by threat actors for session hijacking and credential theft.
Arbitrary code execution within the Chrome renderer sandbox is possible in Google Chrome versions prior to 149.0.7827.53 due to a use-after-free defect in the V8 JavaScript engine. Exploitation requires social engineering a user into installing a malicious Chrome Extension, after which a crafted extension can trigger the memory corruption and run attacker-controlled code inside the sandboxed process. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Navigation restriction bypass in Google Chrome prior to 149.0.7827.53 allows a remote, unauthenticated attacker to circumvent policy enforcement in the browser's Actor component by delivering a crafted HTML page to a target user. The flaw (CWE-602) enables unauthorized navigation actions that could expose users to cross-origin manipulation or redirects with low but non-trivial confidentiality, integrity, and availability impact. No public exploit has been identified at time of analysis, and EPSS of 0.02% combined with SSVC exploitation status of none indicates limited active threat, though the broad attack surface of any Chrome desktop user visiting a malicious page warrants timely patching.
Out-of-bounds read in Chrome's GWP-ASan memory safety subsystem (versions prior to 149.0.7827.53) enables a local attacker to disclose potentially sensitive contents from process memory by delivering a malicious file to the target. The vulnerability carries a CVSS 6.5 Medium score with high confidentiality impact but no integrity or availability impact, consistent with a pure information-disclosure class. No public exploit code has been identified at time of analysis, EPSS exploitation probability is extremely low at 0.01% (1st percentile), and SSVC assessment confirms no known active exploitation, collectively indicating a low near-term threat priority despite the notable confidentiality impact rating.
Out-of-bounds write in the V8 JavaScript engine of Google Chrome prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to execute arbitrary code within the sandbox via a crafted HTML page. The flaw requires user interaction (visiting a malicious page) and prior renderer compromise, and no public exploit identified at time of analysis. CVSS 8.8 reflects high impact across confidentiality, integrity, and availability, though Google classifies the Chromium severity as Medium.
Remote code execution in Google Chrome's Blink rendering engine prior to 149.0.7827.53 allows remote attackers to execute arbitrary code within the renderer sandbox by enticing a user to visit a crafted HTML page. The flaw stems from an integer overflow (CWE-472) in Blink and carries a CVSS 3.1 score of 8.8; no public exploit identified at time of analysis, though a vendor patch has been released through the Chrome Stable channel update.
Sandbox escape in Google Chrome on iOS before 149.0.7827.53 can be triggered by a remote attacker who lures a user to a malicious HTML page that abuses a use-after-free condition in the WebMIDI subsystem. Successful exploitation breaks out of the renderer sandbox with high confidentiality, integrity, and availability impact, though no public exploit is identified at time of analysis and EPSS probability is very low (0.03%).
Remote code execution in Google Chrome's Blink rendering engine prior to version 149.0.7827.53 allows a remote attacker to execute arbitrary code within the renderer sandbox by luring a user to a crafted HTML page. The flaw is a use-after-free memory corruption issue (CWE-416) tagged for RCE and DoS impact, and no public exploit has been identified at time of analysis. CISA SSVC currently lists exploitation as 'none' despite the high CVSS 8.8 score, indicating significant theoretical impact but no observed in-the-wild activity yet.
Privilege escalation in Google Chrome prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page that abuses insufficient input validation in the Extensions component. Google rates the Chromium severity as Medium while NVD assigns CVSS 7.5 (High); no public exploit identified at time of analysis and CISA SSVC reports no observed exploitation.
Remote code execution in Google Chrome on Windows prior to 149.0.7827.53 allows attackers to run arbitrary code within the browser sandbox by enticing a user to visit a crafted HTML page that triggers a use-after-free in the WebML component. Although Chromium rates the severity as Medium, the CVSS 3.1 base score is 8.8 (High), reflecting high impact across confidentiality, integrity, and availability with low attack complexity. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Remote code execution in Google Chrome versions prior to 149.0.7827.53 allows attackers to execute arbitrary code within the renderer sandbox through a use-after-free flaw in the Canvas component. Exploitation requires a victim to visit a crafted HTML page, and no public exploit has been identified at time of analysis. Google rates this as Medium severity internally despite the CVSS 8.8 score, reflecting the sandbox containment limit.
Remote code execution in Google Chrome versions prior to 149.0.7827.53 stems from a use-after-free flaw in the Media component, allowing a remote attacker who can lure a victim to a crafted HTML page to execute arbitrary code within the renderer sandbox. The high CVSS score of 8.8 reflects the severe impact triad (C:H/I:H/A:H), though exploitation requires user interaction (UI:R) and code execution is contained within Chrome's sandbox boundary. There is no public exploit identified at time of analysis, and SSVC indicates no observed exploitation.
Cross-origin data leakage in Google Chrome's Web Share API prior to version 149.0.7827.53 allows a remote attacker to extract sensitive cross-origin information by convincing a user to perform specific UI gestures on a crafted HTML page, violating browser same-origin policy guarantees. The CVSS vector (AV:N/AC:L/PR:N/UI:R/C:H) reflects high confidentiality impact with no authentication required on the attacker's side, though mandatory user interaction reduces realistic exploitation probability significantly. No public exploit has been identified at time of analysis, and an EPSS score of 0.04% (13th percentile) corroborates low current exploitation activity.
Domain spoofing via crafted WebAPK in Google Chrome on Android prior to 149.0.7827.53 enables remote unauthenticated attackers to deceive users about the web origin of installed Progressive Web Apps, with high integrity impact as confirmed by the CVSS I:H rating. The CVSS vector (AV:N/AC:L/PR:N/UI:R) confirms the attack is network-accessible and requires no privileges, though user interaction is a necessary precondition. No public exploits have been identified and EPSS sits at 0.03% (10th percentile), indicating minimal observed exploitation pressure; however, the trust-abuse potential for phishing campaigns makes timely patching advisable.
Cross-origin data leakage in Google Chrome DevTools affects all versions prior to 149.0.7827.53, exploitable through a crafted malicious Chrome Extension. The inappropriate DevTools implementation allows an attacker who successfully social-engineers a victim into installing the extension to read data from cross-origin contexts - violating the browser's same-origin isolation guarantees at the DevTools layer. No public exploit code exists and no CISA KEV listing is present; EPSS at 0.02% (4th percentile) confirms low exploitation probability in the wild, making this a routine patch-cycle priority rather than an emergency response item.
Remote code execution in Google Chrome prior to 149.0.7827.53 allows a remote attacker to execute arbitrary code within the renderer sandbox by enticing a user to visit a crafted HTML page that triggers a use-after-free in the Compositing component. The flaw carries a CVSS 8.8 rating and is tagged as RCE/DoS/memory corruption, though no public exploit identified at time of analysis and Google rates the security severity as Medium. Exploitation is constrained to in-sandbox code execution and requires user interaction (visiting the malicious page).
Heap corruption in Google Chrome versions prior to 149.0.7827.53 stems from an integer overflow in the Skia graphics library that can be triggered by a crafted HTML page. Remote attackers can lure a victim to a malicious web page to potentially achieve arbitrary code execution within the renderer process. No public exploit identified at time of analysis, and EPSS exploitation probability is low at 0.03% (11th percentile), though Chrome rendering bugs historically attract exploit development.
Uninitialized memory read in Chrome's ANGLE graphics layer prior to version 149.0.7827.53 allows remote attackers to obtain sensitive process memory contents through a crafted HTML page, with no authentication required but mandatory user interaction. The vulnerability carries a CVSS Confidentiality impact of High (C:H), indicating potentially significant data exposure despite the Medium overall score of 6.5. EPSS is low at 0.03% (11th percentile) and no CISA KEV listing exists, meaning no public exploit or confirmed widespread exploitation has been identified at time of analysis.
Universal Cross-Site Scripting (UXSS) in Google Chrome's Keyboard implementation prior to version 149.0.7827.53 enables remote unauthenticated attackers to inject arbitrary scripts or HTML across origin boundaries via a crafted HTML page. The Scope:Changed CVSS vector reflects the fundamental nature of this class: successful exploitation bypasses the Same-Origin Policy, potentially granting script access to sessions, cookies, and DOM content across all origins open in the browser. No public exploit has been identified at time of analysis, and the EPSS score of 0.06% (18th percentile) indicates low current exploitation probability, though UXSS primitives are historically high-value for targeted attacks.
Cross-origin data leakage in Google Chrome's Skia graphics library affects all versions prior to 149.0.7827.53, exploitable by a remote attacker who has already compromised the renderer process. Via a crafted HTML page, the attacker can abuse insufficient input validation in Skia to extract sensitive cross-origin data, bypassing browser isolation boundaries. No public exploit code has been identified at time of analysis, and the EPSS score of 0.05% (15th percentile) reflects low observed exploitation activity.
Remote code execution in Google Chrome's WebRTC component prior to 149.0.7827.53 allows remote attackers to execute arbitrary code within the renderer sandbox when a victim visits a crafted HTML page. The flaw is a use-after-free memory corruption issue rated CVSS 8.8 with high impact across confidentiality, integrity, and availability, though execution remains confined to the sandbox and no public exploit identified at time of analysis.
Remote code execution in Google Chrome on Windows prior to 149.0.7827.53 allows a remote attacker to exploit a use-after-free condition in the Views component via a crafted HTML page. The flaw carries a CVSS 3.1 score of 8.8 with network attack vector and requires user interaction (visiting a malicious page), and no public exploit has been identified at time of analysis despite Google's vendor patch being released.
Arbitrary code execution within the Chrome sandbox affects Google Chrome desktop builds prior to 149.0.7827.53 due to an inappropriate implementation in the Isolated Web Apps (IWA) component. A remote attacker who convinces a user to open a malicious file can execute code confined to the sandbox process, with no public exploit identified at time of analysis and an EPSS score of only 0.03% (10th percentile) indicating low predicted exploitation likelihood. Google has shipped a fix in the stable channel update for desktop.
Sandbox escape in Google Chrome versions prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page processed by the codec subsystem. The flaw requires user interaction (visiting a malicious page) and a prior renderer compromise, but if chained successfully it enables full code execution on the host with a scope change. No public exploit identified at time of analysis and EPSS probability is very low (0.05%), but the 9.6 CVSS reflects the high impact of a successful sandbox escape.
Sandbox escape in Google Chrome's ANGLE graphics layer prior to version 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page. The flaw stems from an integer overflow (CWE-472) in ANGLE and requires user interaction (visiting a malicious page) plus a prior renderer compromise to chain into full sandbox escape. No public exploit identified at time of analysis, and EPSS is very low (0.03%), but Google rates the underlying issue as Medium severity within Chromium.
Sandbox-confined arbitrary code execution in Google Chrome versions prior to 149.0.7827.53 stems from an inappropriate implementation in the Dawn WebGPU component, enabling a remote attacker who has already compromised the renderer process to run code inside the sandbox via a crafted HTML page. The CVSS 8.8 rating reflects high impact across confidentiality, integrity, and availability when combined with user interaction (visiting a page), though Chromium classified the underlying severity as Medium. No public exploit identified at time of analysis, but a vendor patch is available in the Stable channel update for desktop.
Remote code execution in Google Chrome versions prior to 149.0.7827.53 allows a remote attacker to execute arbitrary code within the renderer sandbox by serving a crafted HTML page that triggers a bad cast in the Dawn WebGPU implementation. The flaw carries a CVSS 8.8 rating with user interaction required (visiting a malicious page), and no public exploit has been identified at time of analysis despite Google rating the underlying Chromium severity as Medium. The vendor has released a patched stable channel build addressing this issue alongside other fixes.
Remote code execution in Google Chrome versions prior to 149.0.7827.53 stems from a type confusion flaw in the CSS engine that lets a remote attacker run arbitrary code within the renderer sandbox by enticing a victim to load a crafted HTML page. The CVSS 8.8 score reflects network reach with low attack complexity but requires user interaction (UI:R) to visit the malicious page, and no public exploit identified at time of analysis. A vendor patch is available via the Chrome Stable channel update published in June 2026.
Out-of-bounds read in Apache HTTP Server 2.4.0 through 2.4.67 arises from an interaction between mod_headers, mod_mime, and multi-language content negotiation, allowing unauthenticated remote attackers to trigger memory reads beyond allocated buffer boundaries. The CVSS vector (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) confirms low-complexity, unauthenticated network exploitation yielding limited confidentiality and integrity impact with no availability consequence. No active exploitation confirmed in CISA KEV, and no public exploit code has been identified at time of analysis.
Improper path handling in the mod_dav_fs module of Apache HTTP Server 2.4.67 and earlier permits a WebDAV content author to directly manipulate trusted DAV property databases, leading to integrity violations and child process crashes. With a CVSS of 9.1 (AV:N/AC:L/PR:N/UI:N) and SSVC technical impact rated 'total' with automatable=yes, the flaw is highly impactful, though there is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Denial of service in Apache HTTP Server versions 2.4.0 through 2.4.67 stems from a heap-based buffer overflow triggered when the server processes responses from a malicious backend while ProxyPassReverseCookieDomain or ProxyPassReverseCookiePath directives are in use. Remote attackers controlling or compromising an upstream backend can crash the front-end Apache process, impacting availability of the reverse proxy without affecting confidentiality or integrity. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Cross-site scripting in Apache HTTP Server's mod_proxy_ftp module allows a network-accessible attacker to inject malicious scripts into HTML directory listings generated when the server proxies FTP directory contents. Affected are all versions of Apache HTTP Server up to and including 2.4.67, in both forward and reverse proxy configurations. No public exploit code has been identified at time of analysis, and CISA KEV listing is absent, but the Changed scope (S:C) in the CVSS vector means injected scripts execute in victims' browsers under the origin of the proxy host, elevating the effective impact beyond the medium base score.
Denial-of-service in the Linux kernel's DRM VKMS (Virtual Kernel Mode Setting) subsystem arises from an improperly managed custom hrtimer used for vblank timing, replaced in the fix by DRM's standard vblank timer implementation. Local users with low-privileged access to the VKMS device can trigger a kernel availability failure - likely a crash or hang - due to the divergent timer lifecycle in struct vkms_output. EPSS is negligible at 0.02% and no active exploitation is confirmed; this is a low-urgency kernel hardening fix affecting development and CI-focused deployments.
Stored cross-site scripting in Red Hat Quay 3.x allows an authenticated user with repository write access to upload a malicious SVG file via the filedrop endpoint, which lacks MIME type validation. The uploaded file is persisted and served inline through the CDN, meaning any victim who visits the archive URL will have attacker-controlled JavaScript execute in their browser. No public exploit has been identified at time of analysis, and exploitation requires both repository write privileges and victim interaction, limiting opportunistic mass exploitation.
Insufficient policy enforcement in Google Chrome for iOS (prior to 149.0.7827.53) allows remote unauthenticated attackers to bypass discretionary access controls via a crafted HTML page, resulting in limited integrity impact. User interaction is required, and exploitation probability is extremely low - EPSS sits at 0.02% (4th percentile). No public exploit identified at time of analysis, and Chromium's own security team rated this as 'Low' severity, consistent with the CVSS 4.3 score and SSVC's 'partial' technical impact assessment.
Same-origin policy bypass in Google Chrome on iOS prior to 149.0.7827.53 allows a remote, unauthenticated attacker to violate cross-origin isolation by delivering a crafted HTML page to a victim. The flaw stems from an inappropriate implementation (CWE-346) in the iOS-specific Chrome codebase, meaning the iOS browser incorrectly validates origin boundaries in a way the desktop build does not. No active exploitation is confirmed (no CISA KEV listing), EPSS is 0.02% (4th percentile), and SSVC rates exploitation as none - placing this firmly in a routine patching priority rather than an emergency response.
UI spoofing in Google Chrome for iOS prior to version 149.0.7827.53 enables a remote unauthenticated attacker to misrepresent critical browser interface elements through a crafted HTML page, requiring only that the victim visit the malicious page. The vulnerability stems from an inappropriate implementation specific to the iOS platform build of Chrome (CWE-451), with impact limited to integrity - no confidentiality or availability loss. No public exploit identified at time of analysis; EPSS sits at 0.03% (11th percentile) and Chromium's own severity rating is Low, aligning with the constrained real-world impact.
UI spoofing in Google Chrome on iOS (prior to 149.0.7827.53) allows an unauthenticated remote attacker to present a deceptive interface to users by serving a crafted HTML page, specifically targeting the Signin flow. The root cause is an inappropriate implementation classified under CWE-20 (Improper Input Validation), meaning Chrome fails to sufficiently validate or constrain inputs that influence the rendered signin UI. No public exploit code exists and no active exploitation has been confirmed; EPSS of 0.05% (15th percentile) indicates very low near-term exploitation probability, consistent with the Low Chromium severity rating.
Insufficient policy enforcement in Google Chrome for iOS (prior to 149.0.7827.53) enables remote attackers to bypass discretionary access controls by directing a victim to a crafted HTML page. The CVSS vector (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) confirms the attack is network-reachable, requires no authentication, and produces a limited integrity impact with no confidentiality or availability consequences. No public exploit has been identified at time of analysis, and the EPSS score of 0.02% (4th percentile) reflects very low exploitation probability; Chromium internally rated this Low severity.
Discretionary access control bypass in Google Chrome's Cast feature (prior to 149.0.7827.53) allows an attacker positioned on the local network segment to interfere with Cast functionality via crafted malicious network traffic. The vulnerability stems from improper privilege management (CWE-269) within the Cast implementation, resulting in limited confidentiality and integrity impact (CVSS 5.1). No public exploit code has been identified at time of analysis, and CISA KEV listing is absent; however, the no-authentication-required condition and the network-adjacent attack surface make this relevant for environments where Chrome's Cast feature is actively used on shared or untrusted network segments.
Navigation restriction bypass in Google Chrome's DOM Distiller component on iOS allows a remote attacker to circumvent page navigation controls by serving a specially crafted HTML page. Affected users are running Chrome on iOS prior to version 149.0.7827.53, and exploitation requires the victim to visit an attacker-controlled page. No public exploit identified at time of analysis and EPSS probability sits at 0.02% (4th percentile), consistent with the vendor's own 'Low' severity classification - real-world impact is limited to integrity degradation with no confidentiality or availability consequence.
Privilege escalation in Google Chrome for iOS prior to 149.0.7827.53 allows remote attackers to elevate privileges when a victim is lured into performing specific UI gestures on a crafted HTML page. The flaw stems from insufficient input validation in the Reading List feature and carries a CVSS 3.1 score of 8.8, though EPSS is low at 0.05% and no public exploit identified at time of analysis. Google rates the underlying Chromium severity as Low despite the high CVSS, suggesting realistic exploitability is constrained by the required user interaction.
Remote code execution in Google Chrome versions prior to 149.0.7827.53 stems from a use-after-free flaw in the TabStrip component, enabling a remote attacker who lures a victim to a crafted HTML page to corrupt memory and execute arbitrary code within the renderer context. Google rates the underlying Chromium severity as Low, but the CVSS base score of 8.8 reflects the potential impact when chained with a sandbox escape. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.
Sandbox escape in Google Chrome's GPU process prior to version 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page that triggers an integer overflow. The flaw, tagged as a buffer overflow with information disclosure potential, requires user interaction and a chained renderer compromise, and no public exploit has been identified at time of analysis despite Chromium rating the underlying severity as Low.
Cross-origin data leakage in Google Chrome's Storage Access API affects desktop versions prior to 149.0.7827.53, enabling a remote attacker who has already compromised the renderer process to exfiltrate sensitive cross-origin information via a specially crafted HTML page. Google rates the underlying Chromium severity as Low, though NVD assigns CVSS 7.5 due to the unauthenticated network vector, and no public exploit identified at time of analysis.
UI spoofing in Google Chrome's Permissions implementation prior to version 149.0.7827.53 allows a remote, unauthenticated attacker to deceive users through manipulated browser permission dialogs via a crafted HTML page. Exploitation requires user interaction - a victim must visit a malicious page - and the real-world impact is limited to low-integrity outcomes such as misleading users into granting or denying permissions under false pretenses. No public exploit code exists and this vulnerability has not been added to the CISA KEV catalog at time of analysis.
Cross-origin data leakage in Google Chrome's Permissions subsystem (prior to 149.0.7827.53) enables remote unauthenticated attackers to read data across origin boundaries via a crafted HTML page. The flaw, classified as a race condition (CWE-362) in the Permissions implementation, undermines the browser's Same-Origin Policy enforcement - a foundational web isolation mechanism. No public exploit identified at time of analysis; a vendor-released patch is available in version 149.0.7827.53, and Google has rated this Low severity in Chromium security terms.
Content Settings policy enforcement bypass in Google Chrome prior to 149.0.7827.53 enables remote attackers to circumvent discretionary access control by delivering a crafted HTML page to a victim who must interact with it. Rooted in CWE-284 (Improper Access Control), the flaw affects Chrome's Content Settings subsystem - which governs site-level permissions such as cookies, notifications, and script access - yielding a limited integrity impact with no confidentiality or availability consequences. No public exploit has been identified and the vulnerability is absent from CISA KEV; the vendor itself rates this as Low severity, consistent with the CVSS 4.3 base score.
Information disclosure in Google Chrome DevTools prior to version 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to read potentially sensitive data from process memory by serving a crafted HTML page. The flaw stems from a use-after-free condition (CWE-416) in DevTools, and while Google rates the underlying Chromium severity as Low, the NVD CVSS of 9.6 reflects the cross-origin scope change possible when chained with a prior renderer compromise. No public exploit identified at time of analysis.
Use-after-free in the Network component of Google Chrome prior to version 149.0.7827.53 enables an attacker who has already compromised the renderer process to read potentially sensitive data from process memory by delivering a crafted HTML page. The Changed scope (S:C) in the CVSS vector confirms the vulnerability crosses security boundaries - specifically from the renderer sandbox into the Network process - making this a secondary exploitation step rather than an initial access vector. No public exploit code exists and the vulnerability is not listed in the CISA KEV catalog; Google has released a patched stable channel build.
Navigation restriction bypass in Google Chrome's Lens component prior to version 149.0.7827.53 allows a remote attacker to circumvent browser security boundaries via a crafted HTML page. The flaw requires user interaction (UI:R) to trigger, but no authentication, and Google classifies the Chromium security severity as Low despite the NVD CVSS of 8.8. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Same-origin policy bypass in Google Chrome's IndexedDB implementation affects all versions prior to 149.0.7827.53, enabling an attacker who has already compromised the renderer process to cross origin boundaries via a crafted HTML page. The integrity-only impact (C:N/I:H/A:N) means a successful exploitation could allow unauthorized writes or data manipulation across origins, but does not directly expose confidential data. No public exploit code has been identified at time of analysis, and Google's own Chromium security team rated this Low severity; a vendor-released patch is available at version 149.0.7827.53.
UI spoofing in Google Chrome's Payments component prior to version 149.0.7827.53 enables a remote unauthenticated attacker to mislead users about payment interface elements via a crafted HTML page. The vulnerability stems from inappropriate implementation logic (CWE-451) that allows visual misrepresentation of critical payment-related UI, potentially facilitating phishing or payment fraud against end users who interact with a malicious page. No public exploit code has been identified at time of analysis, and Chromium's internal severity rating is Low, consistent with its limited integrity-only, user-interaction-dependent impact.
Navigation restriction bypass in Google Chrome's Downloads subsystem prior to version 149.0.7827.53 enables a remote unauthenticated attacker to circumvent browser navigation controls by luring a user to a crafted HTML page. The flaw is rooted in an inappropriate implementation classified as CWE-346 (Origin Validation Error), meaning Chrome fails to properly validate the origin of requests or data within the Downloads flow. Rated Medium by CVSS (5.4) and Low by Chromium's own severity scale, no public exploit code or CISA KEV listing has been identified at time of analysis.
Cross-origin data disclosure in Google Chrome versions prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to leak data across origin boundaries by serving a crafted HTML page through the Plugins component. No public exploit has been identified at time of analysis, and Chromium rates the underlying issue as Low severity despite the NVD CVSS of 7.5. The flaw stems from insufficient validation of untrusted input (CWE-20) within Chrome's plugin handling path.
Privilege escalation in Google Chrome's Cast component (versions prior to 149.0.7827.53) allows an adjacent network attacker to elevate privileges by delivering a crafted HTML page that exploits insufficient input validation. Exploitation requires the victim to interact with the malicious content, and no public exploit has been identified at time of analysis despite a CVSS score of 8.0. Google has classified the Chromium security severity as Low, suggesting the practical impact is more constrained than the numeric score implies.
Privilege escalation in Google Chrome prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to escape sandbox-style restrictions via the Extensions subsystem using a crafted HTML page. The flaw requires user interaction and high attack complexity, and is rated Low severity by the Chromium team despite the 7.5 CVSS score; no public exploit identified at time of analysis.
Inappropriate implementation in Google Chrome's DevTools component prior to version 149.0.7827.53 allows a crafted Chrome Extension to access and read sensitive data from process memory. Exploitation requires social engineering a target user into installing a malicious extension, after which the extension can invoke under-guarded DevTools APIs to extract potentially sensitive in-memory content such as credentials, tokens, or session data. No public exploit has been identified at time of analysis, and the EPSS score of 0.01% indicates very low observed exploitation probability; however, the confidentiality impact is rated High by CVSS.
Tab Hover Cards in Google Chrome prior to 149.0.7827.53 render domain names incorrectly, enabling a remote unauthenticated attacker to spoof displayed domain identity via a crafted domain name, misleading users about the true destination of a browser tab. CVSS rates Integrity impact as High (I:H), reflecting the real deception potential in phishing scenarios, while Chromium itself labels this Low severity - a notable contrast worth flagging. No public exploit identified at time of analysis, and EPSS at 0.03% (11th percentile) reflects minimal current exploitation interest.
Same-origin policy bypass in the PreviewTab component of Google Chrome for Android (versions prior to 149.0.7827.53) enables a remote unauthenticated attacker to violate cross-origin isolation and corrupt content integrity. Exploitation requires social engineering - the victim must visit a crafted HTML page and be manipulated into performing specific UI gestures within the PreviewTab interface. The CVSS vector scores high integrity impact (I:H) with no confidentiality or availability impact, indicating an attacker can alter or inject content across origin boundaries but cannot directly exfiltrate data. No public exploit code or CISA KEV listing has been identified; EPSS sits at 0.02% (4th percentile), reflecting very low current exploitation probability.
Domain spoofing in Google Chrome's WebUI component (versions prior to 149.0.7827.53) allows unauthenticated remote attackers to display a misleading domain name in the browser UI by delivering a crafted domain to a victim. The CVSS vector (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) assigns High integrity impact, reflecting the ability to undermine a user's origin-trust decisions - the cornerstone of browser security. No public exploit code exists and EPSS sits at 0.03% (10th percentile), consistent with Google's own 'Low' Chromium severity rating; risk is realistic but non-urgent outside phishing-focused threat models.
Remote code execution in Google Chrome on Linux versions prior to 149.0.7827.53 allows a remote attacker to exploit a use-after-free condition in the Chromoting component via malicious network traffic. The flaw carries a CVSS 3.1 score of 8.1 (high) with no public exploit identified at time of analysis and an EPSS probability of 0.04%, though Google rates the Chromium severity as Low. The vendor has shipped a fix in the stable channel update for desktop.
Same-origin policy bypass in Google Chrome's Network component (versions prior to 149.0.7827.53) enables a post-compromise attacker who already controls the renderer process to subvert cross-origin enforcement via a crafted HTML page. The CVSS integrity impact is rated High (I:H), but exploitation is gated behind a required renderer-process pre-compromise, substantially raising the real-world attack bar. No public exploit code exists and no CISA KEV listing is present; EPSS stands at 0.02% (6th percentile), consistent with Google's own Low severity rating for this issue.
Domain spoofing via Tab Strip UI misrepresentation in Google Chrome prior to 149.0.7827.53 enables remote unauthenticated attackers to deceive users into believing they are visiting a legitimate domain by serving a crafted HTML page that corrupts the displayed origin in the tab strip. The CVSS vector (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) confirms network-accessible exploitation requiring no privileges but requiring user interaction, with integrity impact reflecting successful identity deception rather than data exfiltration or code execution. No public exploit code exists and EPSS at 0.03% (11th percentile) reflects negligible observed exploitation activity; this is not currently listed in the CISA KEV catalog.
UI spoofing in Google Chrome's PointerLock API prior to version 149.0.7827.53 allows an attacker who has already compromised the renderer process to manipulate browser UI presentation via a crafted HTML page. The CVSS score of 4.3 (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) reflects limited integrity-only impact with no confidentiality or availability consequences, and Google itself rated this 'Low' severity. No public exploit has been identified and the EPSS score of 0.05% (15th percentile) confirms very low real-world exploitation probability at time of analysis.
Site isolation bypass in Google Chrome's Navigation component allows a remote attacker who has already compromised the renderer process to break Chrome's cross-origin security boundary via a crafted HTML page. Affected versions are all Chrome releases prior to 149.0.7827.53. The CVSS vector (I:H) reflects high integrity impact against protected origins, but the real-world risk is substantially gated by the prerequisite of renderer process compromise - a condition Google itself rates as 'Low' severity in Chromium's internal classification. No public exploit code or CISA KEV listing has been identified at time of analysis.
Navigation restriction bypass in Google Chrome prior to 149.0.7827.53 allows remote unauthenticated attackers to circumvent Chrome's built-in navigation controls by delivering a crafted HTML page to a victim. The flaw stems from an inappropriate implementation in Chrome's Navigation subsystem (CWE-693: Protection Mechanism Failure), yielding low integrity impact with no confidentiality or availability consequences. No public exploit has been identified at time of analysis and EPSS exploitation probability is 0.02% (4th percentile), consistent with Google Chromium's own Low severity classification for this issue.
Remote code execution in Google Chrome on Windows prior to version 149.0.7827.53 allows a remote attacker to run arbitrary code when a victim is lured into performing specific UI gestures involving a malicious file delivered through the PlatformIntegration component. The flaw stems from improper input validation (CWE-20) and, while a vendor patch is available, no public exploit has been identified at time of analysis and EPSS scoring (0.04%) indicates very low near-term exploitation probability.
Site isolation bypass in Google Chrome's Fenced Frames component allows an attacker who has already compromised the renderer process to cross origin boundaries via a crafted HTML page. Affected versions are all Chrome releases prior to 149.0.7827.53 on desktop platforms. No public exploit code has been identified at time of analysis, and EPSS sits at a low 0.02% (4th percentile), consistent with Chromium's own 'Low' severity rating despite the 6.5 CVSS score - real-world risk is contingent on a separate, preceding renderer exploit.
UI spoofing in Google Chrome's File Input component (versions prior to 149.0.7827.53) enables remote attackers to misrepresent security-critical interface elements to users through specially crafted HTML pages. The attacker must convince a target to perform specific UI gestures - such as drag-and-drop or deliberate click sequences - to trigger incorrect rendering of the browser's file selection security UI. No public exploit identified at time of analysis; EPSS at 0.03% (11th percentile) signals very low exploitation probability, consistent with no CISA KEV listing.
Domain spoofing in Google Chrome's Cronet networking library on Android (versions prior to 149.0.7827.53) enables remote unauthenticated attackers to misrepresent domain names to victims browsing on Android devices. The CVSS vector (AV:N/AC:L/PR:N/UI:R/I:H) confirms high integrity impact with no privileges required, contingent on victim interaction with a crafted URL. EPSS at 0.03% (11th percentile) and no CISA KEV listing indicate no public exploitation at time of analysis, making this primarily a targeted phishing-enablement risk rather than an actively weaponized vector.
Cross-origin data leakage in Google Chrome for iOS prior to version 149.0.7827.53 enables a remote unauthenticated attacker to read sensitive data from cross-origin resources by tricking a user into visiting a crafted HTML page. The flaw stems from an inappropriate implementation in the iOS-specific Chrome code path (CWE-346: Origin Validation Error), undermining the browser's Same-Origin Policy enforcement on Apple's platform. No public exploit code exists and no active exploitation is confirmed; with an EPSS of 0.03% (11th percentile), real-world risk is currently assessed as low despite the high confidentiality impact in the CVSS scoring.
Sandbox escape in Google Chrome prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page that abuses Reading Mode's insufficient input validation. The CVSS 9.6 rating reflects the scope-changing impact (S:C) when chained from a renderer compromise, though EPSS is very low (0.05%) and no public exploit identified at time of analysis. Chromium rates the underlying issue Medium severity, reflecting that prior renderer compromise is a prerequisite.
Cross-origin data leakage in Google Chrome's DevTools component (prior to 149.0.7827.53) enables an attacker to bypass same-origin policy enforcement through a crafted malicious extension. Exploitation requires convincing a target user to install the attacker-controlled extension, after which cross-origin data can be exfiltrated via insufficient DevTools policy controls. No public exploit code has been identified at time of analysis, and the EPSS score of 0.01% (1st percentile) indicates very low observed exploitation probability; the vulnerability is not listed in the CISA KEV catalog.
Safe Browsing bypass in Google Chrome prior to 149.0.7827.53 allows a remote attacker to circumvent discretionary access control protections by delivering a specially crafted RAR file to a victim who interacts with it. The CVSS vector (AV:N/AC:L/PR:N/UI:R) confirms no authentication or elevated privileges are required on the attacker side, but exploitation depends on user interaction - the victim must engage with the malicious RAR file. The integrity impact is rated High (I:H) with no confidentiality or availability impact, indicating the primary risk is bypassing file-based access controls enforced by the Safe Browsing subsystem. No public exploit identified at time of analysis, and EPSS at 0.02% (4th percentile) reflects very low observed exploitation probability.
Sensitive information disclosure in Google Chrome's Passwords component (prior to 149.0.7827.53) allows a remote attacker who has already compromised the renderer process to read potentially sensitive data - including password material - from process memory by delivering a crafted HTML page. The attack carries a CVSS 6.5 (Medium) rating with high confidentiality impact and no integrity or availability consequence. No public exploit has been identified at time of analysis, and EPSS places exploitation probability at 0.03% (11th percentile), consistent with the non-trivial prerequisite of prior renderer compromise.
Memory information disclosure in Google Chrome's Codecs component affects all desktop versions prior to 149.0.7827.53, enabling remote unauthenticated attackers to read potentially sensitive data from browser process memory when a user visits a specially crafted HTML page. The root cause is a use-after-free (CWE-416) in the media codec subsystem, yielding high confidentiality impact with no integrity or availability consequences per CVSS. EPSS is very low at 0.03% (11th percentile) and SSVC confirms no active exploitation, placing this firmly in the routine patch category despite its Medium severity score.
Sandbox escape in Google Chrome versions prior to 149.0.7827.53 allows remote attackers to break out of the browser's renderer sandbox by sending malicious network traffic processed by the Autofill component. The flaw is rated CVSS 9.6 due to scope change and high impact across confidentiality, integrity, and availability, though Chromium itself assigns it Medium severity and EPSS exploitation probability is currently very low (0.05%). No public exploit identified at time of analysis, but a vendor-released patch is available.
Cross-origin data leakage via ServiceWorker policy bypass in Google Chrome affects all desktop versions prior to 149.0.7827.53. Insufficient policy enforcement in Chrome's ServiceWorker API allows unauthenticated remote attackers to read sensitive cross-origin data from a victim's browser session by directing the victim to a crafted HTML page. EPSS exploitation probability is very low at 0.03% (11th percentile), no public exploit code has been identified, and no CISA KEV listing exists at time of analysis - making this a moderate confidentiality risk that warrants patching but is not an immediate emergency for most organizations.
Universal Cross-Site Scripting (UXSS) in Google Chrome for iOS prior to 149.0.7827.53 allows a remote, unauthenticated attacker to inject arbitrary scripts or HTML across origin boundaries by delivering a crafted QR code and convincing the target to perform specific UI gestures within the browser. The CVSS Scope:Changed rating confirms this bypasses the same-origin policy, meaning injected scripts can access sessions and data from other open origins. No public exploit code has been identified at time of analysis, and the EPSS score of 0.07% (22nd percentile) indicates low observed exploitation probability, though the attack is fully network-accessible once social engineering is achieved. Note: the 'RCE' tag attached to this CVE is inconsistent with the description, which describes UXSS - not OS-level code execution - and should be treated as a tagging error.
Navigation restriction bypass in Google Chrome for iOS (versions prior to 149.0.7827.53) exploits an inappropriate implementation within the Signin component, enabling a remote attacker to circumvent navigation controls by delivering a crafted HTML page to a victim. Per CVSS (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N), no authentication is required by the attacker, but user interaction is necessary - the victim must visit or load the malicious page. No public exploit has been identified at time of analysis, SSVC reports exploitation as none, and the EPSS score of 0.02% (4th percentile) indicates very low likelihood of opportunistic exploitation; nevertheless, the high integrity impact warrants prompt patching on all managed iOS Chrome deployments.
Cross-origin data leakage in Google Chrome's GPU implementation on macOS allows remote unauthenticated attackers to exfiltrate sensitive cross-origin information by luring a user to a crafted HTML page. Affected are all Chrome releases on Mac prior to 149.0.7827.53. The vulnerability stems from an inappropriate GPU implementation (CWE-200) and carries no publicly available exploit at time of analysis; EPSS sits at 0.03% (11th percentile), indicating low current exploitation probability. No active exploitation has been confirmed by CISA KEV.
Sandbox escape in Google Chrome for iOS prior to 149.0.7827.53 allows a remote attacker who lures a victim to a malicious page to potentially break out of Chrome's renderer sandbox via crafted HTML. The flaw is rated CVSS 8.8 (High) due to high confidentiality, integrity, and availability impact, though Chromium internally classifies severity as Medium and EPSS exploitation probability is currently very low (0.05%). No public exploit identified at time of analysis.
Remote code execution in Google Chrome versions prior to 149.0.7827.53 stems from a use-after-free condition in the ServiceWorker component that can be triggered by a malicious browser extension. An attacker who convinces a user to install a crafted Chrome Extension can achieve arbitrary code execution within the renderer context. No public exploit has been identified at time of analysis and EPSS exploitation probability is very low at 0.01%, but the high CVSS score (8.8) reflects the severe potential impact.
Cross-origin data leakage in Google Chrome's WebRTC subsystem (versions prior to 149.0.7827.53) allows a remote unauthenticated attacker to read data across origin boundaries when a victim visits a crafted HTML page. The vulnerability carries a CVSS 6.5 Medium score with high confidentiality impact, but mandatory user interaction prevents automated mass exploitation - consistent with SSVC Automatable: no and an EPSS of 0.03% (10th percentile). No public exploit code exists and this CVE is not listed in the CISA Known Exploited Vulnerabilities catalog at time of analysis.
Cross-origin data leakage in Google Chrome's WebRTC implementation allows a network-positioned attacker to extract sensitive cross-origin information via crafted malicious network traffic. Affected versions are all Chrome releases prior to 149.0.7827.53; the fix is available in the stable channel update. No public exploit exists and no active exploitation has been identified - EPSS sits at 0.02% (4th percentile) and CISA SSVC assesses exploitation as none and automation as not feasible, placing real-world urgency well below the raw CVSS confidentiality impact suggests.
Sandbox escape in Google Chrome versions prior to 149.0.7827.53 allows a remote attacker to break out of the browser's renderer sandbox by serving a crafted video file processed by Chrome's media codec stack. The flaw stems from insufficient validation of untrusted input in the Codecs component and requires the victim to load attacker-controlled video content, but successful exploitation yields cross-origin impact (Scope: Changed) with high confidentiality, integrity, and availability impact. No public exploit identified at time of analysis and EPSS exploitation probability is low (0.05%, 15th percentile), though the 9.6 CVSS rating and sandbox-escape primitive make this a high-priority browser patch.
Same-origin policy bypass in Google Chrome's Workers subsystem (versions prior to 149.0.7827.53) permits a remote attacker who has already compromised the renderer process to circumvent cross-origin restrictions via a crafted HTML page, resulting in high-severity integrity impact (CVSS I:H). The flaw, rooted in insufficient policy enforcement (CWE-284), functions as a second-stage chained exploit rather than an initial access vector, requiring renderer compromise as a prerequisite. No active exploitation has been identified (SSVC: exploitation none; EPSS 0.02%), and a vendor-released patch is available as of Chrome 149.0.7827.53.
Sandbox escape in Google Chrome for Android before 149.0.7827.53 lets a remote attacker exploit a use-after-free in the USB component by luring a victim to a crafted HTML page, potentially breaking out of the renderer sandbox. CVSS 8.8 reflects the high impact across confidentiality, integrity, and availability, though successful attack requires user interaction (visiting the page). No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Navigation restriction bypass in Google Chrome's Glic component (versions prior to 149.0.7827.53) enables remote attackers to circumvent browser navigation controls by delivering a crafted HTML page that the victim must open. The vulnerability is rooted in an inappropriate implementation (CWE-284, Improper Access Control) within the Glic subsystem and yields limited but multi-dimensional impact across confidentiality, integrity, and availability (C:L/I:L/A:L). No public exploit identified at time of analysis and this CVE does not appear in CISA KEV; Google has assigned a 'Medium' severity rating consistent with the CVSS 6.3 score.
Universal Cross-Site Scripting (UXSS) in Google Chrome's CSS implementation prior to version 149.0.7827.53 allows remote unauthenticated attackers to inject arbitrary scripts or HTML across origin boundaries via a crafted HTML page, requiring only user interaction. The Scope:Changed CVSS component (S:C) confirms this bypasses Chrome's Same-Origin Policy, enabling access to content from other origins in the victim's browser session. No public exploit code has been identified at time of analysis, and this is not listed in CISA KEV; however, UXSS classes in major browsers are historically targeted by threat actors for session hijacking and credential theft.
Arbitrary code execution within the Chrome renderer sandbox is possible in Google Chrome versions prior to 149.0.7827.53 due to a use-after-free defect in the V8 JavaScript engine. Exploitation requires social engineering a user into installing a malicious Chrome Extension, after which a crafted extension can trigger the memory corruption and run attacker-controlled code inside the sandboxed process. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Navigation restriction bypass in Google Chrome prior to 149.0.7827.53 allows a remote, unauthenticated attacker to circumvent policy enforcement in the browser's Actor component by delivering a crafted HTML page to a target user. The flaw (CWE-602) enables unauthorized navigation actions that could expose users to cross-origin manipulation or redirects with low but non-trivial confidentiality, integrity, and availability impact. No public exploit has been identified at time of analysis, and EPSS of 0.02% combined with SSVC exploitation status of none indicates limited active threat, though the broad attack surface of any Chrome desktop user visiting a malicious page warrants timely patching.
Out-of-bounds read in Chrome's GWP-ASan memory safety subsystem (versions prior to 149.0.7827.53) enables a local attacker to disclose potentially sensitive contents from process memory by delivering a malicious file to the target. The vulnerability carries a CVSS 6.5 Medium score with high confidentiality impact but no integrity or availability impact, consistent with a pure information-disclosure class. No public exploit code has been identified at time of analysis, EPSS exploitation probability is extremely low at 0.01% (1st percentile), and SSVC assessment confirms no known active exploitation, collectively indicating a low near-term threat priority despite the notable confidentiality impact rating.
Out-of-bounds write in the V8 JavaScript engine of Google Chrome prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to execute arbitrary code within the sandbox via a crafted HTML page. The flaw requires user interaction (visiting a malicious page) and prior renderer compromise, and no public exploit identified at time of analysis. CVSS 8.8 reflects high impact across confidentiality, integrity, and availability, though Google classifies the Chromium severity as Medium.
Remote code execution in Google Chrome's Blink rendering engine prior to 149.0.7827.53 allows remote attackers to execute arbitrary code within the renderer sandbox by enticing a user to visit a crafted HTML page. The flaw stems from an integer overflow (CWE-472) in Blink and carries a CVSS 3.1 score of 8.8; no public exploit identified at time of analysis, though a vendor patch has been released through the Chrome Stable channel update.
Sandbox escape in Google Chrome on iOS before 149.0.7827.53 can be triggered by a remote attacker who lures a user to a malicious HTML page that abuses a use-after-free condition in the WebMIDI subsystem. Successful exploitation breaks out of the renderer sandbox with high confidentiality, integrity, and availability impact, though no public exploit is identified at time of analysis and EPSS probability is very low (0.03%).
Remote code execution in Google Chrome's Blink rendering engine prior to version 149.0.7827.53 allows a remote attacker to execute arbitrary code within the renderer sandbox by luring a user to a crafted HTML page. The flaw is a use-after-free memory corruption issue (CWE-416) tagged for RCE and DoS impact, and no public exploit has been identified at time of analysis. CISA SSVC currently lists exploitation as 'none' despite the high CVSS 8.8 score, indicating significant theoretical impact but no observed in-the-wild activity yet.
Privilege escalation in Google Chrome prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page that abuses insufficient input validation in the Extensions component. Google rates the Chromium severity as Medium while NVD assigns CVSS 7.5 (High); no public exploit identified at time of analysis and CISA SSVC reports no observed exploitation.
Remote code execution in Google Chrome on Windows prior to 149.0.7827.53 allows attackers to run arbitrary code within the browser sandbox by enticing a user to visit a crafted HTML page that triggers a use-after-free in the WebML component. Although Chromium rates the severity as Medium, the CVSS 3.1 base score is 8.8 (High), reflecting high impact across confidentiality, integrity, and availability with low attack complexity. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Remote code execution in Google Chrome versions prior to 149.0.7827.53 allows attackers to execute arbitrary code within the renderer sandbox through a use-after-free flaw in the Canvas component. Exploitation requires a victim to visit a crafted HTML page, and no public exploit has been identified at time of analysis. Google rates this as Medium severity internally despite the CVSS 8.8 score, reflecting the sandbox containment limit.
Remote code execution in Google Chrome versions prior to 149.0.7827.53 stems from a use-after-free flaw in the Media component, allowing a remote attacker who can lure a victim to a crafted HTML page to execute arbitrary code within the renderer sandbox. The high CVSS score of 8.8 reflects the severe impact triad (C:H/I:H/A:H), though exploitation requires user interaction (UI:R) and code execution is contained within Chrome's sandbox boundary. There is no public exploit identified at time of analysis, and SSVC indicates no observed exploitation.
Cross-origin data leakage in Google Chrome's Web Share API prior to version 149.0.7827.53 allows a remote attacker to extract sensitive cross-origin information by convincing a user to perform specific UI gestures on a crafted HTML page, violating browser same-origin policy guarantees. The CVSS vector (AV:N/AC:L/PR:N/UI:R/C:H) reflects high confidentiality impact with no authentication required on the attacker's side, though mandatory user interaction reduces realistic exploitation probability significantly. No public exploit has been identified at time of analysis, and an EPSS score of 0.04% (13th percentile) corroborates low current exploitation activity.
Domain spoofing via crafted WebAPK in Google Chrome on Android prior to 149.0.7827.53 enables remote unauthenticated attackers to deceive users about the web origin of installed Progressive Web Apps, with high integrity impact as confirmed by the CVSS I:H rating. The CVSS vector (AV:N/AC:L/PR:N/UI:R) confirms the attack is network-accessible and requires no privileges, though user interaction is a necessary precondition. No public exploits have been identified and EPSS sits at 0.03% (10th percentile), indicating minimal observed exploitation pressure; however, the trust-abuse potential for phishing campaigns makes timely patching advisable.
Cross-origin data leakage in Google Chrome DevTools affects all versions prior to 149.0.7827.53, exploitable through a crafted malicious Chrome Extension. The inappropriate DevTools implementation allows an attacker who successfully social-engineers a victim into installing the extension to read data from cross-origin contexts - violating the browser's same-origin isolation guarantees at the DevTools layer. No public exploit code exists and no CISA KEV listing is present; EPSS at 0.02% (4th percentile) confirms low exploitation probability in the wild, making this a routine patch-cycle priority rather than an emergency response item.
Remote code execution in Google Chrome prior to 149.0.7827.53 allows a remote attacker to execute arbitrary code within the renderer sandbox by enticing a user to visit a crafted HTML page that triggers a use-after-free in the Compositing component. The flaw carries a CVSS 8.8 rating and is tagged as RCE/DoS/memory corruption, though no public exploit identified at time of analysis and Google rates the security severity as Medium. Exploitation is constrained to in-sandbox code execution and requires user interaction (visiting the malicious page).
Heap corruption in Google Chrome versions prior to 149.0.7827.53 stems from an integer overflow in the Skia graphics library that can be triggered by a crafted HTML page. Remote attackers can lure a victim to a malicious web page to potentially achieve arbitrary code execution within the renderer process. No public exploit identified at time of analysis, and EPSS exploitation probability is low at 0.03% (11th percentile), though Chrome rendering bugs historically attract exploit development.
Uninitialized memory read in Chrome's ANGLE graphics layer prior to version 149.0.7827.53 allows remote attackers to obtain sensitive process memory contents through a crafted HTML page, with no authentication required but mandatory user interaction. The vulnerability carries a CVSS Confidentiality impact of High (C:H), indicating potentially significant data exposure despite the Medium overall score of 6.5. EPSS is low at 0.03% (11th percentile) and no CISA KEV listing exists, meaning no public exploit or confirmed widespread exploitation has been identified at time of analysis.
Universal Cross-Site Scripting (UXSS) in Google Chrome's Keyboard implementation prior to version 149.0.7827.53 enables remote unauthenticated attackers to inject arbitrary scripts or HTML across origin boundaries via a crafted HTML page. The Scope:Changed CVSS vector reflects the fundamental nature of this class: successful exploitation bypasses the Same-Origin Policy, potentially granting script access to sessions, cookies, and DOM content across all origins open in the browser. No public exploit has been identified at time of analysis, and the EPSS score of 0.06% (18th percentile) indicates low current exploitation probability, though UXSS primitives are historically high-value for targeted attacks.
Cross-origin data leakage in Google Chrome's Skia graphics library affects all versions prior to 149.0.7827.53, exploitable by a remote attacker who has already compromised the renderer process. Via a crafted HTML page, the attacker can abuse insufficient input validation in Skia to extract sensitive cross-origin data, bypassing browser isolation boundaries. No public exploit code has been identified at time of analysis, and the EPSS score of 0.05% (15th percentile) reflects low observed exploitation activity.
Remote code execution in Google Chrome's WebRTC component prior to 149.0.7827.53 allows remote attackers to execute arbitrary code within the renderer sandbox when a victim visits a crafted HTML page. The flaw is a use-after-free memory corruption issue rated CVSS 8.8 with high impact across confidentiality, integrity, and availability, though execution remains confined to the sandbox and no public exploit identified at time of analysis.
Remote code execution in Google Chrome on Windows prior to 149.0.7827.53 allows a remote attacker to exploit a use-after-free condition in the Views component via a crafted HTML page. The flaw carries a CVSS 3.1 score of 8.8 with network attack vector and requires user interaction (visiting a malicious page), and no public exploit has been identified at time of analysis despite Google's vendor patch being released.
Arbitrary code execution within the Chrome sandbox affects Google Chrome desktop builds prior to 149.0.7827.53 due to an inappropriate implementation in the Isolated Web Apps (IWA) component. A remote attacker who convinces a user to open a malicious file can execute code confined to the sandbox process, with no public exploit identified at time of analysis and an EPSS score of only 0.03% (10th percentile) indicating low predicted exploitation likelihood. Google has shipped a fix in the stable channel update for desktop.
Sandbox escape in Google Chrome versions prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page processed by the codec subsystem. The flaw requires user interaction (visiting a malicious page) and a prior renderer compromise, but if chained successfully it enables full code execution on the host with a scope change. No public exploit identified at time of analysis and EPSS probability is very low (0.05%), but the 9.6 CVSS reflects the high impact of a successful sandbox escape.
Sandbox escape in Google Chrome's ANGLE graphics layer prior to version 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page. The flaw stems from an integer overflow (CWE-472) in ANGLE and requires user interaction (visiting a malicious page) plus a prior renderer compromise to chain into full sandbox escape. No public exploit identified at time of analysis, and EPSS is very low (0.03%), but Google rates the underlying issue as Medium severity within Chromium.
Sandbox-confined arbitrary code execution in Google Chrome versions prior to 149.0.7827.53 stems from an inappropriate implementation in the Dawn WebGPU component, enabling a remote attacker who has already compromised the renderer process to run code inside the sandbox via a crafted HTML page. The CVSS 8.8 rating reflects high impact across confidentiality, integrity, and availability when combined with user interaction (visiting a page), though Chromium classified the underlying severity as Medium. No public exploit identified at time of analysis, but a vendor patch is available in the Stable channel update for desktop.
Remote code execution in Google Chrome versions prior to 149.0.7827.53 allows a remote attacker to execute arbitrary code within the renderer sandbox by serving a crafted HTML page that triggers a bad cast in the Dawn WebGPU implementation. The flaw carries a CVSS 8.8 rating with user interaction required (visiting a malicious page), and no public exploit has been identified at time of analysis despite Google rating the underlying Chromium severity as Medium. The vendor has released a patched stable channel build addressing this issue alongside other fixes.
Remote code execution in Google Chrome versions prior to 149.0.7827.53 stems from a type confusion flaw in the CSS engine that lets a remote attacker run arbitrary code within the renderer sandbox by enticing a victim to load a crafted HTML page. The CVSS 8.8 score reflects network reach with low attack complexity but requires user interaction (UI:R) to visit the malicious page, and no public exploit identified at time of analysis. A vendor patch is available via the Chrome Stable channel update published in June 2026.