Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
12,811 matching · page 16/257Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2026-14048(opens NVD record) | Medium | 6.5 | Use after free in Chromecast in Google Chrome prior to 150.0.7871.47 allowed an attacker on the local network segment to obtain potentially sensitive information from process memory via a malicious peripheral. (Chromium security severity: Low) | Jun 30, 2026 |
| CVE-2026-14035(opens NVD record) | Medium | 6.5 | Insufficient policy enforcement in Bluetooth in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low) | Jun 30, 2026 |
| CVE-2026-14033(opens NVD record) | Medium | 6.5 | Insufficient policy enforcement in Media in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: Low) | Jun 30, 2026 |
| CVE-2026-14032(opens NVD record) | High | 8.1 | Use after free in Bluetooth in Google Chrome on Mac prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Low) | Jun 30, 2026 |
| CVE-2026-14031(opens NVD record) | Medium | 4.3 | Inappropriate implementation in File Input in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | Jun 30, 2026 |
| CVE-2026-14026(opens NVD record) | Medium | 4.2 | Incorrect security UI in SplitView in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | Jun 30, 2026 |
| CVE-2026-14018(opens NVD record) | High | 7.8 | Use after free in Updater in Google Chrome on Windows prior to 150.0.7871.47 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: Medium) | Jun 30, 2026 |
| CVE-2026-14015(opens NVD record) | Medium | 6.5 | Race in WebRTC in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | Jun 30, 2026 |
| CVE-2026-14012(opens NVD record) | Medium | 5.3 | Side-channel information leakage in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) | Jun 30, 2026 |
| CVE-2026-14010(opens NVD record) | Medium | 6.5 | Uninitialized Use in Codecs in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) | Jun 30, 2026 |
| CVE-2026-13995(opens NVD record) | Medium | 4.3 | Insufficient validation of untrusted input in Autofill in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | Jun 30, 2026 |
| CVE-2026-13994(opens NVD record) | Medium | 4.3 | Inappropriate implementation in Credential Management in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | Jun 30, 2026 |
| CVE-2026-13993(opens NVD record) | Medium | 4.2 | Incorrect security UI in WebAppInstalls in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium) | Jun 30, 2026 |
| CVE-2026-13990(opens NVD record) | Medium | 6.5 | Insufficient validation of untrusted input in DataTransfer in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | Jun 30, 2026 |
| CVE-2026-13987(opens NVD record) | Medium | 4.3 | Incorrect security UI in Mobile in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | Jun 30, 2026 |
| CVE-2026-13983(opens NVD record) | Medium | 4.2 | Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) | Jun 30, 2026 |
| CVE-2026-13973(opens NVD record) | Medium | 4.2 | Inappropriate implementation in UI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | Jun 30, 2026 |
| CVE-2026-13971(opens NVD record) | Medium | 5.3 | Uninitialized Use in Skia in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) | Jun 30, 2026 |
| CVE-2026-13970(opens NVD record) | Medium | 5.3 | Uninitialized Use in Media in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) | Jun 30, 2026 |
| CVE-2026-13961(opens NVD record) | Medium | 5.3 | Insufficient validation of untrusted input in DevTools in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) | Jun 30, 2026 |
| CVE-2026-13958(opens NVD record) | Medium | 6.5 | Uninitialized Use in Codecs in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) | Jun 30, 2026 |
| CVE-2026-13951(opens NVD record) | High | 8.3 | Insufficient policy enforcement in USB in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) | Jun 30, 2026 |
| CVE-2026-13931(opens NVD record) | Medium | 6.5 | Inappropriate implementation in Media in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | Jun 30, 2026 |
| CVE-2026-13925(opens NVD record) | High | 7.5 | Inappropriate implementation in Downloads in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Medium) | Jun 30, 2026 |
| CVE-2026-13920(opens NVD record) | Critical | 9.6 | Insufficient validation of untrusted input in Media in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) | Jun 30, 2026 |
| CVE-2026-13918(opens NVD record) | High | 8.8 | Use after free in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | Jun 30, 2026 |
| CVE-2026-13916(opens NVD record) | Medium | 4.3 | Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | Jun 30, 2026 |
| CVE-2026-13915(opens NVD record) | High | 8.8 | Use after free in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | Jun 30, 2026 |
| CVE-2026-13913(opens NVD record) | Medium | 6.5 | Insufficient policy enforcement in Autofill in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | Jun 30, 2026 |
| CVE-2026-13912(opens NVD record) | Medium | 4.3 | Inappropriate implementation in Safe Browsing in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | Jun 30, 2026 |
| CVE-2026-13910(opens NVD record) | Medium | 6.5 | Insufficient policy enforcement in WebXR in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | Jun 30, 2026 |
| CVE-2026-13902(opens NVD record) | Medium | 4.3 | Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | Jun 30, 2026 |
| CVE-2026-13896(opens NVD record) | Medium | 6.5 | Insufficient policy enforcement in Glic in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) | Jun 30, 2026 |
| CVE-2026-13894(opens NVD record) | Medium | 6.5 | Insufficient policy enforcement in Network in Google Chrome prior to 150.0.7871.47 allowed an attacker in a privileged network position to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) | Jun 30, 2026 |
| CVE-2026-13891(opens NVD record) | High | 7.5 | Insufficient validation of untrusted input in Extensions in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium) | Jun 30, 2026 |
| CVE-2026-13890(opens NVD record) | Medium | 5.3 | Out of bounds read in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) | Jun 30, 2026 |
| CVE-2026-13888(opens NVD record) | High | 8.8 | Use after free in Extensions in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | Jun 30, 2026 |
| CVE-2026-13887(opens NVD record) | Medium | 6.5 | Inappropriate implementation in NFC in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | Jun 30, 2026 |
| CVE-2026-13886(opens NVD record) | Medium | 6.5 | Insufficient policy enforcement in Isolated Web Apps in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium) | Jun 30, 2026 |
| CVE-2026-13883(opens NVD record) | Critical | 9.6 | Type Confusion in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) | Jun 30, 2026 |
| CVE-2026-13882(opens NVD record) | Critical | 9.6 | Race in USB in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) | Jun 30, 2026 |
| CVE-2026-13881(opens NVD record) | Medium | 6.5 | Inappropriate implementation in WebAppInstalls in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) | Jun 30, 2026 |
| CVE-2026-13879(opens NVD record) | Medium | 6.5 | Use after free in Bluetooth in Google Chrome prior to 150.0.7871.47 allowed an attacker on the local network segment to obtain potentially sensitive information from process memory via a malicious peripheral. (Chromium security severity: Medium) | Jun 30, 2026 |
| CVE-2026-13877(opens NVD record) | Medium | 5.3 | Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) | Jun 30, 2026 |
| CVE-2026-13875(opens NVD record) | Medium | 5.3 | Insufficient validation of untrusted input in GPU in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) | Jun 30, 2026 |
| CVE-2026-13874(opens NVD record) | Medium | 5.3 | Race in DataTransfer in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) | Jun 30, 2026 |
| CVE-2026-13873(opens NVD record) | Medium | 6.5 | Out of bounds read in Layout in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) | Jun 30, 2026 |
| CVE-2026-13872(opens NVD record) | Critical | 9.1 | Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to potentially perform a sandbox escape via a malicious file. (Chromium security severity: Medium) | Jun 30, 2026 |
| CVE-2026-13869(opens NVD record) | Critical | 9.6 | Use after free in Device in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) | Jun 30, 2026 |
| CVE-2026-13868(opens NVD record) | Medium | 6.5 | Inappropriate implementation in Network in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium) | Jun 30, 2026 |