[go: up one dir, main page]

You have JavaScript disabled. This site requires JavaScript to be enabled for complete site functionality.

U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2026-13905 - Race in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a local attacker to obtain potentially sensitive information from process memory via physical access to the device. (Chromium security severity: Medium)
    Published: June 30, 2026; 7:17:04 PM -0400

  • CVE-2026-13906 - Out of bounds read in Codecs in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
    Published: June 30, 2026; 7:17:04 PM -0400

  • CVE-2026-13907 - Inappropriate implementation in iOSWeb in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Med... read CVE-2026-13907
    Published: June 30, 2026; 7:17:04 PM -0400

  • CVE-2026-13931 - Inappropriate implementation in Media in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
    Published: June 30, 2026; 7:17:06 PM -0400

  • CVE-2026-13932 - Inappropriate implementation in Sharing in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
    Published: June 30, 2026; 7:17:07 PM -0400

  • CVE-2026-13933 - Insufficient policy enforcement in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chrom... read CVE-2026-13933
    Published: June 30, 2026; 7:17:07 PM -0400

  • CVE-2026-13934 - Insufficient validation of untrusted input in Dawn in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium sec... read CVE-2026-13934
    Published: June 30, 2026; 7:17:07 PM -0400

  • CVE-2026-13935 - Side-channel information leakage in ComputePressure in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
    Published: June 30, 2026; 7:17:07 PM -0400

  • CVE-2026-13936 - Inappropriate implementation in Passwords in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
    Published: June 30, 2026; 7:17:07 PM -0400

  • CVE-2026-13988 - Inappropriate implementation in Paint in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
    Published: June 30, 2026; 7:17:12 PM -0400

  • CVE-2026-13989 - Inappropriate implementation in PageInfo in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
    Published: June 30, 2026; 7:17:12 PM -0400

    V3.1: 5.3 MEDIUM

  • CVE-2026-13990 - Insufficient validation of untrusted input in DataTransfer in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security sev... read CVE-2026-13990
    Published: June 30, 2026; 7:17:12 PM -0400

  • CVE-2026-13991 - Insufficient validation of untrusted input in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
    Published: June 30, 2026; 7:17:12 PM -0400

  • CVE-2026-13996 - Inappropriate implementation in Permissions in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
    Published: June 30, 2026; 7:17:12 PM -0400

  • CVE-2026-13999 - Insufficient validation of untrusted input in Extensions in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security se... read CVE-2026-13999
    Published: June 30, 2026; 7:17:12 PM -0400

  • CVE-2026-14000 - Inappropriate implementation in XML in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Medium)
    Published: June 30, 2026; 7:17:13 PM -0400

  • CVE-2026-14001 - Inappropriate implementation in Network in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Medium)
    Published: June 30, 2026; 7:17:13 PM -0400

  • CVE-2026-14024 - Use after free in Ozone in Google Chrome on Linux prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: ... read CVE-2026-14024
    Published: June 30, 2026; 7:17:15 PM -0400

  • CVE-2026-14025 - Use after free in Views in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)
    Published: June 30, 2026; 7:17:15 PM -0400

  • CVE-2026-14027 - Use after free in SignIn in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)
    Published: June 30, 2026; 7:17:15 PM -0400

Created September 20, 2022 , Updated August 27, 2024