Total CVEs

138,591

Critical Severity

3,578

High Severity

12,841

Last 7 Days

1,641
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 1,501 - 1,520 of 13,008 CVEs
CVE-2026-11023 MEDIUM - 6.5

Inappropriate implementation in WebAppInstalls in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)

Vendor: Google
Product: Chrome
Published: Jun 04, 2026
Source: NVD
CVE-2026-11022 MEDIUM - 6.5

Insufficient validation of untrusted input in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)

Vendor: Google
Product: Chrome
Published: Jun 04, 2026
Source: NVD
CVE-2026-11020 MEDIUM - 6.5

Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted XML file. (Chromium security severity: Medium)

Vendor: Google
Product: Chrome
Published: Jun 04, 2026
Source: NVD
CVE-2026-11019 MEDIUM - 6.5

Inappropriate implementation in Payments in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)

Vendor: Google
Product: Chrome
Published: Jun 04, 2026
Source: NVD
CVE-2026-11018 MEDIUM - 6.5

Insufficient policy enforcement in Actor in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

Vendor: Google
Product: Chrome
Published: Jun 04, 2026
Source: NVD
CVE-2026-11017 MEDIUM - 6.5

Inappropriate implementation in Link Preview in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

Vendor: Google
Product: Chrome
Published: Jun 04, 2026
Source: NVD
CVE-2026-11016 MEDIUM - 6.5

Insufficient validation of untrusted input in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)

Vendor: Google
Product: Chrome
Published: Jun 04, 2026
Source: NVD
CVE-2026-11014 MEDIUM - 6.5

Insufficient policy enforcement in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass site isolation via a crafted Chrome Extension. (Chromium security severity: Medium)

Vendor: Google
Product: Chrome
Published: Jun 04, 2026
Source: NVD
CVE-2026-11013 MEDIUM - 6.5

Insufficient validation of untrusted input in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Vendor: Google
Product: Chrome
Published: Jun 04, 2026
Source: NVD
CVE-2026-11008 MEDIUM - 6.5

Insufficient validation of untrusted input in WebAppInstalls in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Vendor: Google
Product: Chrome
Published: Jun 04, 2026
Source: NVD
CVE-2026-11007 MEDIUM - 6.5

Insufficient validation of untrusted input in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Vendor: Google
Product: Chrome
Published: Jun 04, 2026
Source: NVD
CVE-2026-11006 MEDIUM - 6.5

Out of bounds read in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)

Vendor: Google
Product: Chrome
Published: Jun 04, 2026
Source: NVD
CVE-2026-11005 MEDIUM - 5.3

Out of bounds read in ANGLE in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Vendor: Google
Product: Chrome
Published: Jun 04, 2026
Source: NVD
CVE-2026-11004 MEDIUM - 5.3

Out of bounds read in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Vendor: Google
Product: Chrome
Published: Jun 04, 2026
Source: NVD
CVE-2026-11001 MEDIUM - 6.5

Inappropriate implementation in Payments in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Vendor: Google
Product: Chrome
Published: Jun 04, 2026
Source: NVD
CVE-2026-10999 MEDIUM - 6.5

Integer overflow in ANGLE in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Vendor: Google
Product: Chrome
Published: Jun 04, 2026
Source: NVD
CVE-2026-10998 MEDIUM - 4.0

Out of bounds read in Media in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to perform an out of bounds memory read via malicious network traffic. (Chromium security severity: Medium)

Vendor: Google
Product: Chrome
Published: Jun 04, 2026
Source: NVD
CVE-2026-10997 MEDIUM - 6.5

Insufficient policy enforcement in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. (Chromium security severity: Medium)

Vendor: Google
Product: Chrome
Published: Jun 04, 2026
Source: NVD
CVE-2026-10996 MEDIUM - 6.5

Inappropriate implementation in Workers in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)

Vendor: Google
Product: Chrome
Published: Jun 04, 2026
Source: NVD
CVE-2026-10994 MEDIUM - 6.5

Uninitialized Use in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Vendor: Google
Product: Chrome
Published: Jun 04, 2026
Source: NVD