Kaspersky ID:
KLA91120
検出日:
06/26/2026
更新日:
06/29/2026

説明

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to inject malicious code, cause denial of service, obtain sensitive information, execute arbitrary code, bypass security restrictions, gain privileges.

Below is a complete list of vulnerabilities:

  1. Uninitialized Use in GPU in Google Chrome сan be exploited remotely to code injection.
  2. Denial of service vulnerability can be exploited remotely to cause denial of service.
  3. Inappropriate implementation vulnerability in Autofill can be exploited remotely to obtain cross-origin data.
  4. A remote code execution vulnerability can be exploited remotely to execute arbitrary code.
  5. Use after free vulnerability in Digital Credentials on Mac can be exploited remotely to cause denial of service or execute arbitrary code.
  6. Inappropriate implementation vulnerability in DeviceBoundSessionCredentials can be exploited remotely to bypass same origin policy.
  7. Uninitialized use vulnerability in GPU can be exploited remotely to obtain potentially sensitive information from process memory.
  8. A remote code execution vulnerability in Microsoft Edge (Chromium-based) can be exploited remotely to execute arbitrary code.
  9. Use after free in Passwords in Google Chrome can be exploited to cause denial of service or execute arbitrary code.
  10. Use after free vulnerability in Autofill on Windows can be exploited remotely to execute arbitrary code.
  11. Insufficient validation of untrusted input vulnerability in Navigation can be exploited remotely to bypass site isolation.
  12. Inappropriate implementation in WebView in Google Chrome can be exploited to bypass security restrictions.
  13. Inappropriate implementation in WebView in Google Chrome can be exploited remotely to gain privileges.
  14. Inappropriate implementation vulnerability in Passwords can be exploited remotely to bypass site isolation.
  15. Use after free vulnerability in Bluetooth on Mac can be exploited remotely to execute arbitrary code via a malicious peripheral.
  16. Out of bounds read and write vulnerability in Blink InterestGroups can be exploited remotely to execute arbitrary code.
  17. Use after free vulnerability in Web Authentication can be exploited via a crafted Chrome Extension to cause denial of service or execute arbitrary code.
  18. A remote code execution vulnerability in Printing can be exploited remotely to execute arbitrary code.
  19. Use after free vulnerability in FileSystem can be exploited remotely to cause denial of service or execute arbitrary code.
  20. Use after free vulnerability in Blink can be exploited remotely to execute arbitrary code inside a sandbox.
  21. Race vulnerability in DevTools can be exploited remotely to bypass security restrictions by performing a sandbox escape.

オリジナルアドバイザリー

エクスプロイテーション

Public exploits exist for this vulnerability.

関連製品

CVEリスト

  • CVE-2026-11647
    critical
  • CVE-2026-12028
    critical
  • CVE-2026-12030
    critical
  • CVE-2026-12032
    warning
  • CVE-2026-12442
    critical
  • CVE-2026-12438
    critical
  • CVE-2026-12469
    warning
  • CVE-2026-12448
    critical
  • CVE-2026-13021
    warning
  • CVE-2026-13022
    high
  • CVE-2026-13023
    high
  • CVE-2026-13024
    warning
  • CVE-2026-13025
    critical
  • CVE-2026-13026
    critical
  • CVE-2026-13027
    critical
  • CVE-2026-13029
    critical
  • CVE-2026-13031
    critical
  • CVE-2026-13033
    critical
  • CVE-2026-13034
    warning
  • CVE-2026-13035
    critical
  • CVE-2026-13036
    critical
  • CVE-2026-13038
    critical
  • CVE-2026-50521
    critical

も参照してください

お住まいの地域に広がる脆弱性の統計をご覧ください statistics.securelist.com

この脆弱性についての記述に不正確な点がありますか? お知らせください!
Kaspersky IT Security Calculator
も参照してください
新しいカスペルスキー
あなたのデジタルライフを守る
も参照してください
Do you want to save your changes?
Your message has been sent successfully.