Total CVEs

143,745

Critical Severity

4,091

High Severity

14,757

Last 7 Days

1,557
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 1,061 - 1,080 of 1,721 CVEs
CVE-2026-8876 HIGH - 7.3

Version 3.0.7 of the Securly Chrome Extension contains hardcoded, plaintext AES passphrases in securly.min.js. These keys decrypt crisis alert keyword data and intervention site data.

Vendor: securly
Product: securly
Published: Jun 03, 2026
Source: NVD
CVE-2026-8874 HIGH - 7.1

Version 3.0.7 of the Securly Chrome Extension downloads JSON files containing crisis alert keywords and filtering rules over unencrypted HTTP via the Fetch API. Other endpoints in the same extension correctly fetch IWF and CIPA data over HTTPS, demonstrating an inconsistent implementation of TLS.

Vendor: securly
Product: securly
Published: Jun 03, 2026
Source: NVD
CVE-2026-9999 HIGH - 8.8

Inappropriate implementation in ANGLE in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: May 28, 2026
Source: NVD
CVE-2026-9998 HIGH - 8.3

Integer overflow in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: May 28, 2026
Source: NVD
CVE-2026-9997 HIGH - 8.3

Use after free in Input in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: May 28, 2026
Source: NVD
CVE-2026-9996 MEDIUM - 6.5

Out of bounds read in WebRTC in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: May 28, 2026
Source: NVD
CVE-2026-9995 HIGH - 8.8

Use after free in WebXR in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: May 28, 2026
Source: NVD
CVE-2026-9994 HIGH - 8.3

Use after free in Core in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: May 28, 2026
Source: NVD
CVE-2026-9993 HIGH - 8.3

Use after free in Views in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted PDF file. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: May 28, 2026
Source: NVD
CVE-2026-9992 HIGH - 8.8

Use after free in Network in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: May 28, 2026
Source: NVD
CVE-2026-9991 LOW - 3.1

Inappropriate implementation in Media in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: May 28, 2026
Source: NVD
CVE-2026-9990 HIGH - 7.5

Use after free in WebAppInstalls in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: May 28, 2026
Source: NVD
CVE-2026-9989 MEDIUM - 6.3

Inappropriate implementation in Media in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to bypass same origin policy via a crafted video file. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: May 28, 2026
Source: NVD
CVE-2026-9988 HIGH - 8.3

Use after free in WebRTC in Google Chrome on Linux prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: May 28, 2026
Source: NVD
CVE-2026-9987 HIGH - 7.8

Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 148.0.7778.216 allowed a local attacker to execute arbitrary code via a malicious file. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: May 28, 2026
Source: NVD
CVE-2026-9986 MEDIUM - 4.2

Insufficient validation of untrusted input in OptimizationGuide in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: May 28, 2026
Source: NVD
CVE-2026-9985 MEDIUM - 5.3

Insufficient validation of untrusted input in Media in Google Chrome on ChromeOS prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: May 28, 2026
Source: NVD
CVE-2026-9984 HIGH - 8.8

Use after free in UI in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: May 28, 2026
Source: NVD
CVE-2026-9983 HIGH - 8.8

Type Confusion in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: May 28, 2026
Source: NVD
CVE-2026-9982 HIGH - 8.3

Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: May 28, 2026
Source: NVD