CVE Catalog

A use-after-free vulnerability has been identified in the Guest View component of Google Chrome, affecting versions prior to 149.0.7827.103. This vulnerability allows remote attackers to execute arbitrary code within a sandbox by using a specially crafted HTML page.

A use-after-free vulnerability has been identified in the Interest Groups feature of Google Chrome. This issue affects versions prior to 149.0.7827.103 and allows remote attackers to execute arbitrary code within a sandboxed environment by using a crafted HTML page.

A heap buffer overflow vulnerability has been identified in the GPU component of Google Chrome on Android, affecting versions prior to 149.0.7827.103. This vulnerability allows a remote attacker who has compromised the renderer process to potentially escape the sandbox by using a crafted HTML page.

A use-after-free vulnerability has been identified in the Navigation component of Google Chrome. This issue, present in versions prior to 149.0.7827.103, could allow a remote attacker to perform a sandbox escape by exploiting a crafted HTML page.

A use-after-free vulnerability has been identified in Google Chrome's PDF handling, in versions prior to 149.0.7827.103. This vulnerability allows remote attackers to execute arbitrary code within a sandboxed environment by using a specially crafted PDF file.

An integer overflow vulnerability has been identified in the media component of Google Chrome on ChromeOS, prior to version 149.0.7827.103. This vulnerability allowed a remote attacker, who had compromised the renderer process, to perform an out-of-bounds read. As a result, potentially sensitive information could be extracted from the process memory via a specially crafted HTML page.

A vulnerability in Google Chrome's handling of video files on Linux and ChromeOS, prior to version 149.0.7827.103, allows remote attackers to leak cross-origin data. This issue arises from an uninitialized use in the codecs component, which could be exploited by crafting a specific video file.

A high-severity out-of-bounds read vulnerability has been identified in the WebRTC component of Google Chrome. This issue affects versions prior to 149.0.7827.103. The vulnerability allows a remote attacker, who has compromised the GPU process, to potentially exploit heap corruption by using a crafted HTML page.

A vulnerability in Google Chrome prior to 149.0.7827.103 allows remote attackers to perform UI spoofing by exploiting insufficient validation of untrusted input. This issue was reported by Google on May 17, 2026.

A high-severity out-of-bounds read vulnerability has been identified in the Dawn graphics engine of Google Chrome. This issue affects the Windows version of Chrome prior to 149.0.7827.103. The vulnerability allows remote attackers to leak cross-origin data by using a specially crafted HTML page.

A use-after-free vulnerability has been identified in the Payments component of Google Chrome, affecting versions prior to 149.0.7827.103. This vulnerability allows remote attackers to potentially exploit heap corruption by using a crafted HTML page.

A use-after-free vulnerability has been identified in the Skia graphics library used by Google Chrome. This issue affects Chrome versions prior to 149.0.7827.103. The vulnerability allows a remote attacker who has compromised the renderer process to potentially escape the sandbox by exploiting the flaw with a crafted HTML page.

A type confusion vulnerability has been identified in Google Chrome versions prior to 149.0.7827.103. This vulnerability allowed remote attackers to execute arbitrary code within a sandboxed environment by using a crafted HTML page.

A use-after-free vulnerability has been identified in the Views component of Google Chrome on Windows, affecting versions prior to 149.0.7827.103. This vulnerability allows a remote attacker who has compromised the renderer process to potentially escape the sandbox by exploiting a crafted HTML page.

A vulnerability allowing a remote attacker to potentially escape the sandbox in Google Chrome has been identified. This issue arises from insufficient validation of untrusted input in the New Tab Page, prior to version 149.0.7827.103. An attacker who has compromised the renderer process could exploit this vulnerability using a crafted HTML page.

An integer overflow vulnerability has been identified in the user interface component of Google Chrome on Linux, in versions prior to 149.0.7827.103. This vulnerability could allow a remote attacker to perform a sandbox escape by exploiting a crafted HTML page.

A vulnerability exists in Google Chrome Extensions prior to 149.0.7827.103, allowing a remote attacker who has compromised the renderer process to bypass site isolation. This is achieved through insufficient validation of untrusted input, which can be exploited via a crafted HTML page.

A use-after-free vulnerability has been identified in the Payments component of Google Chrome on Mac, affecting versions prior to 149.0.7827.103. This vulnerability allows remote attackers to execute arbitrary code by crafting a malicious HTML page.

A use-after-free vulnerability has been identified in the Service Worker component of Google Chrome. This issue affects versions prior to 149.0.7827.103. The vulnerability allows an attacker, who convinces a user to install a malicious extension, to potentially escape the sandbox by exploiting the crafted Chrome Extension.

An integer overflow vulnerability has been identified in the Media component of Google Chrome on Mac, affecting versions prior to 149.0.7827.103. This vulnerability allowed a remote attacker, who had compromised the renderer process, to potentially escape the sandbox by using a crafted HTML page.

A use-after-free vulnerability has been identified in the CameraCapture component of Google Chrome on Mac, affecting versions prior to 149.0.7827.103. This vulnerability allows remote attackers to potentially escape the sandbox by exploiting a crafted HTML page.

A vulnerability in Google Chrome Extensions prior to 149.0.7827.103 allowed remote attackers to bypass site isolation. This was achieved by exploiting an inappropriate implementation in the Extensions component, where a compromised renderer process could be manipulated through a crafted HTML page.

A use-after-free vulnerability has been identified in the Extensions component of Google Chrome, affecting versions prior to 149.0.7827.103. This vulnerability allows a remote attacker who has compromised the renderer process to potentially escape the sandbox by exploiting a crafted HTML page.

A use-after-free vulnerability has been identified in the network component of Google Chrome. This issue affects versions prior to 149.0.7827.103 and allows remote attackers to execute arbitrary code within a sandboxed environment by using a crafted HTML page.

A use-after-free vulnerability has been identified in the V8 JavaScript engine of Google Chrome, in versions prior to 149.0.7827.103. This vulnerability allows remote attackers to execute arbitrary code within a sandboxed environment by exploiting a crafted HTML page.

A use-after-free vulnerability has been identified in the V8 JavaScript engine of Google Chrome, in versions prior to 149.0.7827.103. This vulnerability allows remote attackers to execute arbitrary code within a sandboxed environment by using a crafted HTML page.

A use-after-free vulnerability has been identified in the FullScreen feature of Google Chrome on Windows, affecting versions prior to 149.0.7827.103. This vulnerability allows remote attackers to potentially exploit heap corruption by using a crafted HTML page.

A use-after-free vulnerability has been identified in the printing component of Google Chrome on Android, affecting versions prior to 149.0.7827.103. This vulnerability allows a remote attacker who has compromised the renderer process to potentially escape the sandbox by using a crafted HTML page.

A use-after-free vulnerability has been identified in the ViewTransitions feature of Google Chrome. This issue affects versions prior to 149.0.7827.103 and allows remote attackers to execute arbitrary code within a sandboxed environment by using a crafted HTML page.

A vulnerability in Google Chrome's V8 JavaScript engine, prior to version 149.0.7827.103, allows remote attackers to execute arbitrary code within a sandbox by exploiting a crafted HTML page. This issue stems from an out-of-bounds read and write memory access.

A use-after-free vulnerability has been identified in the Views component of Google Chrome on Linux, in versions prior to 149.0.7827.103. This vulnerability allows an attacker to execute arbitrary code by convincing a user to install a malicious extension.

A use-after-free vulnerability has been identified in the Proxy component of Google Chrome. This issue affects versions prior to 149.0.7827.103 and allows remote attackers to execute arbitrary code by sending malicious network traffic. The vulnerability arises from improper memory management, where the application continues to use a resource after it has been freed, potentially leading to exploitation.

A use-after-free vulnerability has been identified in the Web Apps component of Google Chrome, affecting versions prior to 149.0.7827.103. This vulnerability allows a remote attacker who has compromised the renderer process to potentially escape the sandbox by using a crafted HTML page.

A use-after-free vulnerability has been identified in the Bluetooth component of Google Chrome for Windows, in versions prior to 149.0.7827.103. This vulnerability allows remote attackers to execute arbitrary code by convincing users to perform specific UI gestures while interacting with a crafted HTML page.

An integer overflow vulnerability has been identified in the libyuv library used by Google Chrome. This issue affects versions of Chrome prior to 149.0.7827.103. The vulnerability allows a remote attacker who has compromised the renderer process to potentially escape the sandbox by exploiting a crafted HTML page.

A use-after-free vulnerability has been identified in the Compositing component of Google Chrome on Mac, affecting versions prior to 149.0.7827.103. This vulnerability allows remote attackers to execute arbitrary code by crafting a malicious HTML page.

A use-after-free vulnerability has been identified in the printing component of Google Chrome, prior to version 149.0.7827.103. This vulnerability could allow a remote attacker to perform a sandbox escape by exploiting a crafted HTML page.

A use-after-free vulnerability has been identified in the Views component of Google Chrome on Mac, affecting versions prior to 149.0.7827.103. This vulnerability allows remote attackers to execute arbitrary code by crafting a malicious HTML page.

A use-after-free vulnerability has been identified in the Autofill feature of Google Chrome on Windows, affecting versions prior to 149.0.7827.103. This vulnerability could allow a remote attacker to exploit heap corruption by convincing a user to perform specific UI gestures on a crafted HTML page.

A use-after-free vulnerability has been identified in the Bluetooth component of Google Chrome on Mac, affecting versions prior to 149.0.7827.103. This vulnerability allows a remote attacker who has compromised the renderer process to potentially escape the sandbox by using a crafted HTML page.

A use-after-free vulnerability has been identified in the Gamepad component of Google Chrome on Windows, affecting versions prior to 149.0.7827.103. This vulnerability could allow a remote attacker to perform a sandbox escape by exploiting a crafted HTML page.

A use-after-free vulnerability has been identified in the Bluetooth component of Google Chrome on Mac, affecting versions prior to 149.0.7827.103. This vulnerability allows remote attackers to execute arbitrary code by exploiting a malicious peripheral.

A use-after-free vulnerability has been identified in the TabStrip component of Google Chrome, affecting versions prior to 149.0.7827.103. This vulnerability allows remote attackers to execute arbitrary code by convincing users to perform specific UI gestures while interacting with a crafted HTML page.

A use-after-free vulnerability has been identified in the Aura component of Google Chrome on Windows, affecting versions prior to 149.0.7827.103. This vulnerability could allow a remote attacker who has compromised the renderer process to perform a sandbox escape by exploiting a crafted HTML page.

A use-after-free vulnerability has been identified in the File Input component of Google Chrome. This issue, present in versions prior to 149.0.7827.103, could allow a remote attacker to exploit heap corruption by using a crafted HTML page.

A use-after-free vulnerability has been identified in the Ozone component of Google Chrome, affecting versions prior to 149.0.7827.103. This vulnerability allows remote attackers to potentially exploit heap corruption by using a crafted HTML page.

A use-after-free vulnerability has been identified in the Ozone component of Google Chrome, affecting versions prior to 149.0.7827.103. This vulnerability allows a local attacker with physical access to the device to potentially exploit heap corruption.

A stack buffer overflow vulnerability has been identified in the Python bz2 module. This issue arises because BZ2Decompressor objects can be reused after a decompression error. If an application catches the resulting OSError and retries with the same decompressor, crafted input may cause the decompressor to resume from an invalid internal state, leading to out-of-bounds writes to a stack buffer. Consequently, this could crash the process when handling untrusted data.

A DOM-based cross-site scripting (XSS) vulnerability has been identified in the Fides privacy engineering platform, specifically in versions 2.33.0 prior to 2.84.5. The issue arises in the fides.js file, where client-controlled description overrides can bypass server-side sanitization when HTML-formatted descriptions are enabled. This vulnerability allows any visitor to execute arbitrary JavaScript in the context of the embedding site's origin, with potential persistence across subdomains via a crafted cookie.

A race condition vulnerability has been identified in OpenVPN versions 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1. This vulnerability allows remote attackers to potentially cause a server crash or leak heap memory by exploiting a use-after-free condition during the promotion of TLS sessions.