Common Vulnerabilities and Exposures (CVE)

CVE-2026-13797

Jul 2, 2026 03:57:13 UTC

Insufficient validation of untrusted input in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium s...

CVE-2026-13798

Jul 2, 2026 03:57:12 UTC

Heap buffer overflow in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High...

CVE-2026-13799

Jul 2, 2026 03:57:10 UTC

Use after free in QUIC in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via malicious network traffic. (Chromium security severity: High)

CVE-2026-13897

Jul 2, 2026 03:57:09 UTC

Insufficient policy enforcement in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)

CVE-2026-13801

Jul 2, 2026 03:57:08 UTC

Integer overflow in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

CVE-2026-13898

Jul 2, 2026 03:57:07 UTC

Use after free in Cast Receiver in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

CVE-2026-13899

Jul 2, 2026 03:57:05 UTC

Use after free in HTML in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

CVE-2026-13903

Jul 2, 2026 03:57:03 UTC

Insufficient policy enforcement in Bluetooth in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)

CVE-2026-13925

Jul 2, 2026 03:57:02 UTC

Inappropriate implementation in Downloads in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium secur...

CVE-2026-13927

Jul 2, 2026 03:57:00 UTC

Insufficient validation of untrusted input in UI in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: Medium)

CVE-2026-13928

Jul 2, 2026 03:56:59 UTC

Insufficient validation of untrusted input in Enterprise in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)

CVE-2026-13803

Jul 2, 2026 03:56:57 UTC

Type Confusion in Chrome Tabs in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

CVE-2026-13965

Jul 2, 2026 03:56:56 UTC

Use after free in Oilpan in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

CVE-2026-13804

Jul 2, 2026 03:56:53 UTC

Use after free in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

CVE-2026-13967

Jul 2, 2026 03:56:52 UTC

Heap buffer overflow in V8 in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)