Google patched CVE-2026-14019 in Chrome 150.0.7871.47 for Windows and Mac on June 30, 2026, fixing a medium-severity Passwords-component flaw that could let a remote attacker leak cross-origin data through a crafted HTML page if a user visited it. The National Vulnerability Database entry, fed...
Google documented CVE-2026-14022 on June 30, 2026, as a medium-severity Chrome Network vulnerability fixed before version 150.0.7871.47 that could let an attacker with a compromised renderer process leak cross-origin data through a crafted HTML page. The National Vulnerability Database entry...
Google Chrome before version 150.0.7871.47 contains CVE-2026-14026, a SplitView security-interface flaw disclosed on June 30, 2026, that can let a remote attacker use a crafted HTML page and user gestures to spoof browser UI on Windows, macOS, and Linux. The bug is not a drive-by code execution...
On June 30, 2026, Google disclosed CVE-2026-14037, a Chrome GPU-process policy-enforcement flaw fixed in desktop Chrome 150.0.7871.47 that could let an attacker escape the browser sandbox after first compromising the renderer process with a crafted HTML page. The awkward part is not merely the...
Google fixed CVE-2026-14038 in Chrome 150.0.7871.47 for Windows and Mac on June 30, 2026, addressing a low-severity New Tab Page input-validation flaw that could help an attacker escape Chrome’s sandbox after already compromising the renderer process with a crafted HTML page. The oddity is not...
Google fixed CVE-2026-14040 in Chrome 150.0.7871.47, released through the Stable Channel for desktop on June 30, 2026, after documenting a low-severity use-after-free flaw in BrowserTag that required a malicious Chrome extension and user installation to become exploitable. That narrow attack...
CVE-2026-14051 is a low-severity Chromium GamepadAPI information-disclosure flaw, published by NVD on June 30, 2026, fixed in Chrome 150.0.7871.47 for Windows and Mac, and relevant to users on Windows, macOS, and Linux running vulnerable Chrome builds before the stable-channel update. The short...
Google Chrome before version 150.0.7871.47 on Windows and Mac contains CVE-2026-14056, a Media input-validation flaw disclosed June 30, 2026, that could let an attacker who already compromised Chrome’s renderer process attempt a sandbox escape through a crafted video file. The uncomfortable part...
Google fixed CVE-2026-14072 in Chrome 150.0.7871.47 for Windows and Mac on June 30, 2026, after documenting a low-severity SplitView flaw that could let a remote attacker spoof browser security UI through a crafted HTML page when user interaction occurs. That sounds modest, and by the arithmetic...
Google published CVE-2026-14084 on June 30, 2026, for an insufficient-input-validation flaw in Chrome’s Chromoting component before version 150.0.7871.47, where malicious network traffic could potentially trigger heap corruption in the browser. The entry looks modest at first because Chromium...
Google Chrome before 150.0.7871.47 contains CVE-2026-14086, an insufficient policy enforcement flaw in the browser’s HID handling that NVD says could let a remote attacker execute arbitrary code through a crafted HTML page. That sentence is both alarming and strangely understated, because...
Google fixed CVE-2026-14087 in Chrome 150.0.7871.47 for Windows on June 30, 2026, after documenting a WebNN heap buffer overflow that could be reached through a crafted HTML page once an attacker had already compromised the renderer process. The bug is formally rated Low by Chromium, but CISA’s...
Google fixed CVE-2026-14102 in Chrome 150.0.7871.47 for Windows and Mac on June 30, 2026, closing a use-after-free bug in the browser’s Passwords component that could let a remote attacker trigger heap corruption through a crafted HTML page. The awkward part is not that Chrome had another...
Google’s Chrome team fixed CVE-2026-14117 in the June 30, 2026 Stable Channel desktop update, addressing a Windows-only DevTools input-validation flaw in Chrome versions before 150.0.7871.47 that could leak sensitive process-memory data after user interaction with a crafted web page. The...
Google Chrome for Windows versions before 150.0.7871.47 are affected by CVE-2026-14119, a Bluetooth type-confusion flaw disclosed on June 30, 2026, that can let a nearby attacker using a malicious peripheral read potentially sensitive memory from a Chrome process. The bug is not a...
Google Chrome CVE-2026-14131 was published by NVD on June 30, 2026, for a WebAppInstalls input-validation flaw fixed in Chrome 150.0.7871.47, with NVD’s July 1 enrichment adding the expected Google Chrome CPE for versions before that build. The apparent “missing CPE” is less a sign of absent...
Google disclosed CVE-2026-14150 on June 30, 2026, as a low-severity Chrome Speech-component flaw fixed in Chrome 150.0.7871.47 for Windows and Mac, allowing UI spoofing only after an attacker had already compromised the renderer process. The National Vulnerability Database then enriched the...
Google patched CVE-2026-13961 in Chrome 150.0.7871.47 for Windows after disclosing that a crafted HTML page, paired with specific user interface gestures, could let a remote attacker obtain potentially sensitive information from process memory through DevTools. The bug is rated Medium by...
Google’s Chrome 150.0.7871.47 update, released at the end of June 2026 for desktop platforms, fixes CVE-2026-14071, a WebAudio side-channel information leak that could let a remote attacker infer cross-origin data after convincing a user to open a crafted HTML page. The bug is not a...
Google Chrome’s CVE-2026-13960 is a medium-severity Passwords-component flaw, published by NVD on June 30, 2026 and modified on July 2, that affects Chrome versions before 150.0.7871.47 and allows UI spoofing through a crafted HTML page. The short answer to the submitted question is: no, the CPE...