Total CVEs

143,745

Critical Severity

4,091

High Severity

14,757

Last 7 Days

1,562
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 1,041 - 1,060 of 1,721 CVEs
CVE-2026-10895 HIGH - 8.8

Use after free in Ozone in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

Vendor: Google
Product: Chrome
Published: Jun 04, 2026
Source: NVD
CVE-2026-10894 HIGH - 8.3

Use after free in Printing in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Vendor: Google
Product: Chrome
Published: Jun 04, 2026
Source: NVD
CVE-2026-10893 HIGH - 8.8

Use after free in Chromoting in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Critical)

Vendor: Google
Product: Chrome
Published: Jun 04, 2026
Source: NVD
CVE-2026-10892 CRITICAL - 9.6

Out of bounds write in GPU in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Vendor: Google
Product: Chrome
Published: Jun 04, 2026
Source: NVD
CVE-2026-10891 HIGH - 8.8

Use after free in GFX in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

Vendor: Google
Product: Chrome
Published: Jun 04, 2026
Source: NVD
CVE-2026-10890 HIGH - 8.8

Use after free in Cast in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to potentially exploit heap corruption via malicious network traffic. (Chromium security severity: Critical)

Vendor: Google
Product: Chrome
Published: Jun 04, 2026
Source: NVD
CVE-2026-10889 HIGH - 8.3

Out of bounds read in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Vendor: Google
Product: Chrome
Published: Jun 04, 2026
Source: NVD
CVE-2026-10888 HIGH - 8.8

Use after free in Cast Streaming in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to execute arbitrary code via malicious network traffic. (Chromium security severity: Critical)

Vendor: Google
Product: Chrome
Published: Jun 04, 2026
Source: NVD
CVE-2026-10887 HIGH - 8.1

Use after free in Chromoting in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Critical)

Vendor: Google
Product: Chrome
Published: Jun 04, 2026
Source: NVD
CVE-2026-10886 CRITICAL - 9.6

Use after free in FileSystem in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Vendor: Google
Product: Chrome
Published: Jun 04, 2026
Source: NVD
CVE-2026-10885 HIGH - 8.8

Use after free in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

Vendor: Google
Product: Chrome
Published: Jun 04, 2026
Source: NVD
CVE-2026-10884 HIGH - 8.3

Use after free in Chromecast in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Vendor: Google
Product: Chrome
Published: Jun 04, 2026
Source: NVD
CVE-2026-10883 HIGH - 8.8

Type Confusion in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

Vendor: Google
Product: Chrome
Published: Jun 04, 2026
Source: NVD
CVE-2026-10882 HIGH - 8.8

Use after free in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

Vendor: Google
Product: Chrome
Published: Jun 04, 2026
Source: NVD
CVE-2026-10881 CRITICAL - 9.6

Out of bounds read and write in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Vendor: Google
Product: Chrome
Published: Jun 04, 2026
Source: NVD
CVE-2026-8889 HIGH - 7.5

Version 3.0.7 of the Securly Chrome Extension uses deprecated SHA-1 hashing for IWF CSAM URL matching (25,020 hashes) and CIPA blocklist matching (12,352 hashes).

Vendor: securly
Product: securly
Published: Jun 03, 2026
Source: NVD
CVE-2026-8888 HIGH - 7.5

Version 3.0.7 of the Securly Chrome Extension downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressions via new RegExp() without complexity validation. An on-path attacker can inject specific patterns to cause catastrophic backtracking, resulting in deni...

Vendor: securly
Product: securly
Published: Jun 03, 2026
Source: NVD
CVE-2026-8881 HIGH - 7.5

Version 3.0.7 of the Securly Chrome Extension uses EVP_BytesToKey key derivation with MD5 and a single iteration for AES encryption. MD5 has been broken since 2004 and a single iteration provides no key stretching.

Vendor: securly
Product: securly
Published: Jun 03, 2026
Source: NVD
CVE-2026-8879 HIGH - 7.5

Version 3.0.7 of the Securly Chrome Extension dynamically registers content13.min.js as a content script via chrome.scripting.registerContentScripts() at runtime. This script is NOT declared in manifest.json and bypasses Chrome Web Store static security review. It runs on all URLs and immediately hi...

Vendor: securly
Product: securly
Published: Jun 03, 2026
Source: NVD
CVE-2026-8878 HIGH - 7.5

Version 3.0.7 of the Securly Chrome Extension exposes multiple publicly accessible endpoints that allow unauthenticated access to sensitive data. The exposed information consists of SHA-1 hashes that are inadequately obfuscated using a simple Caesar cipher, which can be easily reversed to recover th...

Vendor: securly
Product: securly
Published: Jun 03, 2026
Source: NVD