Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
76,824 matching · page 57/1537Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2026-11168(opens NVD record) | Medium | 6.5 | Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) | Jun 4, 2026 |
| CVE-2026-11166(opens NVD record) | Medium | 6.8 | Inappropriate implementation in SVG in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Medium) | Jun 4, 2026 |
| CVE-2026-11164(opens NVD record) | High | 8.8 | Use after free in Blink in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | Jun 4, 2026 |
| CVE-2026-11162(opens NVD record) | Medium | 4.3 | Inappropriate implementation in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | Jun 4, 2026 |
| CVE-2026-11161(opens NVD record) | Medium | 4.3 | Inappropriate implementation in DataTransfer in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | Jun 4, 2026 |
| CVE-2026-11159(opens NVD record) | Medium | 4.3 | Uninitialized Use in Skia in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | Jun 4, 2026 |
| CVE-2026-11157(opens NVD record) | Medium | 5.4 | Script injection in Accessibility in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts or HTML (UXSS) via a crafted Chrome Extension. (Chromium security severity: Medium) | Jun 4, 2026 |
| CVE-2026-11156(opens NVD record) | Medium | 4.3 | Inappropriate implementation in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | Jun 4, 2026 |
| CVE-2026-11155(opens NVD record) | Medium | 4.3 | Inappropriate implementation in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | Jun 4, 2026 |
| CVE-2026-11154(opens NVD record) | High | 7.5 | Use after free in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) | Jun 4, 2026 |
| CVE-2026-11153(opens NVD record) | Critical | 9.1 | Side-channel information leakage in Forms in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | Jun 4, 2026 |
| CVE-2026-11152(opens NVD record) | Critical | 9.6 | Object lifecycle issue in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) | Jun 4, 2026 |
| CVE-2026-11151(opens NVD record) | High | 7.5 | Insufficient validation of untrusted input in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) | Jun 4, 2026 |
| CVE-2026-11150(opens NVD record) | Medium | 6.1 | Inappropriate implementation in XML in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Medium) | Jun 4, 2026 |
| CVE-2026-11149(opens NVD record) | High | 7.5 | Insufficient validation of untrusted input in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium) | Jun 4, 2026 |
| CVE-2026-11147(opens NVD record) | High | 8.8 | Use after free in WebML in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | Jun 4, 2026 |
| CVE-2026-11146(opens NVD record) | Critical | 9.6 | Insufficient validation of untrusted input in Chromoting in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) | Jun 4, 2026 |
| CVE-2026-11144(opens NVD record) | High | 8.8 | Use after free in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted video file. (Chromium security severity: Medium) | Jun 4, 2026 |
| CVE-2026-11142(opens NVD record) | Medium | 6.5 | Insufficient policy enforcement in Paint in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) | Jun 4, 2026 |
| CVE-2026-11141(opens NVD record) | Medium | 6.5 | Uninitialized Use in Audio in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) | Jun 4, 2026 |
| CVE-2026-11140(opens NVD record) | Medium | 6.5 | Out of bounds read in Chromecast in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) | Jun 4, 2026 |
| CVE-2026-11139(opens NVD record) | Medium | 6.5 | Inappropriate implementation in Paint in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | Jun 4, 2026 |
| CVE-2026-11138(opens NVD record) | Medium | 6.5 | Uninitialized Use in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | Jun 4, 2026 |
| CVE-2026-11137(opens NVD record) | Medium | 6.5 | Uninitialized Use in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) | Jun 4, 2026 |
| CVE-2026-11136(opens NVD record) | High | 8.8 | Use after free in Canvas in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | Jun 4, 2026 |
| CVE-2026-11135(opens NVD record) | Medium | 6.5 | Insufficient policy enforcement in Autofill in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Medium) | Jun 4, 2026 |
| CVE-2026-11134(opens NVD record) | Medium | 6.5 | Inappropriate implementation in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | Jun 4, 2026 |
| CVE-2026-11133(opens NVD record) | Medium | 6.5 | Insufficient policy enforcement in Paint in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) | Jun 4, 2026 |
| CVE-2026-11132(opens NVD record) | Medium | 6.5 | Insufficient policy enforcement in Paint in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) | Jun 4, 2026 |
| CVE-2026-11130(opens NVD record) | High | 8.8 | Use after free in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | Jun 4, 2026 |
| CVE-2026-11129(opens NVD record) | Medium | 6.5 | Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | Jun 4, 2026 |
| CVE-2026-11128(opens NVD record) | Medium | 6.5 | Inappropriate implementation in Web Share in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | Jun 4, 2026 |
| CVE-2026-11126(opens NVD record) | Medium | 4.3 | Inappropriate implementation in DevTools in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Medium) | Jun 4, 2026 |
| CVE-2026-11125(opens NVD record) | High | 8.8 | Use after free in Compositing in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | Jun 4, 2026 |
| CVE-2026-11124(opens NVD record) | High | 8.8 | Integer overflow in Skia in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | Jun 4, 2026 |
| CVE-2026-11123(opens NVD record) | Medium | 6.5 | Uninitialized Use in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) | Jun 4, 2026 |
| CVE-2026-11122(opens NVD record) | Medium | 6.1 | Inappropriate implementation in Keyboard in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Medium) | Jun 4, 2026 |
| CVE-2026-11121(opens NVD record) | Medium | 6.5 | Insufficient validation of untrusted input in Skia in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | Jun 4, 2026 |
| CVE-2026-11118(opens NVD record) | High | 8.8 | Use after free in WebRTC in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | Jun 4, 2026 |
| CVE-2026-11117(opens NVD record) | High | 8.8 | Use after free in Views in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Medium) | Jun 4, 2026 |
| CVE-2026-11116(opens NVD record) | High | 8.8 | Use after free in Chromoting in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Medium) | Jun 4, 2026 |
| CVE-2026-11115(opens NVD record) | High | 7.3 | Use after free in Updater in Google Chrome on Windows prior to 149.0.7827.53 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: Medium) | Jun 4, 2026 |
| CVE-2026-11111(opens NVD record) | High | 8.1 | Out of bounds read in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) | Jun 4, 2026 |
| CVE-2026-11110(opens NVD record) | Medium | 6.5 | Uninitialized Use in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | Jun 4, 2026 |
| CVE-2026-11109(opens NVD record) | Medium | 6.5 | Uninitialized Use in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | Jun 4, 2026 |
| CVE-2026-11107(opens NVD record) | Medium | 4.3 | Inappropriate implementation in Downloads in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | Jun 4, 2026 |
| CVE-2026-11106(opens NVD record) | Medium | 6.5 | Inappropriate implementation in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | Jun 4, 2026 |
| CVE-2026-11105(opens NVD record) | Medium | 6.5 | Insufficient validation of untrusted input in WebUI in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | Jun 4, 2026 |
| CVE-2026-11104(opens NVD record) | Medium | 6.5 | Uninitialized Use in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) | Jun 4, 2026 |
| CVE-2026-11103(opens NVD record) | High | 7.8 | Inappropriate implementation in Installer in Google Chrome on Windows prior to 149.0.7827.53 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: Medium) | Jun 4, 2026 |