Threat Intelligence Database

CVE-2026-12438 is a critical vulnerability in the WebView component of Google Chrome on Android versions prior to 149.0.7827.155. It allows a remote attacker who has already compromised the renderer process to potentially escape the sandbox via a crafted HTML page. This vulnerability could enable an attacker to break out of the browser's security restrictions. The issue affects Chrome on Android and was publicly disclosed in June 2026. No explicit patch or remediation level is confirmed from the vendor advisory, but the affected version is identified as 149.0.7827.155. There are no known exploits in the wild at the time of disclosure.

CVE-2026-11028 is a use-after-free vulnerability in the Media component of Google Chrome on Linux and ChromeOS. It affects versions prior to 149.0.7827.53 and allows a remote attacker who has compromised the renderer process to execute arbitrary code within the sandbox via a crafted HTML page. The vulnerability has a high severity rating with a CVSS score of 8.8. No known exploits in the wild have been reported at this time.

Insufficient validation of untrusted input in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Use after free in Glic in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

An integer overflow vulnerability exists in the Media component of Google Chrome prior to version 149.0.7827.53. This flaw allows a remote attacker to execute arbitrary code within the sandbox by leveraging a specially crafted malicious file. The vulnerability has been assigned a high severity rating with a CVSS score of 8.8. No known exploits are reported in the wild at this time. The vendor has published an advisory but has not explicitly stated the remediation status in the provided data.

CVE-2026-10983 is a critical vulnerability in Google Chrome prior to version 149.0.7827.53. It involves insufficient validation of untrusted input in the Dawn component, which could allow a remote attacker to perform a sandbox escape via a crafted HTML page. The vulnerability has a high CVSS score of 9.6, indicating severe impact on confidentiality, integrity, and availability. No known exploits in the wild have been reported. A vendor advisory is available but does not explicitly confirm patch status or remediation details.

CVE-2026-10979 is an out-of-bounds read vulnerability in the ANGLE component of Google Chrome versions prior to 149.0.7827.53. This flaw allows a remote attacker to potentially access sensitive information from process memory by convincing a user to visit a crafted HTML page. The vulnerability has a CVSS score of 6.5, indicating a medium severity level. No known exploits are reported in the wild. The issue affects desktop versions of Chrome before 149.0.7827.53.

Use after free in Ozone in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

CVE-2026-10938 is a high-severity vulnerability in Google Chrome prior to version 149.0.7827.53. It involves insufficient validation of untrusted input in the Input component, allowing a remote attacker who has compromised the renderer process to bypass site isolation using a crafted HTML page. This vulnerability affects the confidentiality and integrity of data but does not impact availability. No confirmed exploits in the wild have been reported. The vendor advisory does not explicitly confirm a patch or remediation status.

A use-after-free vulnerability exists in the WebAppInstalls component of Google Chrome on Android versions prior to 149.0.7827.53. This flaw allows a local attacker to execute arbitrary code via a malicious file. The vulnerability is rated high severity with a CVSS score of 8.8.