Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-11243

Summary
Assigner-Chrome
Assigner Org ID-ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28
Published At-04 Jun, 2026 | 23:05
Updated At-05 Jun, 2026 | 12:28
Rejected At-
Credits

Inappropriate implementation in Downloads in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Chrome
Assigner Org ID:ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28
Published At:04 Jun, 2026 | 23:05
Updated At:05 Jun, 2026 | 12:28
Rejected At:
â–¼CVE Numbering Authority (CNA)

Inappropriate implementation in Downloads in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)

Affected Products
Vendor
Google LLCGoogle
Product
Chrome
Versions
Affected
  • From 149.0.7827.53 before 149.0.7827.53 (custom)
Problem Types
TypeCWE IDDescription
N/AN/AIncorrect security UI
Type: N/A
CWE ID: N/A
Description: Incorrect security UI
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html
N/A
https://issues.chromium.org/issues/497394061
N/A
Hyperlink: https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html
Resource: N/A
Hyperlink: https://issues.chromium.org/issues/497394061
Resource: N/A
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-346CWE-346 Origin Validation Error
Type: CWE
CWE ID: CWE-346
Description: CWE-346 Origin Validation Error
Metrics
VersionBase scoreBase severityVector
3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:chrome-cve-admin@google.com
Published At:05 Jun, 2026 | 00:17
Updated At:05 Jun, 2026 | 16:43

Inappropriate implementation in Downloads in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
Type: Secondary
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
CPE Matches
Google LLC
google
>>chrome>>Versions before 149.0.7827.53(exclusive)
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>macos>>-
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>-
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows>>-
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-346Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-346
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.htmlchrome-cve-admin@google.com
Vendor Advisory
https://issues.chromium.org/issues/497394061chrome-cve-admin@google.com
Permissions Required
Hyperlink: https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html
Source: chrome-cve-admin@google.com
Resource:
Vendor Advisory
Hyperlink: https://issues.chromium.org/issues/497394061
Source: chrome-cve-admin@google.com
Resource:
Permissions Required

Change History

0
Information is not available yet

Similar CVEs

151Records found
CVE-2025-12905
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-5.4||MEDIUM
EPSS-0.01% / 1.93%
||
7 Day CHG~0.00%
Published-07 Nov, 2025 | 23:23
Updated-21 Nov, 2025 | 21:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Downloads in Google Chrome on Windows prior to 140.0.7339.80 allowed a remote attacker to bypass Mark of the Web via a crafted HTML page. (Chromium security severity: Low)

Action-Not Available
Vendor-Microsoft CorporationGoogle LLC
Product-windowschromeChrome
CWE ID-CWE-346
Origin Validation Error
CVE-2025-12906
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 17.25%
||
7 Day CHG~0.00%
Published-07 Nov, 2025 | 23:23
Updated-21 Nov, 2025 | 21:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Permissions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2026-8561
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.4||MEDIUM
EPSS-0.06% / 19.45%
||
7 Day CHG~0.00%
Published-14 May, 2026 | 19:52
Updated-18 May, 2026 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect security UI in Fullscreen in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Microsoft CorporationLinux Kernel Organization, IncApple Inc.Google LLC
Product-linux_kernelwindowsmacoschromeChrome
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CVE-2026-7931
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 23.63%
||
7 Day CHG~0.00%
Published-06 May, 2026 | 18:12
Updated-06 May, 2026 | 23:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation of untrusted input in iOS in Google Chrome on iOS prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLCApple Inc.
Product-chromeiphone_osChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2026-8006
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-5.4||MEDIUM
EPSS-0.02% / 5.58%
||
7 Day CHG~0.00%
Published-06 May, 2026 | 18:13
Updated-07 May, 2026 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in DevTools in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationGoogle LLCLinux Kernel Organization, Inc
Product-chromewindowslinux_kernelmacosChrome
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CVE-2026-7998
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-5.4||MEDIUM
EPSS-0.10% / 27.48%
||
7 Day CHG~0.00%
Published-06 May, 2026 | 18:13
Updated-07 May, 2026 | 13:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation of untrusted input in Dialog in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationGoogle LLCLinux Kernel Organization, Inc
Product-chromewindowslinux_kernelmacosChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2026-8019
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-5.4||MEDIUM
EPSS-0.07% / 20.92%
||
7 Day CHG~0.00%
Published-06 May, 2026 | 18:13
Updated-06 May, 2026 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in WebApp in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Action-Not Available
Vendor-Google LLC
Product-Chrome
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CVE-2026-8015
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-5.4||MEDIUM
EPSS-0.07% / 22.23%
||
7 Day CHG~0.00%
Published-06 May, 2026 | 18:13
Updated-06 May, 2026 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Media in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Action-Not Available
Vendor-Google LLC
Product-Chrome
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CVE-2026-7935
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-5.4||MEDIUM
EPSS-0.06% / 18.19%
||
7 Day CHG~0.00%
Published-06 May, 2026 | 18:12
Updated-06 May, 2026 | 23:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Speech in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationGoogle LLCLinux Kernel Organization, Inc
Product-chromewindowslinux_kernelmacosChrome
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CVE-2026-8003
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-5.4||MEDIUM
EPSS-0.10% / 27.48%
||
7 Day CHG~0.00%
Published-06 May, 2026 | 18:13
Updated-07 May, 2026 | 14:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation of untrusted input in TabGroups in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via malicious network traffic. (Chromium security severity: Low)

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationGoogle LLCLinux Kernel Organization, Inc
Product-chromewindowslinux_kernelmacosChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2026-8008
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-5.4||MEDIUM
EPSS-0.02% / 5.58%
||
7 Day CHG~0.00%
Published-06 May, 2026 | 18:13
Updated-07 May, 2026 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in DevTools in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationGoogle LLCLinux Kernel Organization, Inc
Product-chromewindowslinux_kernelmacosChrome
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CVE-2026-5895
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-5.4||MEDIUM
EPSS-0.07% / 22.43%
||
7 Day CHG~0.00%
Published-08 Apr, 2026 | 21:20
Updated-13 Apr, 2026 | 21:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. (Chromium security severity: Low)

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationGoogle LLCLinux Kernel Organization, Inc
Product-linux_kernelchromewindowsmacosChrome
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CVE-2026-35423
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.06% / 18.04%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 16:58
Updated-05 Jun, 2026 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows 11 Telnet Client Information Disclosure Vulnerability

Out-of-bounds read in Telnet Client allows an unauthorized attacker to disclose information over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_22h2windows_10_21h2windows_10_1809windows_11_25h2windows_server_2022windows_server_2025windows_10_1607windows_server_2019windows_11_26h1windows_11_24h2windows_server_2022_23h2windows_server_2016windows_11_23h2windows_server_2012Windows 11 Version 23H2Windows Server 2016Windows 11 version 23H2Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows 11 version 26H1Windows 10 Version 21H2Windows 11 Version 24H2Windows Server 2016 (Server Core installation)Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows Server 2012 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025Windows Server 2022Windows Server 2012Windows 11 Version 25H2Windows 10 Version 22H2Windows Server 2012 R2
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-10004
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 11.89%
||
7 Day CHG-0.01%
Published-28 May, 2026 | 22:25
Updated-29 May, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation of untrusted input in Passwords in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Microsoft CorporationLinux Kernel Organization, IncGoogle LLCApple Inc.
Product-linux_kernelwindowsmacoschromeChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2021-21200
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-5.4||MEDIUM
EPSS-0.20% / 41.84%
||
7 Day CHG~0.00%
Published-02 Jan, 2023 | 00:00
Updated-23 Oct, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bounds read in WebUI Settings in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chrome security severity: Low)

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-11232
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.4||MEDIUM
EPSS-0.03% / 10.82%
||
7 Day CHG~0.00%
Published-04 Jun, 2026 | 23:05
Updated-05 Jun, 2026 | 15:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in TabGroups in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via malicious network traffic. (Chromium security severity: Low)

Action-Not Available
Vendor-Google LLC
Product-Chrome
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CVE-2022-24503
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.4||MEDIUM
EPSS-1.98% / 83.90%
||
7 Day CHG~0.00%
Published-09 Mar, 2022 | 17:07
Updated-08 Jul, 2025 | 15:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Desktop Protocol Client Information Disclosure Vulnerability

Remote Desktop Protocol Client Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_7remote_desktop_clientwindows_server_2012windows_server_2022windows_serverwindows_server_2019windows_rt_8.1windows_10windows_server_2008windows_server_2016windows_8.1windows_11Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2019 (Server Core installation)Windows 10 Version 1909Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows 10 Version 1507Windows 10 Version 1607Windows 10 Version 20H2Remote Desktop client for Windows DesktopWindows Server 2012 R2 (Server Core installation)Windows Server 2012Windows 8.1Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 21H2Windows Server version 20H2Windows Server 2019Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows Server 2016Windows 7Windows 11 version 21H2Windows 7 Service Pack 1Windows 10 Version 21H1
CVE-2025-13632
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.4||MEDIUM
EPSS-0.02% / 4.29%
||
7 Day CHG~0.00%
Published-02 Dec, 2025 | 19:00
Updated-04 Dec, 2025 | 19:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in DevTools in Google Chrome prior to 143.0.7499.41 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. (Chromium security severity: High)

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationLinux Kernel Organization, IncGoogle LLC
Product-macoslinux_kernelwindowschromeChrome
CWE ID-CWE-194
Unexpected Sign Extension
CVE-2025-12435
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.4||MEDIUM
EPSS-0.07% / 20.86%
||
7 Day CHG~0.00%
Published-10 Nov, 2025 | 20:00
Updated-13 Nov, 2025 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect security UI in Omnibox in Google Chrome on Android prior to 142.0.7444.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLC
Product-chromeandroidChrome
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CVE-2025-12908
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-5.4||MEDIUM
EPSS-0.09% / 25.36%
||
7 Day CHG+0.01%
Published-07 Nov, 2025 | 23:23
Updated-21 Nov, 2025 | 21:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation of untrusted input in Downloads in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)

Action-Not Available
Vendor-Google LLC
Product-chromeandroidChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2021-21184
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.61% / 70.24%
||
7 Day CHG~0.00%
Published-09 Mar, 2021 | 17:46
Updated-03 Aug, 2024 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLCDebian GNU/Linux
Product-chromedebian_linuxfedoraChrome
CWE ID-CWE-346
Origin Validation Error
CVE-2018-4319
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-8.1||HIGH
EPSS-0.32% / 54.93%
||
7 Day CHG~0.00%
Published-03 Apr, 2019 | 17:43
Updated-05 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue affected versions prior to iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.

Action-Not Available
Vendor-n/aApple Inc.
Product-itunessafariicloudiphone_osiOS, watchOS, Safari, iTunes for Windows, iCloud for Windows
CWE ID-CWE-346
Origin Validation Error
CVE-2023-33740
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.17% / 38.66%
||
7 Day CHG+0.08%
Published-30 May, 2023 | 00:00
Updated-13 Jan, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect access control in luowice v3.5.18 allows attackers to access cloud source code information via modification fo the Verify parameter in a warning message.

Action-Not Available
Vendor-luowicen/aGoogle LLC
Product-luowiceandroidn/a
CWE ID-CWE-346
Origin Validation Error
CVE-2017-8530
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.62% / 70.35%
||
7 Day CHG~0.00%
Published-15 Jun, 2017 | 01:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when Microsoft Edge does not properly enforce same-origin policies, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-8523 and CVE-2017-8555.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10edgeMicrosoft Edge
CWE ID-CWE-346
Origin Validation Error
CVE-2023-28349
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.95% / 83.81%
||
7 Day CHG+1.21%
Published-30 May, 2023 | 00:00
Updated-13 Jan, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Faronics Insight 10.0.19045 on Windows. It is possible for an attacker to create a crafted program that functions similarly to the Teacher Console. This can compel Student Consoles to connect and put themselves at risk automatically. Connected Student Consoles can be compelled to write arbitrary files to arbitrary locations on disk with NT AUTHORITY/SYSTEM level permissions, enabling remote code execution.

Action-Not Available
Vendor-faronicsn/aMicrosoft Corporation
Product-windowsinsightn/a
CWE ID-CWE-346
Origin Validation Error
CVE-2023-28191
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.39%
||
7 Day CHG~0.00%
Published-23 Jun, 2023 | 00:00
Updated-05 Dec, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to bypass Privacy preferences.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchostvosipadosmacoswatchOStvOSmacOSiOS and iPadOS
CWE ID-CWE-346
Origin Validation Error
CVE-2023-27944
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-8.6||HIGH
EPSS-0.06% / 19.70%
||
7 Day CHG~0.00%
Published-08 May, 2023 | 00:00
Updated-29 Jan, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with a new entitlement. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to break out of its sandbox.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-346
Origin Validation Error
CVE-2023-27962
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 22.24%
||
7 Day CHG~0.00%
Published-08 May, 2023 | 00:00
Updated-29 Jan, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to modify protected parts of the file system.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-346
Origin Validation Error
CVE-2023-27932
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.14%
||
7 Day CHG~0.00%
Published-08 May, 2023 | 00:00
Updated-29 Jan, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, tvOS 16.4, watchOS 9.4. Processing maliciously crafted web content may bypass Same Origin Policy.

Action-Not Available
Vendor-Debian GNU/LinuxApple Inc.
Product-ipadostvosiphone_ossafariwatchosmacosdebian_linuxwatchOSmacOSiOS and iPadOSSafaritvOS
CWE ID-CWE-346
Origin Validation Error
CVE-2025-10201
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.04% / 11.40%
||
7 Day CHG~0.00%
Published-10 Sep, 2025 | 19:12
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Mojo in Google Chrome on Android, Linux, ChromeOS prior to 140.0.7339.127 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Linux Kernel Organization, IncGoogle LLC
Product-chromeandroidchrome_oslinux_kernelChrome
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-346
Origin Validation Error
CVE-2023-21260
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 5.57%
||
7 Day CHG~0.00%
Published-13 Jul, 2023 | 00:01
Updated-30 Oct, 2024 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In notification access permission dialog box, malicious application can embedded a very long service label that overflow the original user prompt and possibly contains mis-leading information to be appeared as a system message for user confirmation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-346
Origin Validation Error
CVE-2017-8523
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.02% / 77.62%
||
7 Day CHG~0.00%
Published-15 Jun, 2017 | 01:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when Microsoft Edge fails to correctly apply Same Origin Policy for HTML elements present in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-8530 and CVE-2017-8555.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10edgeMicrosoft Edge
CWE ID-CWE-346
Origin Validation Error
CVE-2018-8235
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-2.58% / 85.87%
||
7 Day CHG~0.00%
Published-14 Jun, 2018 | 12:00
Updated-05 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft Edge.

Action-Not Available
Vendor-Microsoft Corporation
Product-edgewindows_server_2016windows_10Microsoft Edge
CWE ID-CWE-346
Origin Validation Error
CVE-2017-13274
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-9.8||CRITICAL
EPSS-0.06% / 19.31%
||
7 Day CHG~0.00%
Published-04 Apr, 2018 | 16:00
Updated-17 Sep, 2024 | 02:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the getHost() function of UriTest.java, there is the possibility of incorrect web origin determination. This could lead to incorrect security decisions with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71360761.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-346
Origin Validation Error
CVE-2022-22594
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 44.06%
||
7 Day CHG-0.00%
Published-18 Mar, 2022 | 17:59
Updated-03 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-origin issue in the IndexDB API was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. A website may be able to track sensitive user information.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchosipadostvossafarimacostvOSmacOSwatchOSiOS and iPadOS
CWE ID-CWE-346
Origin Validation Error
CVE-2026-5899
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-6.1||MEDIUM
EPSS-0.02% / 3.81%
||
7 Day CHG~0.00%
Published-08 Apr, 2026 | 21:20
Updated-13 Apr, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in History Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Low)

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationGoogle LLCLinux Kernel Organization, Inc
Product-linux_kernelchromewindowsmacosChrome
CWE ID-CWE-346
Origin Validation Error
CVE-2016-5168
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-9.63% / 93.05%
||
7 Day CHG~0.00%
Published-21 Apr, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Skia, as used in Google Chrome before 50.0.2661.94, allows remote attackers to bypass the Same Origin Policy and obtain sensitive information.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-346
Origin Validation Error
CVE-2022-46718
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 9.62%
||
7 Day CHG~0.00%
Published-23 Jun, 2023 | 00:00
Updated-05 Dec, 2024 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, macOS Monterey 12.6.2. An app may be able to read sensitive location information

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osmacosipadosmacOS
CWE ID-CWE-346
Origin Validation Error
CVE-2021-21229
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.86% / 75.41%
||
7 Day CHG~0.00%
Published-30 Apr, 2021 | 20:15
Updated-03 Aug, 2024 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect security UI in downloads in Google Chrome on Android prior to 90.0.4430.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLCDebian GNU/Linux
Product-chromeandroiddebian_linuxfedoraChrome
CWE ID-CWE-346
Origin Validation Error
CVE-2021-30596
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 45.18%
||
7 Day CHG~0.00%
Published-26 Aug, 2021 | 17:05
Updated-03 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect security UI in Navigation in Google Chrome on Android prior to 92.0.4515.131 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLC
Product-chromeandroidfedoraChrome
CWE ID-CWE-346
Origin Validation Error
CVE-2018-6690
Matching Score-6
Assigner-Trellix
ShareView Details
Matching Score-6
Assigner-Trellix
CVSS Score-6.1||MEDIUM
EPSS-0.03% / 9.28%
||
7 Day CHG~0.00%
Published-18 Sep, 2018 | 22:00
Updated-05 Aug, 2024 | 06:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
McAfee Application Control (MAC) - Whitelist bypass using a hard drive solidified by MACC

Accessing, modifying, or executing executable files vulnerability in Microsoft Windows client in McAfee Application and Change Control (MACC) 8.0.0 Hotfix 4 and earlier allows authenticated users to execute arbitrary code via file transfer from external system.

Action-Not Available
Vendor-McAfee, LLCMicrosoft Corporation
Product-windowsapplication_change_controlMcAfee Application Control (MAC)
CWE ID-CWE-346
Origin Validation Error
CVE-2022-0108
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.41% / 61.44%
||
7 Day CHG~0.00%
Published-11 Feb, 2022 | 00:00
Updated-02 Aug, 2024 | 23:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLC
Product-chromefedoraChrome
CWE ID-CWE-346
Origin Validation Error
CVE-2026-9989
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-6.3||MEDIUM
EPSS-0.01% / 1.68%
||
7 Day CHG-0.00%
Published-28 May, 2026 | 22:25
Updated-01 Jun, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Media in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to bypass same origin policy via a crafted video file. (Chromium security severity: High)

Action-Not Available
Vendor-Microsoft CorporationLinux Kernel Organization, IncApple Inc.Google LLC
Product-linux_kernelwindowsmacoschromeChrome
CWE ID-CWE-346
Origin Validation Error
CVE-2026-7986
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 1.97%
||
7 Day CHG~0.00%
Published-06 May, 2026 | 18:13
Updated-06 May, 2026 | 23:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in Autofill in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationGoogle LLCLinux Kernel Organization, Inc
Product-chromewindowslinux_kernelmacosChrome
CWE ID-CWE-346
Origin Validation Error
CVE-2026-7979
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 1.97%
||
7 Day CHG~0.00%
Published-06 May, 2026 | 18:12
Updated-12 May, 2026 | 20:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Media in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationGoogle LLCLinux Kernel Organization, Inc
Product-chromewindowslinux_kernelmacosChrome
CWE ID-CWE-346
Origin Validation Error
CVE-2026-5918
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 4.46%
||
7 Day CHG~0.00%
Published-08 Apr, 2026 | 21:21
Updated-14 Apr, 2026 | 14:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationGoogle LLCLinux Kernel Organization, Inc
Product-linux_kernelchromewindowsmacosChrome
CWE ID-CWE-346
Origin Validation Error
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2026-5283
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 7.64%
||
7 Day CHG~0.00%
Published-01 Apr, 2026 | 04:41
Updated-01 Apr, 2026 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in ANGLE in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationGoogle LLCLinux Kernel Organization, Inc
Product-linux_kernelchromewindowsmacosChrome
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-346
Origin Validation Error
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2026-42901
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-10||CRITICAL
EPSS-0.04% / 13.65%
||
7 Day CHG~0.00%
Published-22 May, 2026 | 22:04
Updated-05 Jun, 2026 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Entra ID Elevation of Privilege Vulnerability

Origin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-entra_idMicrosoft Entra
CWE ID-CWE-346
Origin Validation Error
CVE-2018-16072
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.15% / 34.75%
||
7 Day CHG~0.00%
Published-09 Jan, 2019 | 19:00
Updated-05 Aug, 2024 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing origin check related to HLS manifests in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass same origin policy via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-346
Origin Validation Error
CVE-2021-21135
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-25.88% / 96.37%
||
7 Day CHG~0.00%
Published-09 Feb, 2021 | 13:56
Updated-03 Aug, 2024 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Performance API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Action-Not Available
Vendor-Google LLCMicrosoft Corporation
Product-chromeedge_chromiumChrome
CWE ID-CWE-346
Origin Validation Error
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found