Descripción
Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, obtain sensitive information, cause denial of service.
Below is a complete list of vulnerabilities:
- Race vulnerability in DevTools can be exploited remotely to bypass security restrictions by performing a sandbox escape.
- Insufficient validation of untrusted input vulnerability in Navigation can be exploited remotely to bypass site isolation.
- Out of bounds read and write vulnerability in Blink InterestGroups can be exploited remotely to execute arbitrary code.
- Uninitialized use vulnerability in GPU can be exploited remotely to obtain potentially sensitive information from process memory
- Use after free vulnerability in WebGL on Android can be exploited remotely to bypass security restrictions by performing a sandbox escape.
- Use after free vulnerability in FileSystem can be exploited remotely to cause denial of service or execute arbitrary code.
- Use after free vulnerability in Bluetooth on Mac can be exploited remotely to execute arbitrary code via a malicious peripheral.
- Use after free vulnerability in Web Authentication can be exploited via a crafted Chrome Extension to cause denial of service or execute arbitrary code.
- Inappropriate implementation vulnerability in Passwords can be exploited remotely to bypass site isolation.
- Inappropriate implementation vulnerability in DeviceBoundSessionCredentials can be exploited remotely to bypass same origin policy.
- Use after free vulnerability in WebView on Android can be exploited locally to execute arbitrary code inside a sandbox.
- Use after free vulnerability in Blink can be exploited remotely to execute arbitrary code inside a sandbox.
- Use after free vulnerability in Autofill on Windows can be exploited remotely to execute arbitrary code.
- Use after free vulnerability in Digital Credentials on Mac can be exploited remotely to cause denial of service or execute arbitrary code.
- Inappropriate implementation vulnerability in Autofill can be exploited remotely to obtain cross-origin data.
- Uninitialized use vulnerability in GPU on Android can be exploited remotely to obtain potentially sensitive information from process memory.
Notas informativas originales
Explotación
Public exploits exist for this vulnerability.
Productos relacionados
Lista CVE
- CVE-2026-13021 warning
- CVE-2026-13022 high
- CVE-2026-13023 high
- CVE-2026-13024 warning
- CVE-2026-13025 critical
- CVE-2026-13026 critical
- CVE-2026-13027 critical
- CVE-2026-13028 critical
- CVE-2026-13029 critical
- CVE-2026-13030 high
- CVE-2026-13031 critical
- CVE-2026-13032 critical
- CVE-2026-13033 critical
- CVE-2026-13034 warning
- CVE-2026-13035 critical
- CVE-2026-13036 critical
- CVE-2026-13037 critical
- CVE-2026-13038 critical
Leer más
Conozca las estadísticas de las vulnerabilidades que se propagan en su región statistics.securelist.com
¿Has encontrado algún error en la descripción de esta vulnerabilidad? ¡Háznoslo saber!