chrome android

Google Chrome on Android versions before 149.0.7827.53 contained CVE-2026-11278, a Custom Tabs origin-validation flaw disclosed on June 4, 2026, that could let a local attacker leak cross-origin data through a crafted HTML page. That is the plain fact; the more interesting story is what the bug...

CVE-2026-11270 is a Google Chrome for Android vulnerability published on June 4, 2026, affecting versions before 149.0.7827.53 and allowing a remote attacker to leak cross-origin data through a crafted HTML page. The flaw is classified by Chromium as low severity, while CISA’s ADP scoring gives...

CVE-2026-11247 is a low-severity Chrome for Android vulnerability, disclosed June 4, 2026 and fixed before version 149.0.7827.53, in which insufficient policy enforcement in Custom Tabs could let a remote attacker leak cross-origin data through a crafted HTML page. The word low is doing a lot of...

Google Chrome on Android before version 149.0.7827.53 contains CVE-2026-11172, a medium-severity Chromium flaw published June 4, 2026, in which incorrect Contact Picker security UI could let a remote attacker spoof interface cues through a crafted HTML page. The bug is not the sort of...

CVE-2026-11167 is a newly published Chrome-for-Android WebView vulnerability, disclosed on June 4, 2026, affecting Google Chrome versions before 149.0.7827.53 and describing a potential sandbox escape after renderer compromise through a crafted HTML page. The awkward part is not just the bug; it...

CVE-2026-11163 is a Chrome on Android use-after-free flaw in the browser’s Messages component, disclosed June 4, 2026, fixed before version 149.0.7827.53, and described as allowing a remote attacker to potentially escape the sandbox through a crafted HTML page. The oddity is not the memory bug...

Google disclosed CVE-2026-11127 on June 4, 2026, as a medium-severity Chrome for Android flaw in WebAPKs that affected versions before 149.0.7827.53 and could let a remote attacker spoof a domain through a crafted WebAPK. The bug is not the scariest item in Chrome 149’s unusually large security...

Google Chrome on Android before version 149.0.7827.53 is listed as vulnerable to CVE-2026-11064, a medium-severity GPU race condition disclosed June 4, 2026, that can let an attacker with renderer compromise leak cross-origin data through a crafted HTML page. The awkward part is not the bug...

Google’s CVE-2026-11034 entry describes a medium-severity Chrome-on-Android flaw fixed before version 149.0.7827.53, where insufficient validation in Tab Group Sync could let a remote attacker inject script or HTML through malicious network traffic. The oddity is not the bug class; universal...

CVE-2026-11019 is a medium-severity Google Chrome for Android flaw, published June 4, 2026 and last modified June 8, that affected versions before 149.0.7827.53 and could let a remote attacker with a compromised renderer spoof a domain through a crafted HTML page. The dry phrasing hides the real...

CVE-2026-11007 is a medium-severity Chrome for Android WebView vulnerability, published June 4, 2026 and modified June 8, that affected versions before 149.0.7827.53 and could let a remote attacker leak cross-origin data after compromising the renderer process. The uncomfortable part is not the...

CVE-2026-10967 is a high-severity use-after-free vulnerability in Chrome’s SurfaceCapture component on Android, disclosed on June 4, 2026, affecting Google Chrome versions before 149.0.7827.53 and potentially allowing a renderer-compromise attacker to escape the browser sandbox through a crafted...

Google disclosed CVE-2026-10953 on June 4, 2026, as a high-severity use-after-free flaw in Chrome’s Core code on Android before version 149.0.7827.53, where a compromised renderer process could use a crafted HTML page to attempt a browser sandbox escape. The short version is simple: this is not...

Google Chrome on Android before version 149.0.7827.53 contains CVE-2026-11297, a Reader Mode input-validation flaw disclosed on June 4, 2026, that can let a local attacker bypass navigation restrictions by using a malicious file. The bug is officially tagged as low severity by Chromium, but the...

Google published CVE-2026-11188 on June 4, 2026, describing a medium-severity use-after-free flaw in Chrome’s USB component on Android before version 149.0.7827.53 that could let a remote attacker attempt a sandbox escape through a crafted HTML page. The interesting part is not that Chrome has...

CVE-2026-11148 is a medium-severity Chrome for Android payments vulnerability, published June 4, 2026 and modified by NVD on June 8, affecting Google Chrome versions before 149.0.7827.53 on Android and allowing cross-origin data leakage through a crafted HTML page. The awkward part is not the...

CVE-2026-11145 is a medium-severity Chrome for Android vulnerability, published by NVD on June 4, 2026 and last modified on June 8, that affects Google Chrome before version 149.0.7827.53 and can allow cross-origin data leakage through a crafted HTML page. The bug is not the sort of...

Google’s CVE-2026-11108 is a Chrome for Android vulnerability disclosed on June 4, 2026, fixed before version 149.0.7827.53, and described as an NFC implementation flaw that could let a remote attacker escalate privileges through a crafted HTML page. The oddity is not the bug class; it is the...

On June 4, 2026, Chrome published CVE-2026-11012, a use-after-free flaw in Chrome for Android’s Serial component fixed before version 149.0.7827.53 that could let an attacker who had already compromised the renderer attempt a sandbox escape through a crafted HTML page. The awkward part is not...

CVE-2026-11178 is a medium-severity Chromium WebView policy-bypass vulnerability, published by NVD on June 4, 2026, affecting Google Chrome on Android before version 149.0.7827.53 and potentially allowing a remote attacker to leak cross-origin data through a crafted HTML page. The bug is not the...