Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2026-AVI-0607
Vulnerability from certfr_avis - Published: 2026-05-18 - Updated: 2026-05-18
De multiples vulnérabilités ont été découvertes dans Microsoft Edge. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Edge versions ant\u00e9rieures \u00e0 148.0.3967.70",
"product": {
"name": "Edge",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-8554",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8554"
},
{
"name": "CVE-2026-8559",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8559"
},
{
"name": "CVE-2026-8547",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8547"
},
{
"name": "CVE-2026-8542",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8542"
},
{
"name": "CVE-2026-8562",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8562"
},
{
"name": "CVE-2026-8513",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8513"
},
{
"name": "CVE-2026-8560",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8560"
},
{
"name": "CVE-2026-8534",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8534"
},
{
"name": "CVE-2026-8531",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8531"
},
{
"name": "CVE-2026-8578",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8578"
},
{
"name": "CVE-2026-8565",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8565"
},
{
"name": "CVE-2026-8536",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8536"
},
{
"name": "CVE-2026-8587",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8587"
},
{
"name": "CVE-2026-8571",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8571"
},
{
"name": "CVE-2026-8556",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8556"
},
{
"name": "CVE-2026-8543",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8543"
},
{
"name": "CVE-2026-45494",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45494"
},
{
"name": "CVE-2026-8557",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8557"
},
{
"name": "CVE-2026-8538",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8538"
},
{
"name": "CVE-2026-8526",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8526"
},
{
"name": "CVE-2026-8523",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8523"
},
{
"name": "CVE-2026-8549",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8549"
},
{
"name": "CVE-2026-8530",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8530"
},
{
"name": "CVE-2026-8541",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8541"
},
{
"name": "CVE-2026-8535",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8535"
},
{
"name": "CVE-2026-8515",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8515"
},
{
"name": "CVE-2026-8533",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8533"
},
{
"name": "CVE-2026-8585",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8585"
},
{
"name": "CVE-2026-8527",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8527"
},
{
"name": "CVE-2026-8584",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8584"
},
{
"name": "CVE-2026-8517",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8517"
},
{
"name": "CVE-2026-8579",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8579"
},
{
"name": "CVE-2026-8573",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8573"
},
{
"name": "CVE-2026-8569",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8569"
},
{
"name": "CVE-2026-8545",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8545"
},
{
"name": "CVE-2026-8529",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8529"
},
{
"name": "CVE-2026-8561",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8561"
},
{
"name": "CVE-2026-45495",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45495"
},
{
"name": "CVE-2026-8546",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8546"
},
{
"name": "CVE-2026-8544",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8544"
},
{
"name": "CVE-2026-8540",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8540"
},
{
"name": "CVE-2026-8555",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8555"
},
{
"name": "CVE-2026-8528",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8528"
},
{
"name": "CVE-2026-8570",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8570"
},
{
"name": "CVE-2026-8512",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8512"
},
{
"name": "CVE-2026-8553",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8553"
},
{
"name": "CVE-2026-8566",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8566"
},
{
"name": "CVE-2026-8551",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8551"
},
{
"name": "CVE-2026-8577",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8577"
},
{
"name": "CVE-2026-8539",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8539"
},
{
"name": "CVE-2026-8525",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8525"
},
{
"name": "CVE-2026-8563",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8563"
},
{
"name": "CVE-2026-8514",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8514"
},
{
"name": "CVE-2026-8509",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8509"
},
{
"name": "CVE-2026-8524",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8524"
},
{
"name": "CVE-2026-8558",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8558"
},
{
"name": "CVE-2026-8580",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8580"
},
{
"name": "CVE-2026-8516",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8516"
},
{
"name": "CVE-2026-8567",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8567"
},
{
"name": "CVE-2026-8510",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8510"
},
{
"name": "CVE-2026-8576",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8576"
},
{
"name": "CVE-2026-8568",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8568"
},
{
"name": "CVE-2026-8582",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8582"
},
{
"name": "CVE-2026-8518",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8518"
},
{
"name": "CVE-2026-8586",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8586"
},
{
"name": "CVE-2026-8575",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8575"
},
{
"name": "CVE-2026-8572",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8572"
},
{
"name": "CVE-2026-8548",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8548"
},
{
"name": "CVE-2026-8532",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8532"
},
{
"name": "CVE-2026-8581",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8581"
},
{
"name": "CVE-2026-45492",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45492"
},
{
"name": "CVE-2026-8537",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8537"
},
{
"name": "CVE-2026-8519",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8519"
},
{
"name": "CVE-2026-8550",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8550"
},
{
"name": "CVE-2026-8511",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8511"
},
{
"name": "CVE-2026-8552",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8552"
}
],
"initial_release_date": "2026-05-18T00:00:00",
"last_revision_date": "2026-05-18T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0607",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-05-18T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Edge. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9 et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Edge",
"vendor_advisories": [
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8541",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8541"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8577",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8577"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8509",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8509"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8527",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8527"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8584",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8584"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8535",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8535"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8576",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8576"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8518",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8518"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8549",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8549"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8538",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8538"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8544",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8544"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8536",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8536"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8573",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8573"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8531",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8531"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8580",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8580"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8546",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8546"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8558",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8558"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8565",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8565"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8526",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8526"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8550",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8550"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8569",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8569"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8561",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8561"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8519",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8519"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8568",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8568"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8555",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8555"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8530",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8530"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8513",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8513"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8532",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8532"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8587",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8587"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8511",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8511"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8581",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8581"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8571",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8571"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8556",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8556"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8586",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8586"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8533",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8533"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8515",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8515"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-45495",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45495"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8523",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8523"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8525",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8525"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8552",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8552"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8537",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8537"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8516",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8516"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8540",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8540"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8512",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8512"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8585",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8585"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8539",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8539"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8548",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8548"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8575",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8575"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8560",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8560"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8543",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8543"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8578",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8578"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8572",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8572"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8563",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8563"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8570",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8570"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8514",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8514"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8557",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8557"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8547",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8547"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8545",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8545"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8542",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8542"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-45492",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45492"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8554",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8554"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8567",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8567"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8579",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8579"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8524",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8524"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8566",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8566"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8551",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8551"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8582",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8582"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8559",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8559"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8562",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8562"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8534",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8534"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8517",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8517"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-45494",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45494"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8528",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8528"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8510",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8510"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8553",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8553"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2026-8529",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8529"
}
]
}
CVE-2026-8541 (GCVE-0-2026-8541)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-14 21:29
VLAI?
EPSS
Summary
Out of bounds read in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
Severity ?
5.3 (Medium)
CWE
- CWE-125 - Out of bounds read
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8541",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T21:29:21.193997Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T21:29:24.470Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "148.0.7778.168",
"status": "affected",
"version": "148.0.7778.168",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out of bounds read in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out of bounds read",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:52:23.077Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/496645393"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8541",
"datePublished": "2026-05-14T19:52:23.077Z",
"dateReserved": "2026-05-14T05:40:17.993Z",
"dateUpdated": "2026-05-14T21:29:24.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8566 (GCVE-0-2026-8566)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-15 15:23
VLAI?
EPSS
Summary
Insufficient policy enforcement in Payments in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Medium)
Severity ?
4.3 (Medium)
CWE
- Insufficient policy enforcement
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8566",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-15T15:22:42.953906Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T15:23:24.457Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "148.0.7778.168",
"status": "affected",
"version": "148.0.7778.168",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient policy enforcement in Payments in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Medium)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insufficient policy enforcement",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:52:31.537Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/470646792"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8566",
"datePublished": "2026-05-14T19:52:31.537Z",
"dateReserved": "2026-05-14T05:40:23.598Z",
"dateUpdated": "2026-05-15T15:23:24.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8534 (GCVE-0-2026-8534)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-15 03:57
VLAI?
EPSS
Summary
Integer overflow in GPU in Google Chrome on Linux and ChromeOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Severity ?
8.3 (High)
CWE
- CWE-472 - Integer overflow
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8534",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T03:57:16.179Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "148.0.7778.168",
"status": "affected",
"version": "148.0.7778.168",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in GPU in Google Chrome on Linux and ChromeOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-472",
"description": "Integer overflow",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:52:20.569Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/495314407"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8534",
"datePublished": "2026-05-14T19:52:20.569Z",
"dateReserved": "2026-05-14T05:40:16.301Z",
"dateUpdated": "2026-05-15T03:57:16.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8535 (GCVE-0-2026-8535)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-14 21:31
VLAI?
EPSS
Summary
Out of bounds read in Media in Google Chrome on Linux and ChromeOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted JPEG file. (Chromium security severity: High)
Severity ?
5.3 (Medium)
CWE
- CWE-125 - Out of bounds read
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8535",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T21:31:20.817897Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T21:31:23.360Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "148.0.7778.168",
"status": "affected",
"version": "148.0.7778.168",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out of bounds read in Media in Google Chrome on Linux and ChromeOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted JPEG file. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out of bounds read",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:52:20.877Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/495530312"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8535",
"datePublished": "2026-05-14T19:52:20.877Z",
"dateReserved": "2026-05-14T05:40:16.534Z",
"dateUpdated": "2026-05-14T21:31:23.360Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8571 (GCVE-0-2026-8571)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-15 03:57
VLAI?
EPSS
Summary
Insufficient policy enforcement in GPU in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
Severity ?
8.3 (High)
CWE
- Insufficient policy enforcement
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8571",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693 Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T03:57:23.850Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "148.0.7778.168",
"status": "affected",
"version": "148.0.7778.168",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient policy enforcement in GPU in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insufficient policy enforcement",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:52:33.485Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/491422244"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8571",
"datePublished": "2026-05-14T19:52:33.485Z",
"dateReserved": "2026-05-14T05:40:24.736Z",
"dateUpdated": "2026-05-15T03:57:23.850Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8516 (GCVE-0-2026-8516)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-14 21:33
VLAI?
EPSS
Summary
Insufficient validation of untrusted input in DataTransfer in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Critical)
Severity ?
5.3 (Medium)
CWE
- CWE-20 - Insufficient validation of untrusted input
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8516",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T21:33:32.762377Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T21:33:49.533Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "148.0.7778.168",
"status": "affected",
"version": "148.0.7778.168",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient validation of untrusted input in DataTransfer in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Critical)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Insufficient validation of untrusted input",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:52:13.261Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/496393078"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8516",
"datePublished": "2026-05-14T19:52:13.261Z",
"dateReserved": "2026-05-14T05:40:11.943Z",
"dateUpdated": "2026-05-14T21:33:49.533Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8523 (GCVE-0-2026-8523)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-15 03:57
VLAI?
EPSS
Summary
Use after free in Mojo in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Severity ?
8.3 (High)
CWE
- CWE-416 - Use after free
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8523",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T03:57:00.366Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "148.0.7778.168",
"status": "affected",
"version": "148.0.7778.168",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free in Mojo in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use after free",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:52:15.968Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/483956252"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8523",
"datePublished": "2026-05-14T19:52:15.968Z",
"dateReserved": "2026-05-14T05:40:13.592Z",
"dateUpdated": "2026-05-15T03:57:00.366Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8585 (GCVE-0-2026-8585)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-15 13:41
VLAI?
EPSS
Summary
Inappropriate implementation in Media in Google Chrome on iOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)
Severity ?
7.5 (High)
CWE
- Inappropriate implementation
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8585",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-15T13:40:30.255811Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693 Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T13:41:00.790Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "148.0.7778.168",
"status": "affected",
"version": "148.0.7778.168",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Inappropriate implementation in Media in Google Chrome on iOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Inappropriate implementation",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:52:44.556Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/499052720"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8585",
"datePublished": "2026-05-14T19:52:44.556Z",
"dateReserved": "2026-05-14T05:40:27.970Z",
"dateUpdated": "2026-05-15T13:41:00.790Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8529 (GCVE-0-2026-8529)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-15 03:56
VLAI?
EPSS
Summary
Heap buffer overflow in Codecs in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted video file. (Chromium security severity: High)
Severity ?
8.8 (High)
CWE
- CWE-122 - Heap buffer overflow
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8529",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T03:56:37.548Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "148.0.7778.168",
"status": "affected",
"version": "148.0.7778.168",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap buffer overflow in Codecs in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted video file. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap buffer overflow",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:52:18.754Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/490222151"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8529",
"datePublished": "2026-05-14T19:52:18.754Z",
"dateReserved": "2026-05-14T05:40:15.098Z",
"dateUpdated": "2026-05-15T03:56:37.548Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8514 (GCVE-0-2026-8514)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-15 03:56
VLAI?
EPSS
Summary
Use after free in Aura in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
Severity ?
8.3 (High)
CWE
- CWE-416 - Use after free
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8514",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T03:56:56.749Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "148.0.7778.168",
"status": "affected",
"version": "148.0.7778.168",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free in Aura in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use after free",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:52:12.496Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/495948109"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8514",
"datePublished": "2026-05-14T19:52:12.496Z",
"dateReserved": "2026-05-14T05:40:11.408Z",
"dateUpdated": "2026-05-15T03:56:56.749Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8559 (GCVE-0-2026-8559)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-14 21:26
VLAI?
EPSS
Summary
Integer overflow in Internationalization in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
Severity ?
4.3 (Medium)
CWE
- CWE-472 - Integer overflow
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8559",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T21:26:55.719872Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T21:26:58.176Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "148.0.7778.168",
"status": "affected",
"version": "148.0.7778.168",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in Internationalization in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-472",
"description": "Integer overflow",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:52:29.071Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/504629701"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8559",
"datePublished": "2026-05-14T19:52:29.071Z",
"dateReserved": "2026-05-14T05:40:22.074Z",
"dateUpdated": "2026-05-14T21:26:58.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8542 (GCVE-0-2026-8542)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-15 03:57
VLAI?
EPSS
Summary
Use after free in Core in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Severity ?
8.3 (High)
CWE
- CWE-416 - Use after free
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8542",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T03:57:10.165Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "148.0.7778.168",
"status": "affected",
"version": "148.0.7778.168",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free in Core in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use after free",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:52:23.417Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/497066659"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8542",
"datePublished": "2026-05-14T19:52:23.417Z",
"dateReserved": "2026-05-14T05:40:18.194Z",
"dateUpdated": "2026-05-15T03:57:10.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8581 (GCVE-0-2026-8581)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-15 03:56
VLAI?
EPSS
Summary
Use after free in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
Severity ?
8.8 (High)
CWE
- CWE-416 - Use after free
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8581",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T03:56:24.188Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "148.0.7778.168",
"status": "affected",
"version": "148.0.7778.168",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use after free",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:52:42.583Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/497292072"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8581",
"datePublished": "2026-05-14T19:52:42.583Z",
"dateReserved": "2026-05-14T05:40:26.995Z",
"dateUpdated": "2026-05-15T03:56:24.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8568 (GCVE-0-2026-8568)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-06-16 21:20
VLAI?
EPSS
Determined not a vulnerability
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2026-06-16T21:20:30.096Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"rejectedReasons": [
{
"lang": "en",
"value": "Determined not a vulnerability"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8568",
"datePublished": "2026-05-14T19:52:32.224Z",
"dateRejected": "2026-06-16T21:20:30.096Z",
"dateReserved": "2026-05-14T05:40:24.102Z",
"dateUpdated": "2026-06-16T21:20:30.096Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8543 (GCVE-0-2026-8543)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-14 21:29
VLAI?
EPSS
Summary
Out of bounds read in FileSystem in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
Severity ?
5.3 (Medium)
CWE
- CWE-125 - Out of bounds read
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8543",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T21:28:59.327263Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T21:29:01.818Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "148.0.7778.168",
"status": "affected",
"version": "148.0.7778.168",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out of bounds read in FileSystem in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out of bounds read",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:52:23.770Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/497095799"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8543",
"datePublished": "2026-05-14T19:52:23.770Z",
"dateReserved": "2026-05-14T05:40:18.462Z",
"dateUpdated": "2026-05-14T21:29:01.818Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8511 (GCVE-0-2026-8511)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-15 03:56
VLAI?
EPSS
Summary
Use after free in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
Severity ?
9.6 (Critical)
CWE
- CWE-416 - Use after free
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8511",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T03:56:52.134Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "148.0.7778.168",
"status": "affected",
"version": "148.0.7778.168",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use after free",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:52:10.918Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/495108488"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8511",
"datePublished": "2026-05-14T19:52:10.918Z",
"dateReserved": "2026-05-14T05:40:10.520Z",
"dateUpdated": "2026-05-15T03:56:52.134Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8547 (GCVE-0-2026-8547)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-15 03:56
VLAI?
EPSS
Summary
Insufficient policy enforcement in Passwords in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: High)
Severity ?
7.5 (High)
CWE
- Insufficient policy enforcement
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8547",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T03:56:49.014Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "148.0.7778.168",
"status": "affected",
"version": "148.0.7778.168",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient policy enforcement in Passwords in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insufficient policy enforcement",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:52:25.163Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/497632199"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8547",
"datePublished": "2026-05-14T19:52:25.163Z",
"dateReserved": "2026-05-14T05:40:19.419Z",
"dateUpdated": "2026-05-15T03:56:49.014Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8565 (GCVE-0-2026-8565)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-14 21:24
VLAI?
EPSS
Summary
Inappropriate implementation in Downloads in Google Chrome on Mac prior to 148.0.7778.168 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Medium)
Severity ?
4.7 (Medium)
CWE
- Inappropriate implementation
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8565",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T21:24:46.235457Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-451",
"description": "CWE-451 User Interface (UI) Misrepresentation of Critical Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T21:24:48.778Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "148.0.7778.168",
"status": "affected",
"version": "148.0.7778.168",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Inappropriate implementation in Downloads in Google Chrome on Mac prior to 148.0.7778.168 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Medium)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Inappropriate implementation",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:52:31.198Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/442860473"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8565",
"datePublished": "2026-05-14T19:52:31.198Z",
"dateReserved": "2026-05-14T05:40:23.318Z",
"dateUpdated": "2026-05-14T21:24:48.778Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8575 (GCVE-0-2026-8575)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-15 03:57
VLAI?
EPSS
Summary
Use after free in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
Severity ?
8.3 (High)
CWE
- CWE-416 - Use after free
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8575",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T03:57:13.106Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "148.0.7778.168",
"status": "affected",
"version": "148.0.7778.168",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use after free",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:52:39.457Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/496217775"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8575",
"datePublished": "2026-05-14T19:52:39.457Z",
"dateReserved": "2026-05-14T05:40:25.587Z",
"dateUpdated": "2026-05-15T03:57:13.106Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8518 (GCVE-0-2026-8518)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-15 03:56
VLAI?
EPSS
Summary
Use after free in Blink in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Critical)
Severity ?
8.8 (High)
CWE
- CWE-416 - Use after free
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8518",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T03:56:34.545Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "148.0.7778.168",
"status": "affected",
"version": "148.0.7778.168",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free in Blink in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Critical)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use after free",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:52:14.023Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/497830330"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8518",
"datePublished": "2026-05-14T19:52:14.023Z",
"dateReserved": "2026-05-14T05:40:12.377Z",
"dateUpdated": "2026-05-15T03:56:34.545Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8524 (GCVE-0-2026-8524)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-15 03:57
VLAI?
EPSS
Summary
Out of bounds write in WebAudio in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Severity ?
8.8 (High)
CWE
- CWE-787 - Out of bounds write
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8524",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T03:57:29.743Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "148.0.7778.168",
"status": "affected",
"version": "148.0.7778.168",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out of bounds write in WebAudio in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out of bounds write",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:52:16.714Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/499565267"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8524",
"datePublished": "2026-05-14T19:52:16.714Z",
"dateReserved": "2026-05-14T05:40:13.831Z",
"dateUpdated": "2026-05-15T03:57:29.743Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8537 (GCVE-0-2026-8537)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-15 13:47
VLAI?
EPSS
Summary
Insufficient policy enforcement in ViewTransitions in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
Severity ?
4.3 (Medium)
CWE
- Insufficient policy enforcement
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8537",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-15T13:46:26.832394Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-942",
"description": "CWE-942 Permissive Cross-domain Policy with Untrusted Domains",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T13:47:09.476Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "148.0.7778.168",
"status": "affected",
"version": "148.0.7778.168",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient policy enforcement in ViewTransitions in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insufficient policy enforcement",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:52:21.668Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/495890000"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8537",
"datePublished": "2026-05-14T19:52:21.668Z",
"dateReserved": "2026-05-14T05:40:17.034Z",
"dateUpdated": "2026-05-15T13:47:09.476Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8550 (GCVE-0-2026-8550)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-14 21:28
VLAI?
EPSS
Summary
Use after free in Google Lens in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
Severity ?
6.5 (Medium)
CWE
- CWE-416 - Use after free
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8550",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T21:28:09.678093Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T21:28:12.124Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "148.0.7778.168",
"status": "affected",
"version": "148.0.7778.168",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free in Google Lens in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use after free",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:52:26.183Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/498322453"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8550",
"datePublished": "2026-05-14T19:52:26.183Z",
"dateReserved": "2026-05-14T05:40:20.032Z",
"dateUpdated": "2026-05-14T21:28:12.124Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8526 (GCVE-0-2026-8526)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-15 03:57
VLAI?
EPSS
Summary
Out of bounds write in WebRTC in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Severity ?
8.8 (High)
CWE
- CWE-787 - Out of bounds write
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8526",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T03:57:31.145Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "148.0.7778.168",
"status": "affected",
"version": "148.0.7778.168",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out of bounds write in WebRTC in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out of bounds write",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:52:17.620Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/486536241"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8526",
"datePublished": "2026-05-14T19:52:17.620Z",
"dateReserved": "2026-05-14T05:40:14.322Z",
"dateUpdated": "2026-05-15T03:57:31.145Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8536 (GCVE-0-2026-8536)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-15 13:55
VLAI?
EPSS
Summary
Insufficient validation of untrusted input in ReadingMode in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to bypass site Isolation via a crafted HTML page. (Chromium security severity: High)
Severity ?
CWE
- CWE-20 - Insufficient validation of untrusted input
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8536",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-15T13:55:26.275163Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T13:55:54.170Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "148.0.7778.168",
"status": "affected",
"version": "148.0.7778.168",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient validation of untrusted input in ReadingMode in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to bypass site Isolation via a crafted HTML page. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Insufficient validation of untrusted input",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:52:21.210Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/495857582"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8536",
"datePublished": "2026-05-14T19:52:21.210Z",
"dateReserved": "2026-05-14T05:40:16.763Z",
"dateUpdated": "2026-05-15T13:55:54.170Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8513 (GCVE-0-2026-8513)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-15 03:56
VLAI?
EPSS
Summary
Use after free in Input in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
Severity ?
8.3 (High)
CWE
- CWE-416 - Use after free
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8513",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T03:56:55.205Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "148.0.7778.168",
"status": "affected",
"version": "148.0.7778.168",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free in Input in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use after free",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:52:11.781Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/495939973"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8513",
"datePublished": "2026-05-14T19:52:11.781Z",
"dateReserved": "2026-05-14T05:40:11.173Z",
"dateUpdated": "2026-05-15T03:56:55.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-45494 (GCVE-0-2026-45494)
Vulnerability from cvelistv5 – Published: 2026-05-18 17:03 – Updated: 2026-06-19 16:13
VLAI?
EPSS
Title
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Summary
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft Edge (Chromium-based) |
Affected:
1.0.0.0 , < 148.0.3967.70
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-45494",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-19T12:21:19.162772Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-19T12:21:44.593Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Edge (Chromium-based)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "148.0.3967.70",
"status": "affected",
"version": "1.0.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*",
"versionEndExcluding": "148.0.3967.70",
"versionStartIncluding": "1.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-05-15T14:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Edge (Chromium-based) Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-19T16:13:08.567Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Edge (Chromium-based) Spoofing Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45494"
}
],
"title": "Microsoft Edge (Chromium-based) Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-45494",
"datePublished": "2026-05-18T17:03:17.703Z",
"dateReserved": "2026-05-12T16:07:22.618Z",
"dateUpdated": "2026-06-19T16:13:08.567Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8551 (GCVE-0-2026-8551)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-15 03:56
VLAI?
EPSS
Summary
Use after free in Downloads in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Severity ?
8.8 (High)
CWE
- CWE-416 - Use after free
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8551",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T03:56:26.963Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "148.0.7778.168",
"status": "affected",
"version": "148.0.7778.168",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free in Downloads in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use after free",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:52:26.497Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/498376171"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8551",
"datePublished": "2026-05-14T19:52:26.497Z",
"dateReserved": "2026-05-14T05:40:20.222Z",
"dateUpdated": "2026-05-15T03:56:26.963Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8527 (GCVE-0-2026-8527)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-15 03:57
VLAI?
EPSS
Summary
Insufficient validation of untrusted input in Downloads in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Severity ?
8.8 (High)
CWE
- CWE-20 - Insufficient validation of untrusted input
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8527",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T03:57:32.649Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "148.0.7778.168",
"status": "affected",
"version": "148.0.7778.168",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient validation of untrusted input in Downloads in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Insufficient validation of untrusted input",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:52:17.971Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/486761172"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8527",
"datePublished": "2026-05-14T19:52:17.971Z",
"dateReserved": "2026-05-14T05:40:14.638Z",
"dateUpdated": "2026-05-15T03:57:32.649Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8567 (GCVE-0-2026-8567)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-14 21:24
VLAI?
EPSS
Summary
Integer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Medium)
Severity ?
4.3 (Medium)
CWE
- CWE-472 - Integer overflow
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8567",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T21:24:04.328071Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T21:24:07.166Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "148.0.7778.168",
"status": "affected",
"version": "148.0.7778.168",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Medium)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-472",
"description": "Integer overflow",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:52:31.885Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/484986863"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8567",
"datePublished": "2026-05-14T19:52:31.885Z",
"dateReserved": "2026-05-14T05:40:23.854Z",
"dateUpdated": "2026-05-14T21:24:07.166Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8533 (GCVE-0-2026-8533)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-15 03:57
VLAI?
EPSS
Summary
Use after free in Accessibility in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Severity ?
8.3 (High)
CWE
- CWE-416 - Use after free
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8533",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T03:57:04.440Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "148.0.7778.168",
"status": "affected",
"version": "148.0.7778.168",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free in Accessibility in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use after free",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:52:20.129Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/495247950"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8533",
"datePublished": "2026-05-14T19:52:20.129Z",
"dateReserved": "2026-05-14T05:40:16.035Z",
"dateUpdated": "2026-05-15T03:57:04.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8512 (GCVE-0-2026-8512)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-15 03:56
VLAI?
EPSS
Summary
Use after free in FileSystem in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
Severity ?
8.3 (High)
CWE
- CWE-416 - Use after free
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8512",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T03:56:53.683Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "148.0.7778.168",
"status": "affected",
"version": "148.0.7778.168",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free in FileSystem in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use after free",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:52:11.336Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/495782021"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8512",
"datePublished": "2026-05-14T19:52:11.336Z",
"dateReserved": "2026-05-14T05:40:10.867Z",
"dateUpdated": "2026-05-15T03:56:53.683Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8560 (GCVE-0-2026-8560)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-14 21:26
VLAI?
EPSS
Summary
Heap buffer overflow in SwiftShader in Google Chrome on Mac and iOS prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)
Severity ?
4.3 (Medium)
CWE
- CWE-122 - Heap buffer overflow
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8560",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T21:26:35.490867Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T21:26:38.113Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "148.0.7778.168",
"status": "affected",
"version": "148.0.7778.168",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap buffer overflow in SwiftShader in Google Chrome on Mac and iOS prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap buffer overflow",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:52:29.403Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/328109821"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8560",
"datePublished": "2026-05-14T19:52:29.403Z",
"dateReserved": "2026-05-14T05:40:22.296Z",
"dateUpdated": "2026-05-14T21:26:38.113Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8573 (GCVE-0-2026-8573)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-15 03:57
VLAI?
EPSS
Summary
Integer overflow in Codecs in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. (Chromium security severity: Medium)
Severity ?
8.3 (High)
CWE
- CWE-472 - Integer overflow
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8573",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T03:57:14.707Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "148.0.7778.168",
"status": "affected",
"version": "148.0.7778.168",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in Codecs in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. (Chromium security severity: Medium)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-472",
"description": "Integer overflow",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:52:34.163Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/495417883"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8573",
"datePublished": "2026-05-14T19:52:34.163Z",
"dateReserved": "2026-05-14T05:40:25.174Z",
"dateUpdated": "2026-05-15T03:57:14.707Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8554 (GCVE-0-2026-8554)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-15 13:57
VLAI?
EPSS
Summary
Type Confusion in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
Severity ?
CWE
- CWE-843 - Type Confusion
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8554",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-15T13:57:32.310923Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T13:57:48.950Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "148.0.7778.168",
"status": "affected",
"version": "148.0.7778.168",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Type Confusion in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-843",
"description": "Type Confusion",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:52:27.539Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/499131214"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8554",
"datePublished": "2026-05-14T19:52:27.539Z",
"dateReserved": "2026-05-14T05:40:20.872Z",
"dateUpdated": "2026-05-15T13:57:48.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8586 (GCVE-0-2026-8586)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-15 13:42
VLAI?
EPSS
Summary
Inappropriate implementation in Chromoting in Google Chrome prior to 148.0.7778.168 allowed a local attacker to bypass discretionary access control via a malicious file. (Chromium security severity: Medium)
Severity ?
5.5 (Medium)
CWE
- Inappropriate implementation
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8586",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-15T13:42:10.372325Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T13:42:14.929Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "148.0.7778.168",
"status": "affected",
"version": "148.0.7778.168",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Inappropriate implementation in Chromoting in Google Chrome prior to 148.0.7778.168 allowed a local attacker to bypass discretionary access control via a malicious file. (Chromium security severity: Medium)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Inappropriate implementation",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:52:44.940Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/499154022"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8586",
"datePublished": "2026-05-14T19:52:44.940Z",
"dateReserved": "2026-05-14T05:40:28.165Z",
"dateUpdated": "2026-05-15T13:42:14.929Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8548 (GCVE-0-2026-8548)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-15 09:55
VLAI?
EPSS
Summary
Out of bounds write in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Severity ?
8.3 (High)
CWE
- CWE-787 - Out of bounds write
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8548",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-15T03:57:21.890179Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T09:55:34.464Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "148.0.7778.168",
"status": "affected",
"version": "148.0.7778.168",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out of bounds write in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out of bounds write",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:52:25.509Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/497821764"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8548",
"datePublished": "2026-05-14T19:52:25.509Z",
"dateReserved": "2026-05-14T05:40:19.616Z",
"dateUpdated": "2026-05-15T09:55:34.464Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8549 (GCVE-0-2026-8549)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-15 03:56
VLAI?
EPSS
Summary
Use after free in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Severity ?
8.8 (High)
CWE
- CWE-416 - Use after free
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8549",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T03:56:28.566Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "148.0.7778.168",
"status": "affected",
"version": "148.0.7778.168",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use after free",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:52:25.821Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/497985088"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8549",
"datePublished": "2026-05-14T19:52:25.821Z",
"dateReserved": "2026-05-14T05:40:19.822Z",
"dateUpdated": "2026-05-15T03:56:28.566Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8553 (GCVE-0-2026-8553)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-14 21:27
VLAI?
EPSS
Summary
Use after free in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
Severity ?
CWE
- CWE-416 - Use after free
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8553",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T21:27:23.118047Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T21:27:25.708Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "148.0.7778.168",
"status": "affected",
"version": "148.0.7778.168",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use after free",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:52:27.191Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/498715368"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8553",
"datePublished": "2026-05-14T19:52:27.191Z",
"dateReserved": "2026-05-14T05:40:20.657Z",
"dateUpdated": "2026-05-14T21:27:25.708Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8579 (GCVE-0-2026-8579)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-15 13:43
VLAI?
EPSS
Summary
Insufficient validation of untrusted input in Skia in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted print file. (Chromium security severity: Medium)
Severity ?
CWE
- CWE-20 - Insufficient validation of untrusted input
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8579",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-15T13:43:05.368279Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T13:43:09.060Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "148.0.7778.168",
"status": "affected",
"version": "148.0.7778.168",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient validation of untrusted input in Skia in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted print file. (Chromium security severity: Medium)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Insufficient validation of untrusted input",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:52:41.555Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/496526419"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8579",
"datePublished": "2026-05-14T19:52:41.555Z",
"dateReserved": "2026-05-14T05:40:26.531Z",
"dateUpdated": "2026-05-15T13:43:09.060Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8546 (GCVE-0-2026-8546)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-14 21:28
VLAI?
EPSS
Summary
Out of bounds read in GPU in Google Chrome on Mac and Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
Severity ?
5.3 (Medium)
CWE
- CWE-125 - Out of bounds read
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8546",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T21:28:30.170755Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T21:28:32.629Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "148.0.7778.168",
"status": "affected",
"version": "148.0.7778.168",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out of bounds read in GPU in Google Chrome on Mac and Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out of bounds read",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:52:24.844Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/497531791"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8546",
"datePublished": "2026-05-14T19:52:24.844Z",
"dateReserved": "2026-05-14T05:40:19.177Z",
"dateUpdated": "2026-05-14T21:28:32.629Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8578 (GCVE-0-2026-8578)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-15 13:43
VLAI?
EPSS
Summary
Out of bounds read in GPU in Google Chrome on Linux prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
Severity ?
CWE
- CWE-125 - Out of bounds read
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8578",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-15T13:43:38.706896Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T13:43:42.339Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "148.0.7778.168",
"status": "affected",
"version": "148.0.7778.168",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out of bounds read in GPU in Google Chrome on Linux prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out of bounds read",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:52:41.007Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/496395450"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8578",
"datePublished": "2026-05-14T19:52:41.007Z",
"dateReserved": "2026-05-14T05:40:26.282Z",
"dateUpdated": "2026-05-15T13:43:42.339Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8580 (GCVE-0-2026-8580)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-15 03:56
VLAI?
EPSS
Summary
Use after free in Mojo in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
Severity ?
9.6 (Critical)
CWE
- CWE-416 - Use after free
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8580",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T03:56:50.582Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "148.0.7778.168",
"status": "affected",
"version": "148.0.7778.168",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free in Mojo in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use after free",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:52:41.972Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/496639647"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8580",
"datePublished": "2026-05-14T19:52:41.972Z",
"dateReserved": "2026-05-14T05:40:26.773Z",
"dateUpdated": "2026-05-15T03:56:50.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8572 (GCVE-0-2026-8572)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-15 13:45
VLAI?
EPSS
Summary
Insufficient policy enforcement in Network in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
Severity ?
CWE
- Insufficient policy enforcement
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8572",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-15T13:45:22.995146Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693 Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T13:45:57.495Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "148.0.7778.168",
"status": "affected",
"version": "148.0.7778.168",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient policy enforcement in Network in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insufficient policy enforcement",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:52:33.826Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/495405493"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8572",
"datePublished": "2026-05-14T19:52:33.826Z",
"dateReserved": "2026-05-14T05:40:24.932Z",
"dateUpdated": "2026-05-15T13:45:57.495Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8577 (GCVE-0-2026-8577)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-15 03:56
VLAI?
EPSS
Summary
Integer overflow in Fonts in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
Severity ?
8.8 (High)
CWE
- CWE-472 - Integer overflow
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8577",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T03:56:40.651Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "148.0.7778.168",
"status": "affected",
"version": "148.0.7778.168",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in Fonts in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-472",
"description": "Integer overflow",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:52:40.560Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/496302307"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8577",
"datePublished": "2026-05-14T19:52:40.560Z",
"dateReserved": "2026-05-14T05:40:26.059Z",
"dateUpdated": "2026-05-15T03:56:40.651Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8562 (GCVE-0-2026-8562)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-15 13:49
VLAI?
EPSS
Summary
Side-channel information leakage in Navigation in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
Severity ?
4.3 (Medium)
CWE
- CWE-1300 - Side-channel information leakage
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8562",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-15T13:49:21.476328Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T13:49:38.991Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "148.0.7778.168",
"status": "affected",
"version": "148.0.7778.168",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Side-channel information leakage in Navigation in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1300",
"description": "Side-channel information leakage",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:52:30.209Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/40057534"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8562",
"datePublished": "2026-05-14T19:52:30.209Z",
"dateReserved": "2026-05-14T05:40:22.711Z",
"dateUpdated": "2026-05-15T13:49:38.991Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8563 (GCVE-0-2026-8563)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-15 15:21
VLAI?
EPSS
Summary
Insufficient policy enforcement in IFrame Sandbox in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
Severity ?
4.3 (Medium)
CWE
- Insufficient policy enforcement
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8563",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-15T15:21:14.619080Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693 Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T15:21:48.835Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "148.0.7778.168",
"status": "affected",
"version": "148.0.7778.168",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient policy enforcement in IFrame Sandbox in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insufficient policy enforcement",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:52:30.542Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/40061220"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8563",
"datePublished": "2026-05-14T19:52:30.542Z",
"dateReserved": "2026-05-14T05:40:22.929Z",
"dateUpdated": "2026-05-15T15:21:48.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8557 (GCVE-0-2026-8557)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-15 03:56
VLAI?
EPSS
Summary
Use after free in Accessibility in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: High)
Severity ?
7.5 (High)
CWE
- CWE-416 - Use after free
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8557",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T03:56:47.325Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "148.0.7778.168",
"status": "affected",
"version": "148.0.7778.168",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free in Accessibility in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use after free",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:52:28.723Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/502978647"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8557",
"datePublished": "2026-05-14T19:52:28.723Z",
"dateReserved": "2026-05-14T05:40:21.510Z",
"dateUpdated": "2026-05-15T03:56:47.325Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8509 (GCVE-0-2026-8509)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-15 03:56
VLAI?
EPSS
Summary
Heap buffer overflow in WebML in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Critical)
Severity ?
8.8 (High)
CWE
- CWE-122 - Heap buffer overflow
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8509",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T03:56:36.011Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "148.0.7778.168",
"status": "affected",
"version": "148.0.7778.168",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap buffer overflow in WebML in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Critical)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap buffer overflow",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:52:09.937Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/493310462"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8509",
"datePublished": "2026-05-14T19:52:09.937Z",
"dateReserved": "2026-05-14T05:40:09.815Z",
"dateUpdated": "2026-05-15T03:56:36.011Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8517 (GCVE-0-2026-8517)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-14 20:44
VLAI?
EPSS
Summary
Object lifecycle issue in WebShare in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
Severity ?
8.8 (High)
CWE
- Object lifecycle issue
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8517",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T20:44:32.267007Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-664",
"description": "CWE-664 Improper Control of a Resource Through its Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T20:44:55.382Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "148.0.7778.168",
"status": "affected",
"version": "148.0.7778.168",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Object lifecycle issue in WebShare in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Object lifecycle issue",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:52:13.680Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/497531263"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8517",
"datePublished": "2026-05-14T19:52:13.680Z",
"dateReserved": "2026-05-14T05:40:12.153Z",
"dateUpdated": "2026-05-14T20:44:55.382Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8532 (GCVE-0-2026-8532)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-15 03:56
VLAI?
EPSS
Summary
Integer overflow in XML in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Severity ?
8.8 (High)
CWE
- CWE-472 - Integer overflow
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8532",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T03:56:39.106Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "148.0.7778.168",
"status": "affected",
"version": "148.0.7778.168",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in XML in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-472",
"description": "Integer overflow",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:52:19.780Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/492812194"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8532",
"datePublished": "2026-05-14T19:52:19.780Z",
"dateReserved": "2026-05-14T05:40:15.754Z",
"dateUpdated": "2026-05-15T03:56:39.106Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8528 (GCVE-0-2026-8528)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-15 15:20
VLAI?
EPSS
Summary
Insufficient validation of untrusted input in SiteIsolation in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to bypass Site Isolation via a crafted HTML page. (Chromium security severity: High)
Severity ?
4.3 (Medium)
CWE
- CWE-20 - Insufficient validation of untrusted input
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8528",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-15T15:18:51.182793Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T15:20:05.905Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "148.0.7778.168",
"status": "affected",
"version": "148.0.7778.168",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient validation of untrusted input in SiteIsolation in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to bypass Site Isolation via a crafted HTML page. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Insufficient validation of untrusted input",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:52:18.402Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/487795397"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8528",
"datePublished": "2026-05-14T19:52:18.402Z",
"dateReserved": "2026-05-14T05:40:14.869Z",
"dateUpdated": "2026-05-15T15:20:05.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8545 (GCVE-0-2026-8545)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-15 13:48
VLAI?
EPSS
Summary
Object corruption in Compositing in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
Severity ?
CWE
- Object corruption
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8545",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-15T13:47:45.640165Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T13:48:12.428Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "148.0.7778.168",
"status": "affected",
"version": "148.0.7778.168",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Object corruption in Compositing in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Object corruption",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:52:24.457Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/497486030"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8545",
"datePublished": "2026-05-14T19:52:24.457Z",
"dateReserved": "2026-05-14T05:40:18.959Z",
"dateUpdated": "2026-05-15T13:48:12.428Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8539 (GCVE-0-2026-8539)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-14 21:29
VLAI?
EPSS
Summary
Script injection in SanitizerAPI in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: High)
Severity ?
5.4 (Medium)
CWE
- CWE-94 - Script injection
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8539",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T21:29:44.735835Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T21:29:58.440Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "148.0.7778.168",
"status": "affected",
"version": "148.0.7778.168",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Script injection in SanitizerAPI in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Script injection",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:52:22.336Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/496524586"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8539",
"datePublished": "2026-05-14T19:52:22.336Z",
"dateReserved": "2026-05-14T05:40:17.478Z",
"dateUpdated": "2026-05-14T21:29:58.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8555 (GCVE-0-2026-8555)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-15 03:56
VLAI?
EPSS
Summary
Use after free in GTK in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Severity ?
8.8 (High)
CWE
- CWE-416 - Use after free
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8555",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T03:56:25.311Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "148.0.7778.168",
"status": "affected",
"version": "148.0.7778.168",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free in GTK in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use after free",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:52:28.014Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/500033878"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8555",
"datePublished": "2026-05-14T19:52:28.014Z",
"dateReserved": "2026-05-14T05:40:21.091Z",
"dateUpdated": "2026-05-15T03:56:25.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8515 (GCVE-0-2026-8515)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-15 03:56
VLAI?
EPSS
Summary
Use after free in HID in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
Severity ?
8.3 (High)
CWE
- CWE-416 - Use after free
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8515",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T03:56:58.251Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "148.0.7778.168",
"status": "affected",
"version": "148.0.7778.168",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free in HID in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use after free",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:52:12.912Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/495999127"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8515",
"datePublished": "2026-05-14T19:52:12.912Z",
"dateReserved": "2026-05-14T05:40:11.666Z",
"dateUpdated": "2026-05-15T03:56:58.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8538 (GCVE-0-2026-8538)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-14 21:30
VLAI?
EPSS
Summary
Insufficient validation of untrusted input in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform a denial of service via a crafted HTML page. (Chromium security severity: High)
Severity ?
5.3 (Medium)
CWE
- CWE-20 - Insufficient validation of untrusted input
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8538",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T21:30:23.708331Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T21:30:26.286Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "148.0.7778.168",
"status": "affected",
"version": "148.0.7778.168",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient validation of untrusted input in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform a denial of service via a crafted HTML page. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Insufficient validation of untrusted input",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:52:22.021Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/496415073"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8538",
"datePublished": "2026-05-14T19:52:22.021Z",
"dateReserved": "2026-05-14T05:40:17.244Z",
"dateUpdated": "2026-05-14T21:30:26.286Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8570 (GCVE-0-2026-8570)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-14 21:23
VLAI?
EPSS
Summary
Type Confusion in V8 in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
Severity ?
6.5 (Medium)
CWE
- CWE-843 - Type Confusion
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8570",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T21:23:21.934978Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T21:23:37.726Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "148.0.7778.168",
"status": "affected",
"version": "148.0.7778.168",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Type Confusion in V8 in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-843",
"description": "Type Confusion",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:52:33.145Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/490353576"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8570",
"datePublished": "2026-05-14T19:52:33.145Z",
"dateReserved": "2026-05-14T05:40:24.526Z",
"dateUpdated": "2026-05-14T21:23:37.726Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8510 (GCVE-0-2026-8510)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-15 03:57
VLAI?
EPSS
Summary
Integer overflow in Skia in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
Severity ?
7.5 (High)
CWE
- CWE-472 - Integer overflow
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8510",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T03:57:26.849Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "148.0.7778.168",
"status": "affected",
"version": "148.0.7778.168",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in Skia in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-472",
"description": "Integer overflow",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:52:10.435Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/502636904"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8510",
"datePublished": "2026-05-14T19:52:10.435Z",
"dateReserved": "2026-05-14T05:40:10.193Z",
"dateUpdated": "2026-05-15T03:57:26.849Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8531 (GCVE-0-2026-8531)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-15 03:57
VLAI?
EPSS
Summary
Heap buffer overflow in WebML in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Severity ?
8.8 (High)
CWE
- CWE-122 - Heap buffer overflow
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8531",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T03:57:34.081Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "148.0.7778.168",
"status": "affected",
"version": "148.0.7778.168",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap buffer overflow in WebML in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap buffer overflow",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:52:19.441Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/492350403"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8531",
"datePublished": "2026-05-14T19:52:19.441Z",
"dateReserved": "2026-05-14T05:40:15.548Z",
"dateUpdated": "2026-05-15T03:57:34.081Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8584 (GCVE-0-2026-8584)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-14 21:20
VLAI?
EPSS
Summary
Inappropriate implementation in Views in Google Chrome on iOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Severity ?
4.2 (Medium)
CWE
- Inappropriate implementation
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8584",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T21:20:54.142837Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-451",
"description": "CWE-451 User Interface (UI) Misrepresentation of Critical Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T21:20:57.642Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "148.0.7778.168",
"status": "affected",
"version": "148.0.7778.168",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Inappropriate implementation in Views in Google Chrome on iOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Inappropriate implementation",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:52:44.066Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/498892595"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8584",
"datePublished": "2026-05-14T19:52:44.066Z",
"dateReserved": "2026-05-14T05:40:27.782Z",
"dateUpdated": "2026-05-14T21:20:57.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8558 (GCVE-0-2026-8558)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-15 20:03
VLAI?
EPSS
Summary
Out of bounds write in Fonts in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Severity ?
8.8 (High)
CWE
- CWE-787 - Out of bounds write
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8558",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-15T03:57:29.354173Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T20:03:45.688Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "148.0.7778.168",
"status": "affected",
"version": "148.0.7778.168",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out of bounds write in Fonts in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out of bounds write",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:52:16.369Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/503425922"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8558",
"datePublished": "2026-05-14T19:52:16.369Z",
"dateReserved": "2026-05-14T05:40:21.756Z",
"dateUpdated": "2026-05-15T20:03:45.688Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8525 (GCVE-0-2026-8525)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-15 03:57
VLAI?
EPSS
Summary
Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Severity ?
8.3 (High)
CWE
- CWE-122 - Heap buffer overflow
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8525",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T03:57:17.694Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "148.0.7778.168",
"status": "affected",
"version": "148.0.7778.168",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap buffer overflow",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:52:17.052Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/497928952"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8525",
"datePublished": "2026-05-14T19:52:17.052Z",
"dateReserved": "2026-05-14T05:40:14.052Z",
"dateUpdated": "2026-05-15T03:57:17.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-45492 (GCVE-0-2026-45492)
Vulnerability from cvelistv5 – Published: 2026-05-18 17:03 – Updated: 2026-06-19 16:13
VLAI?
EPSS
Title
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Summary
Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft Edge (Chromium-based) |
Affected:
1.0.0.0 , < 148.0.3967.70
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-45492",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-18T17:57:23.154129Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T17:57:30.046Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Edge (Chromium-based)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "148.0.3967.70",
"status": "affected",
"version": "1.0.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*",
"versionEndExcluding": "148.0.3967.70",
"versionStartIncluding": "1.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-05-15T14:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-19T16:13:07.993Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45492"
}
],
"title": "Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-45492",
"datePublished": "2026-05-18T17:03:16.830Z",
"dateReserved": "2026-05-12T16:07:22.618Z",
"dateUpdated": "2026-06-19T16:13:07.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8582 (GCVE-0-2026-8582)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-14 21:22
VLAI?
EPSS
Summary
Object lifecycle issue in Dawn in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
Severity ?
5.3 (Medium)
CWE
- Object lifecycle issue
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8582",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T21:21:56.071927Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-664",
"description": "CWE-664 Improper Control of a Resource Through its Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T21:22:22.262Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "148.0.7778.168",
"status": "affected",
"version": "148.0.7778.168",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Object lifecycle issue in Dawn in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Object lifecycle issue",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:52:43.141Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/497594413"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8582",
"datePublished": "2026-05-14T19:52:43.141Z",
"dateReserved": "2026-05-14T05:40:27.289Z",
"dateUpdated": "2026-05-14T21:22:22.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8569 (GCVE-0-2026-8569)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-15 03:57
VLAI?
EPSS
Summary
Out of bounds write in Codecs in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. (Chromium security severity: Medium)
Severity ?
8.3 (High)
CWE
- CWE-787 - Out of bounds write
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8569",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T03:57:22.267Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "148.0.7778.168",
"status": "affected",
"version": "148.0.7778.168",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out of bounds write in Codecs in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. (Chromium security severity: Medium)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out of bounds write",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:52:32.577Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/490229299"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8569",
"datePublished": "2026-05-14T19:52:32.577Z",
"dateReserved": "2026-05-14T05:40:24.317Z",
"dateUpdated": "2026-05-15T03:57:22.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8556 (GCVE-0-2026-8556)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-15 13:48
VLAI?
EPSS
Summary
Inappropriate implementation in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
Severity ?
CWE
- Inappropriate implementation
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8556",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-15T13:48:28.035127Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T13:48:53.552Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "148.0.7778.168",
"status": "affected",
"version": "148.0.7778.168",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Inappropriate implementation in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Inappropriate implementation",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:52:28.374Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/500052361"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8556",
"datePublished": "2026-05-14T19:52:28.374Z",
"dateReserved": "2026-05-14T05:40:21.308Z",
"dateUpdated": "2026-05-15T13:48:53.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8552 (GCVE-0-2026-8552)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-14 21:27
VLAI?
EPSS
Summary
Heap buffer overflow in GPU in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
Severity ?
4.3 (Medium)
CWE
- CWE-122 - Heap buffer overflow
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8552",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T21:27:47.605950Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T21:27:51.142Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "148.0.7778.168",
"status": "affected",
"version": "148.0.7778.168",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap buffer overflow in GPU in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap buffer overflow",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:52:26.821Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/498706958"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8552",
"datePublished": "2026-05-14T19:52:26.821Z",
"dateReserved": "2026-05-14T05:40:20.436Z",
"dateUpdated": "2026-05-14T21:27:51.142Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8561 (GCVE-0-2026-8561)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-14 21:26
VLAI?
EPSS
Summary
Incorrect security UI in Fullscreen in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Severity ?
5.4 (Medium)
CWE
- Incorrect security UI
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8561",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T21:26:10.952716Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-451",
"description": "CWE-451 User Interface (UI) Misrepresentation of Critical Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T21:26:14.082Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "148.0.7778.168",
"status": "affected",
"version": "148.0.7778.168",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect security UI in Fullscreen in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect security UI",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:52:29.824Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/343352552"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8561",
"datePublished": "2026-05-14T19:52:29.824Z",
"dateReserved": "2026-05-14T05:40:22.497Z",
"dateUpdated": "2026-05-14T21:26:14.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8544 (GCVE-0-2026-8544)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-15 03:56
VLAI?
EPSS
Summary
Use after free in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Severity ?
8.8 (High)
CWE
- CWE-416 - Use after free
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8544",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T03:56:30.076Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "148.0.7778.168",
"status": "affected",
"version": "148.0.7778.168",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use after free",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:52:24.099Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/497151750"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8544",
"datePublished": "2026-05-14T19:52:24.099Z",
"dateReserved": "2026-05-14T05:40:18.744Z",
"dateUpdated": "2026-05-15T03:56:30.076Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8576 (GCVE-0-2026-8576)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-15 13:44
VLAI?
EPSS
Summary
Inappropriate implementation in CORS in Google Chrome on Linux and ChromeOS prior to 148.0.7778.168 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
Severity ?
4.3 (Medium)
CWE
- Inappropriate implementation
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8576",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-15T13:44:14.371676Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-942",
"description": "CWE-942 Permissive Cross-domain Policy with Untrusted Domains",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T13:44:41.044Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "148.0.7778.168",
"status": "affected",
"version": "148.0.7778.168",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Inappropriate implementation in CORS in Google Chrome on Linux and ChromeOS prior to 148.0.7778.168 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Inappropriate implementation",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:52:40.085Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/496231853"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8576",
"datePublished": "2026-05-14T19:52:40.085Z",
"dateReserved": "2026-05-14T05:40:25.807Z",
"dateUpdated": "2026-05-15T13:44:41.044Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-45495 (GCVE-0-2026-45495)
Vulnerability from cvelistv5 – Published: 2026-05-18 17:03 – Updated: 2026-06-19 16:13
VLAI?
EPSS
Title
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Summary
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Severity ?
CWE
- CWE-35 - Path Traversal: '.../...//'
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft Edge (Chromium-based) |
Affected:
1.0.0.0 , < 148.0.3967.70
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-45495",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-18T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-19T03:55:53.029Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Edge (Chromium-based)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "148.0.3967.70",
"status": "affected",
"version": "1.0.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*",
"versionEndExcluding": "148.0.3967.70",
"versionStartIncluding": "1.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-05-15T14:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-35",
"description": "CWE-35: Path Traversal: \u0027.../...//\u0027",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-19T16:13:09.041Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45495"
}
],
"title": "Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-45495",
"datePublished": "2026-05-18T17:03:18.245Z",
"dateReserved": "2026-05-12T16:07:22.618Z",
"dateUpdated": "2026-06-19T16:13:09.041Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8587 (GCVE-0-2026-8587)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-15 03:56
VLAI?
EPSS
Summary
Use after free in Extensions in Google Chrome on Mac prior to 148.0.7778.168 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Medium)
Severity ?
8.8 (High)
CWE
- CWE-416 - Use after free
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8587",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T03:56:23.086Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "148.0.7778.168",
"status": "affected",
"version": "148.0.7778.168",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free in Extensions in Google Chrome on Mac prior to 148.0.7778.168 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Medium)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use after free",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:52:45.474Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/507356235"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8587",
"datePublished": "2026-05-14T19:52:45.474Z",
"dateReserved": "2026-05-14T05:40:28.363Z",
"dateUpdated": "2026-05-15T03:56:23.086Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8519 (GCVE-0-2026-8519)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-15 03:57
VLAI?
EPSS
Summary
Integer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
Severity ?
8.8 (High)
CWE
- CWE-472 - Integer overflow
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8519",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T03:57:25.329Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "148.0.7778.168",
"status": "affected",
"version": "148.0.7778.168",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-472",
"description": "Integer overflow",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:52:14.583Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/498400132"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8519",
"datePublished": "2026-05-14T19:52:14.583Z",
"dateReserved": "2026-05-14T05:40:12.596Z",
"dateUpdated": "2026-05-15T03:57:25.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8530 (GCVE-0-2026-8530)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-15 03:57
VLAI?
EPSS
Summary
Use after free in Network in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Severity ?
8.3 (High)
CWE
- CWE-416 - Use after free
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8530",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T03:57:02.496Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "148.0.7778.168",
"status": "affected",
"version": "148.0.7778.168",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free in Network in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use after free",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:52:19.110Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/491930142"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8530",
"datePublished": "2026-05-14T19:52:19.110Z",
"dateReserved": "2026-05-14T05:40:15.331Z",
"dateUpdated": "2026-05-15T03:57:02.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8540 (GCVE-0-2026-8540)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-15 03:56
VLAI?
EPSS
Summary
Type Confusion in V8 in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Severity ?
8.8 (High)
CWE
- CWE-843 - Type Confusion
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8540",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T03:56:45.589Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "148.0.7778.168",
"status": "affected",
"version": "148.0.7778.168",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Type Confusion in V8 in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-843",
"description": "Type Confusion",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:52:22.691Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
},
{
"url": "https://issues.chromium.org/issues/496627235"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2026-8540",
"datePublished": "2026-05-14T19:52:22.691Z",
"dateReserved": "2026-05-14T05:40:17.740Z",
"dateUpdated": "2026-05-15T03:56:45.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…