Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-11180

Summary
Assigner-Chrome
Assigner Org ID-ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28
Published At-04 Jun, 2026 | 23:05
Updated At-05 Jun, 2026 | 16:25
Rejected At-
Credits

Inappropriate implementation in SVG in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Chrome
Assigner Org ID:ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28
Published At:04 Jun, 2026 | 23:05
Updated At:05 Jun, 2026 | 16:25
Rejected At:
â–¼CVE Numbering Authority (CNA)

Inappropriate implementation in SVG in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Affected Products
Vendor
Google LLCGoogle
Product
Chrome
Versions
Affected
  • From 149.0.7827.53 before 149.0.7827.53 (custom)
Problem Types
TypeCWE IDDescription
N/AN/APolicy bypass
Type: N/A
CWE ID: N/A
Description: Policy bypass
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html
N/A
https://issues.chromium.org/issues/502631225
N/A
Hyperlink: https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html
Resource: N/A
Hyperlink: https://issues.chromium.org/issues/502631225
Resource: N/A
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-200CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Type: CWE
CWE ID: CWE-200
Description: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:chrome-cve-admin@google.com
Published At:04 Jun, 2026 | 23:17
Updated At:05 Jun, 2026 | 17:16

Inappropriate implementation in SVG in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-200Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-200
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.htmlchrome-cve-admin@google.com
N/A
https://issues.chromium.org/issues/502631225chrome-cve-admin@google.com
N/A
Hyperlink: https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html
Source: chrome-cve-admin@google.com
Resource: N/A
Hyperlink: https://issues.chromium.org/issues/502631225
Source: chrome-cve-admin@google.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

361Records found
CVE-2011-2863
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.19% / 40.19%
||
7 Day CHG~0.00%
Published-03 Jun, 2020 | 22:50
Updated-06 Aug, 2024 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in V8 in Google Chrome prior to 14.0.0.0 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-11182
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 10.82%
||
7 Day CHG~0.00%
Published-04 Jun, 2026 | 23:05
Updated-05 Jun, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in SVG in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLC
Product-Chrome
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-11168
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 10.82%
||
7 Day CHG~0.00%
Published-04 Jun, 2026 | 23:05
Updated-05 Jun, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLC
Product-Chrome
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-11209
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 10.82%
||
7 Day CHG~0.00%
Published-04 Jun, 2026 | 23:05
Updated-05 Jun, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLC
Product-Chrome
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-11271
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 10.82%
||
7 Day CHG~0.00%
Published-04 Jun, 2026 | 23:06
Updated-05 Jun, 2026 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

Action-Not Available
Vendor-Google LLC
Product-Chrome
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-11203
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 10.82%
||
7 Day CHG~0.00%
Published-04 Jun, 2026 | 23:05
Updated-05 Jun, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in GPU in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLC
Product-Chrome
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-0441
Matching Score-10
Assigner-Google LLC
ShareView Details
Matching Score-10
Assigner-Google LLC
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 23.04%
||
7 Day CHG~0.00%
Published-15 Jan, 2025 | 10:58
Updated-21 Apr, 2025 | 20:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Fenced Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to obtain potentially sensitive information from the system via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-13744
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-2.57% / 85.81%
||
7 Day CHG~0.00%
Published-10 Dec, 2019 | 21:01
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in cookies in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Action-Not Available
Vendor-Google LLCRed Hat, Inc.Fedora ProjectDebian GNU/Linux
Product-enterprise_linux_serverenterprise_linux_for_scientific_computingdebian_linuxchromeenterprise_linux_workstationfedoraenterprise_linux_desktopChrome
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-13737
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-2.57% / 85.81%
||
7 Day CHG~0.00%
Published-10 Dec, 2019 | 21:01
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in autocomplete in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

Action-Not Available
Vendor-Google LLCRed Hat, Inc.Fedora ProjectDebian GNU/Linux
Product-enterprise_linux_serverenterprise_linux_for_scientific_computingdebian_linuxchromeenterprise_linux_workstationfedoraenterprise_linux_desktopChrome
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-9912
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 10.87%
||
7 Day CHG~0.00%
Published-28 May, 2026 | 22:25
Updated-01 Jun, 2026 | 18:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in GPU in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Google LLC
Product-androidchromeChrome
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-9981
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 9.07%
||
7 Day CHG-0.00%
Published-28 May, 2026 | 22:25
Updated-01 Jun, 2026 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Microsoft CorporationLinux Kernel Organization, IncApple Inc.Google LLC
Product-linux_kernelwindowsmacoschromeChrome
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-5291
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 20.08%
||
7 Day CHG~0.00%
Published-01 Apr, 2026 | 04:41
Updated-01 Apr, 2026 | 16:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in WebGL in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationGoogle LLCLinux Kernel Organization, Inc
Product-linux_kernelchromewindowsmacosChrome
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-2317
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.02% / 5.91%
||
7 Day CHG~0.00%
Published-11 Feb, 2026 | 18:08
Updated-13 Feb, 2026 | 17:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Animation in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Linux Kernel Organization, IncApple Inc.Microsoft CorporationGoogle LLC
Product-chromelinux_kernelmacoswindowsChrome
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2010-3917
Matching Score-10
Assigner-JPCERT/CC
ShareView Details
Matching Score-10
Assigner-JPCERT/CC
CVSS Score-6.5||MEDIUM
EPSS-0.47% / 64.76%
||
7 Day CHG~0.00%
Published-06 Feb, 2020 | 12:52
Updated-07 Aug, 2024 | 03:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 3.0 does not properly handle XML documents, which allows remote attackers to obtain sensitive information via a crafted web site.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-9429
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.5||MEDIUM
EPSS-0.23% / 45.88%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 21:33
Updated-18 Dec, 2024 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In buildImageItemsIfPossible of ItemTable.cpp there is a possible out of bound read due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2022-1139
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.23% / 45.63%
||
7 Day CHG~0.00%
Published-22 Jul, 2022 | 23:38
Updated-02 Aug, 2024 | 23:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Background Fetch API in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-203
Observable Discrepancy
CVE-2024-4059
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.22% / 45.03%
||
7 Day CHG~0.00%
Published-01 May, 2024 | 12:49
Updated-04 Nov, 2025 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bounds read in V8 API in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to leak cross-site data via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Fedora ProjectGoogle LLC
Product-fedorachromeChrome
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-0792
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.48% / 65.61%
||
7 Day CHG~0.00%
Published-05 Apr, 2022 | 00:25
Updated-02 Aug, 2024 | 23:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bounds read in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-1137
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.19% / 40.36%
||
7 Day CHG~0.00%
Published-22 Jul, 2022 | 23:38
Updated-02 Aug, 2024 | 23:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Extensions in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to leak potentially sensitive information via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2025-1921
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.18% / 39.95%
||
7 Day CHG~0.00%
Published-05 Mar, 2025 | 03:48
Updated-01 Apr, 2025 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Media Stream in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to obtain information about a peripheral via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-1230
Exposure of Sensitive Information Through Metadata
CVE-2022-2160
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 43.67%
||
7 Day CHG~0.00%
Published-28 Jul, 2022 | 00:40
Updated-02 Jun, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from a user's local files via a crafted HTML page.

Action-Not Available
Vendor-Microsoft CorporationGoogle LLCFedora Project
Product-fedorawindowschromeChrome
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2022-0294
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.19% / 41.07%
||
7 Day CHG~0.00%
Published-12 Feb, 2022 | 01:35
Updated-02 Aug, 2024 | 23:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Push messaging in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CVE-2021-21209
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.63% / 70.72%
||
7 Day CHG~0.00%
Published-26 Apr, 2021 | 16:25
Updated-03 Aug, 2024 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in storage in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLCDebian GNU/Linux
Product-chromedebian_linuxfedoraChrome
CWE ID-CWE-346
Origin Validation Error
CVE-2022-0462
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.27% / 50.82%
||
7 Day CHG-0.26%
Published-05 Apr, 2022 | 00:51
Updated-02 Aug, 2024 | 23:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Scroll in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CVE-2022-1873
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.18% / 38.94%
||
7 Day CHG~0.00%
Published-27 Jul, 2022 | 21:20
Updated-03 Aug, 2024 | 00:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in COOP in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2021-21181
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-1.20% / 79.30%
||
7 Day CHG~0.00%
Published-09 Mar, 2021 | 17:46
Updated-03 Aug, 2024 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Side-channel information leakage in autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLCDebian GNU/Linux
Product-chromedebian_linuxfedoraChrome
CWE ID-CWE-203
Observable Discrepancy
CVE-2022-1868
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.17% / 38.49%
||
7 Day CHG~0.00%
Published-27 Jul, 2022 | 21:19
Updated-03 Aug, 2024 | 00:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Extensions API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CVE-2022-1128
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.39% / 60.64%
||
7 Day CHG~0.00%
Published-22 Jul, 2022 | 23:36
Updated-02 Aug, 2024 | 23:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Web Share API in Google Chrome on Windows prior to 100.0.4896.60 allowed an attacker on the local network segment to leak cross-origin data via a crafted HTML page.

Action-Not Available
Vendor-Google LLCMicrosoft Corporation
Product-chromewindowsChrome
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-0806
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.15% / 35.55%
||
7 Day CHG~0.00%
Published-05 Apr, 2022 | 00:25
Updated-02 Aug, 2024 | 23:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Data leak in Canvas in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in screen sharing to potentially leak cross-origin data via a crafted HTML page.

Action-Not Available
Vendor-Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-chromewindowsmacoslinux_kernelChrome
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-1862
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.23% / 46.22%
||
7 Day CHG~0.00%
Published-27 Jul, 2022 | 21:17
Updated-03 Aug, 2024 | 00:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Extensions in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass profile restrictions via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CVE-2022-0291
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.17% / 37.69%
||
7 Day CHG+0.08%
Published-12 Feb, 2022 | 01:35
Updated-02 Aug, 2024 | 23:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Storage in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CVE-2020-8910
Matching Score-8
Assigner-Google LLC
ShareView Details
Matching Score-8
Assigner-Google LLC
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 31.72%
||
7 Day CHG~0.00%
Published-26 Mar, 2020 | 11:38
Updated-04 Aug, 2024 | 10:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Auth Bypass in Google's Closure-Library

A URL parsing issue in goog.uri of the Google Closure Library versions up to and including v20200224 allows an attacker to send malicious URLs to be parsed by the library and return the wrong authority. Mitigation: update your library to version v20200315.

Action-Not Available
Vendor-Google LLC
Product-closure_libraryClosure-Library
CWE ID-CWE-625
Permissive Regular Expression
CVE-2020-6538
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.96% / 76.87%
||
7 Day CHG~0.00%
Published-21 Sep, 2020 | 19:06
Updated-04 Aug, 2024 | 09:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in WebView in Google Chrome on Android prior to 84.0.4147.105 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLCDebian GNU/Linux
Product-chromedebian_linuxfedoraChrome
CVE-2022-0337
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-11.73% / 93.83%
||
7 Day CHG~0.00%
Published-02 Jan, 2023 | 00:00
Updated-23 Oct, 2024 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in File System API in Google Chrome on Windows prior to 97.0.4692.71 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page. (Chrome security severity: High)

Action-Not Available
Vendor-Google LLCMicrosoft Corporation
Product-chromewindowsChrome
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2020-6561
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.99% / 77.22%
||
7 Day CHG~0.00%
Published-21 Sep, 2020 | 19:06
Updated-04 Aug, 2024 | 09:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Content Security Policy in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Action-Not Available
Vendor-Google LLCopenSUSEFedora ProjectDebian GNU/Linux
Product-debian_linuxchromefedorabackports_sleleapChrome
CVE-2025-0092
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.5||MEDIUM
EPSS-0.02% / 6.25%
||
7 Day CHG~0.00%
Published-26 Aug, 2025 | 22:48
Updated-02 Sep, 2025 | 18:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In handleBondStateChanged of AdapterService.java, there is a possible permission bypass due to misleading or insufficient UI. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CWE ID-CWE-356
Product UI does not Warn User of Unsafe Actions
CVE-2020-6399
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-1.09% / 78.34%
||
7 Day CHG~0.00%
Published-11 Feb, 2020 | 14:42
Updated-04 Aug, 2024 | 09:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in AppCache in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Action-Not Available
Vendor-openSUSEGoogle LLC
Product-chromebackports_sleChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2022-0108
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.41% / 61.44%
||
7 Day CHG~0.00%
Published-11 Feb, 2022 | 00:00
Updated-02 Aug, 2024 | 23:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLC
Product-chromefedoraChrome
CWE ID-CWE-346
Origin Validation Error
CVE-2022-0113
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.25% / 48.28%
||
7 Day CHG~0.00%
Published-11 Feb, 2022 | 23:36
Updated-02 Aug, 2024 | 23:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Blink in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLC
Product-chromefedoraChrome
CWE ID-CWE-346
Origin Validation Error
CVE-2022-0109
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.53% / 67.51%
||
7 Day CHG-0.08%
Published-11 Feb, 2022 | 23:35
Updated-02 Aug, 2024 | 23:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLC
Product-chromefedoraChrome
CVE-2022-0120
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.26% / 49.83%
||
7 Day CHG~0.00%
Published-11 Feb, 2022 | 23:36
Updated-02 Aug, 2024 | 23:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Passwords in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially leak cross-origin data via a malicious website.

Action-Not Available
Vendor-Fedora ProjectGoogle LLC
Product-chromefedoraChrome
CWE ID-CWE-346
Origin Validation Error
CVE-2021-4324
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.19% / 40.54%
||
7 Day CHG~0.00%
Published-28 Jul, 2023 | 23:26
Updated-13 Feb, 2025 | 16:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in Google Update in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to read arbitrary files via a malicious file. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CVE-2021-4059
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-1.56% / 81.86%
||
7 Day CHG~0.00%
Published-23 Dec, 2021 | 00:45
Updated-03 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient data validation in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLCDebian GNU/Linux
Product-chromedebian_linuxfedoraChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2026-11194
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 10.82%
||
7 Day CHG~0.00%
Published-04 Jun, 2026 | 23:05
Updated-05 Jun, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLC
Product-Chrome
CWE ID-CWE-346
Origin Validation Error
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2026-11087
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 10.82%
||
7 Day CHG~0.00%
Published-04 Jun, 2026 | 23:04
Updated-05 Jun, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uninitialized Use in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLC
Product-Chrome
CWE ID-CWE-457
Use of Uninitialized Variable
CVE-2026-11073
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 9.88%
||
7 Day CHG~0.00%
Published-04 Jun, 2026 | 23:04
Updated-05 Jun, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in WebGL in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLC
Product-Chrome
CWE ID-CWE-416
Use After Free
CVE-2026-11075
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 10.82%
||
7 Day CHG~0.00%
Published-04 Jun, 2026 | 23:04
Updated-05 Jun, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bounds read in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLC
Product-Chrome
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-11288
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 10.82%
||
7 Day CHG~0.00%
Published-04 Jun, 2026 | 23:06
Updated-05 Jun, 2026 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

Action-Not Available
Vendor-Google LLC
Product-Chrome
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2026-10976
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 10.82%
||
7 Day CHG~0.00%
Published-04 Jun, 2026 | 23:04
Updated-05 Jun, 2026 | 20:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uninitialized Use in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-457
Use of Uninitialized Variable
CVE-2026-11268
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 10.82%
||
7 Day CHG~0.00%
Published-04 Jun, 2026 | 23:06
Updated-05 Jun, 2026 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uninitialized Use in ANGLE in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

Action-Not Available
Vendor-Google LLC
Product-Chrome
CWE ID-CWE-457
Use of Uninitialized Variable
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 7
  • 8
  • Next
Details not found