Search

Find a vulnerability

Search criteria

    5411 vulnerabilities found for Chrome by Google

    CVE-2026-14432 (GCVE-0-2026-14432)

    Vulnerability from nvd – Published: 2026-07-01 22:22 – Updated: 2026-07-03 03:55
    VLAI
    Summary
    Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Google Chrome Affected: 150.0.7871.46 , < 150.0.7871.46 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14432",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-03T03:55:55.928Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Chrome",
              "vendor": "Google",
              "versions": [
                {
                  "lessThan": "150.0.7871.46",
                  "status": "affected",
                  "version": "150.0.7871.46",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "Use after free",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T22:22:06.356Z",
            "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            "shortName": "Chrome"
          },
          "references": [
            {
              "url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html"
            },
            {
              "url": "https://issues.chromium.org/issues/524290062"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "assignerShortName": "Chrome",
        "cveId": "CVE-2026-14432",
        "datePublished": "2026-07-01T22:22:06.356Z",
        "dateReserved": "2026-07-01T21:37:35.884Z",
        "dateUpdated": "2026-07-03T03:55:55.928Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14431 (GCVE-0-2026-14431)

    Vulnerability from nvd – Published: 2026-07-01 22:21 – Updated: 2026-07-03 03:55
    VLAI
    Summary
    Type Confusion in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Google Chrome Affected: 150.0.7871.46 , < 150.0.7871.46 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14431",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-03T03:55:52.469Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Chrome",
              "vendor": "Google",
              "versions": [
                {
                  "lessThan": "150.0.7871.46",
                  "status": "affected",
                  "version": "150.0.7871.46",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Type Confusion in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-843",
                  "description": "Type Confusion",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T22:21:57.301Z",
            "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            "shortName": "Chrome"
          },
          "references": [
            {
              "url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html"
            },
            {
              "url": "https://issues.chromium.org/issues/523884658"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "assignerShortName": "Chrome",
        "cveId": "CVE-2026-14431",
        "datePublished": "2026-07-01T22:21:57.301Z",
        "dateReserved": "2026-07-01T21:37:35.658Z",
        "dateUpdated": "2026-07-03T03:55:52.469Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14430 (GCVE-0-2026-14430)

    Vulnerability from nvd – Published: 2026-07-01 22:21 – Updated: 2026-07-03 03:55
    VLAI
    Summary
    Integer overflow in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Google Chrome Affected: 150.0.7871.46 , < 150.0.7871.46 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14430",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-03T03:55:49.325Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Chrome",
              "vendor": "Google",
              "versions": [
                {
                  "lessThan": "150.0.7871.46",
                  "status": "affected",
                  "version": "150.0.7871.46",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Integer overflow in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-472",
                  "description": "Integer overflow",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T22:21:49.181Z",
            "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            "shortName": "Chrome"
          },
          "references": [
            {
              "url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html"
            },
            {
              "url": "https://issues.chromium.org/issues/522126182"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "assignerShortName": "Chrome",
        "cveId": "CVE-2026-14430",
        "datePublished": "2026-07-01T22:21:49.181Z",
        "dateReserved": "2026-07-01T21:37:35.425Z",
        "dateUpdated": "2026-07-03T03:55:49.325Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14429 (GCVE-0-2026-14429)

    Vulnerability from nvd – Published: 2026-07-01 22:21 – Updated: 2026-07-03 03:55
    VLAI
    Summary
    Insufficient validation of untrusted input in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Insufficient validation of untrusted input
    Assigner
    Impacted products
    Vendor Product Version
    Google Chrome Affected: 150.0.7871.46 , < 150.0.7871.46 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.3,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14429",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-03T03:55:40.801Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Chrome",
              "vendor": "Google",
              "versions": [
                {
                  "lessThan": "150.0.7871.46",
                  "status": "affected",
                  "version": "150.0.7871.46",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Insufficient validation of untrusted input in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "Insufficient validation of untrusted input",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T22:21:46.962Z",
            "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            "shortName": "Chrome"
          },
          "references": [
            {
              "url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html"
            },
            {
              "url": "https://issues.chromium.org/issues/520571816"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "assignerShortName": "Chrome",
        "cveId": "CVE-2026-14429",
        "datePublished": "2026-07-01T22:21:46.962Z",
        "dateReserved": "2026-07-01T21:37:35.174Z",
        "dateUpdated": "2026-07-03T03:55:40.801Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14428 (GCVE-0-2026-14428)

    Vulnerability from nvd – Published: 2026-07-01 22:21 – Updated: 2026-07-03 03:55
    VLAI
    Summary
    Insufficient validation of untrusted input in Dawn in Google Chrome on Android prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Insufficient validation of untrusted input
    Assigner
    Impacted products
    Vendor Product Version
    Google Chrome Affected: 150.0.7871.46 , < 150.0.7871.46 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.3,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14428",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-03T03:55:41.885Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Chrome",
              "vendor": "Google",
              "versions": [
                {
                  "lessThan": "150.0.7871.46",
                  "status": "affected",
                  "version": "150.0.7871.46",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Insufficient validation of untrusted input in Dawn in Google Chrome on Android prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "Insufficient validation of untrusted input",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T22:21:45.642Z",
            "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            "shortName": "Chrome"
          },
          "references": [
            {
              "url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html"
            },
            {
              "url": "https://issues.chromium.org/issues/520180257"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "assignerShortName": "Chrome",
        "cveId": "CVE-2026-14428",
        "datePublished": "2026-07-01T22:21:45.642Z",
        "dateReserved": "2026-07-01T21:37:34.935Z",
        "dateUpdated": "2026-07-03T03:55:41.885Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14427 (GCVE-0-2026-14427)

    Vulnerability from nvd – Published: 2026-07-01 22:21 – Updated: 2026-07-03 03:55
    VLAI
    Summary
    Heap buffer overflow in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Google Chrome Affected: 150.0.7871.46 , < 150.0.7871.46 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.3,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14427",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-03T03:55:45.106Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Chrome",
              "vendor": "Google",
              "versions": [
                {
                  "lessThan": "150.0.7871.46",
                  "status": "affected",
                  "version": "150.0.7871.46",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap buffer overflow in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "Heap buffer overflow",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T22:21:38.469Z",
            "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            "shortName": "Chrome"
          },
          "references": [
            {
              "url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html"
            },
            {
              "url": "https://issues.chromium.org/issues/520113415"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "assignerShortName": "Chrome",
        "cveId": "CVE-2026-14427",
        "datePublished": "2026-07-01T22:21:38.469Z",
        "dateReserved": "2026-07-01T21:37:34.705Z",
        "dateUpdated": "2026-07-03T03:55:45.106Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14426 (GCVE-0-2026-14426)

    Vulnerability from nvd – Published: 2026-07-01 22:22 – Updated: 2026-07-03 03:55
    VLAI
    Summary
    Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Google Chrome Affected: 150.0.7871.46 , < 150.0.7871.46 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14426",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-03T03:55:58.248Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Chrome",
              "vendor": "Google",
              "versions": [
                {
                  "lessThan": "150.0.7871.46",
                  "status": "affected",
                  "version": "150.0.7871.46",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "Use after free",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T22:22:07.471Z",
            "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            "shortName": "Chrome"
          },
          "references": [
            {
              "url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html"
            },
            {
              "url": "https://issues.chromium.org/issues/517981277"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "assignerShortName": "Chrome",
        "cveId": "CVE-2026-14426",
        "datePublished": "2026-07-01T22:22:07.471Z",
        "dateReserved": "2026-07-01T21:37:34.460Z",
        "dateUpdated": "2026-07-03T03:55:58.248Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14425 (GCVE-0-2026-14425)

    Vulnerability from nvd – Published: 2026-07-01 22:22 – Updated: 2026-07-03 03:55
    VLAI
    Summary
    Use after free in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Google Chrome Affected: 150.0.7871.46 , < 150.0.7871.46 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.6,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14425",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-03T03:55:18.925Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Chrome",
              "vendor": "Google",
              "versions": [
                {
                  "lessThan": "150.0.7871.46",
                  "status": "affected",
                  "version": "150.0.7871.46",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Use after free in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "Use after free",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T22:22:03.047Z",
            "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            "shortName": "Chrome"
          },
          "references": [
            {
              "url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html"
            },
            {
              "url": "https://issues.chromium.org/issues/517935753"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "assignerShortName": "Chrome",
        "cveId": "CVE-2026-14425",
        "datePublished": "2026-07-01T22:22:03.047Z",
        "dateReserved": "2026-07-01T21:37:34.249Z",
        "dateUpdated": "2026-07-03T03:55:18.925Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14424 (GCVE-0-2026-14424)

    Vulnerability from nvd – Published: 2026-07-01 22:22 – Updated: 2026-07-03 03:55
    VLAI
    Summary
    Use after free in Dawn in Google Chrome on Mac prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Google Chrome Affected: 150.0.7871.46 , < 150.0.7871.46 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.6,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14424",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-03T03:55:20.490Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Chrome",
              "vendor": "Google",
              "versions": [
                {
                  "lessThan": "150.0.7871.46",
                  "status": "affected",
                  "version": "150.0.7871.46",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Use after free in Dawn in Google Chrome on Mac prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "Use after free",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T22:22:03.616Z",
            "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            "shortName": "Chrome"
          },
          "references": [
            {
              "url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html"
            },
            {
              "url": "https://issues.chromium.org/issues/517692772"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "assignerShortName": "Chrome",
        "cveId": "CVE-2026-14424",
        "datePublished": "2026-07-01T22:22:03.616Z",
        "dateReserved": "2026-07-01T21:37:34.040Z",
        "dateUpdated": "2026-07-03T03:55:20.490Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14423 (GCVE-0-2026-14423)

    Vulnerability from nvd – Published: 2026-07-01 22:21 – Updated: 2026-07-03 03:55
    VLAI
    Summary
    Type Confusion in Tint in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Google Chrome Affected: 150.0.7871.46 , < 150.0.7871.46 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.6,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14423",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-03T03:55:25.907Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Chrome",
              "vendor": "Google",
              "versions": [
                {
                  "lessThan": "150.0.7871.46",
                  "status": "affected",
                  "version": "150.0.7871.46",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Type Confusion in Tint in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-843",
                  "description": "Type Confusion",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T22:21:56.787Z",
            "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            "shortName": "Chrome"
          },
          "references": [
            {
              "url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html"
            },
            {
              "url": "https://issues.chromium.org/issues/517522769"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "assignerShortName": "Chrome",
        "cveId": "CVE-2026-14423",
        "datePublished": "2026-07-01T22:21:56.787Z",
        "dateReserved": "2026-07-01T21:37:33.802Z",
        "dateUpdated": "2026-07-03T03:55:25.907Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14422 (GCVE-0-2026-14422)

    Vulnerability from nvd – Published: 2026-07-01 22:21 – Updated: 2026-07-02 16:56
    VLAI
    Summary
    Out of bounds read and write in Tint in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Out of bounds read and write
    • CWE-125 - Out-of-bounds Read
    • CWE-787 - Out-of-bounds Write
    Assigner
    Impacted products
    Vendor Product Version
    Google Chrome Affected: 150.0.7871.46 , < 150.0.7871.46 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14422",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T16:42:51.156836Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-125",
                    "description": "CWE-125 Out-of-bounds Read",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              },
              {
                "descriptions": [
                  {
                    "cweId": "CWE-787",
                    "description": "CWE-787 Out-of-bounds Write",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T16:56:39.292Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Chrome",
              "vendor": "Google",
              "versions": [
                {
                  "lessThan": "150.0.7871.46",
                  "status": "affected",
                  "version": "150.0.7871.46",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Out of bounds read and write in Tint in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Out of bounds read and write",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T22:21:50.264Z",
            "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            "shortName": "Chrome"
          },
          "references": [
            {
              "url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html"
            },
            {
              "url": "https://issues.chromium.org/issues/517225032"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "assignerShortName": "Chrome",
        "cveId": "CVE-2026-14422",
        "datePublished": "2026-07-01T22:21:50.264Z",
        "dateReserved": "2026-07-01T21:37:33.552Z",
        "dateUpdated": "2026-07-02T16:56:39.292Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14421 (GCVE-0-2026-14421)

    Vulnerability from nvd – Published: 2026-07-01 22:21 – Updated: 2026-07-02 00:31
    VLAI
    Summary
    Uninitialized Use in Dawn in Google Chrome on ChromeOS prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Google Chrome Affected: 150.0.7871.46 , < 150.0.7871.46 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14421",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T00:31:10.535369Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T00:31:27.782Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Chrome",
              "vendor": "Google",
              "versions": [
                {
                  "lessThan": "150.0.7871.46",
                  "status": "affected",
                  "version": "150.0.7871.46",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Uninitialized Use in Dawn in Google Chrome on ChromeOS prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-457",
                  "description": "Uninitialized Use",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T22:21:59.566Z",
            "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            "shortName": "Chrome"
          },
          "references": [
            {
              "url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html"
            },
            {
              "url": "https://issues.chromium.org/issues/517033235"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "assignerShortName": "Chrome",
        "cveId": "CVE-2026-14421",
        "datePublished": "2026-07-01T22:21:59.566Z",
        "dateReserved": "2026-07-01T21:37:33.334Z",
        "dateUpdated": "2026-07-02T00:31:27.782Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14420 (GCVE-0-2026-14420)

    Vulnerability from nvd – Published: 2026-07-01 22:21 – Updated: 2026-07-03 03:55
    VLAI
    Summary
    Out of bounds read and write in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Out of bounds read and write
    • CWE-125 - Out-of-bounds Read
    • CWE-787 - Out-of-bounds Write
    Assigner
    Impacted products
    Vendor Product Version
    Google Chrome Affected: 150.0.7871.46 , < 150.0.7871.46 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.6,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14420",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-125",
                    "description": "CWE-125 Out-of-bounds Read",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              },
              {
                "descriptions": [
                  {
                    "cweId": "CWE-787",
                    "description": "CWE-787 Out-of-bounds Write",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-03T03:55:30.246Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Chrome",
              "vendor": "Google",
              "versions": [
                {
                  "lessThan": "150.0.7871.46",
                  "status": "affected",
                  "version": "150.0.7871.46",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Out of bounds read and write in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Out of bounds read and write",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T22:21:49.727Z",
            "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            "shortName": "Chrome"
          },
          "references": [
            {
              "url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html"
            },
            {
              "url": "https://issues.chromium.org/issues/517031505"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "assignerShortName": "Chrome",
        "cveId": "CVE-2026-14420",
        "datePublished": "2026-07-01T22:21:49.727Z",
        "dateReserved": "2026-07-01T21:37:33.095Z",
        "dateUpdated": "2026-07-03T03:55:30.246Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14419 (GCVE-0-2026-14419)

    Vulnerability from nvd – Published: 2026-07-01 22:22 – Updated: 2026-07-03 03:55
    VLAI
    Summary
    Use after free in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Google Chrome Affected: 150.0.7871.46 , < 150.0.7871.46 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.6,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14419",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-03T03:55:23.391Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Chrome",
              "vendor": "Google",
              "versions": [
                {
                  "lessThan": "150.0.7871.46",
                  "status": "affected",
                  "version": "150.0.7871.46",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Use after free in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "Use after free",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T22:22:04.747Z",
            "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            "shortName": "Chrome"
          },
          "references": [
            {
              "url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html"
            },
            {
              "url": "https://issues.chromium.org/issues/516981393"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "assignerShortName": "Chrome",
        "cveId": "CVE-2026-14419",
        "datePublished": "2026-07-01T22:22:04.747Z",
        "dateReserved": "2026-07-01T21:37:32.856Z",
        "dateUpdated": "2026-07-03T03:55:23.391Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14418 (GCVE-0-2026-14418)

    Vulnerability from nvd – Published: 2026-07-01 22:21 – Updated: 2026-07-02 00:31
    VLAI
    Summary
    Uninitialized Use in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Google Chrome Affected: 150.0.7871.46 , < 150.0.7871.46 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 4.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14418",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T00:31:38.955728Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T00:31:57.538Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Chrome",
              "vendor": "Google",
              "versions": [
                {
                  "lessThan": "150.0.7871.46",
                  "status": "affected",
                  "version": "150.0.7871.46",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Uninitialized Use in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-457",
                  "description": "Uninitialized Use",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T22:21:58.436Z",
            "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            "shortName": "Chrome"
          },
          "references": [
            {
              "url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html"
            },
            {
              "url": "https://issues.chromium.org/issues/516865345"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "assignerShortName": "Chrome",
        "cveId": "CVE-2026-14418",
        "datePublished": "2026-07-01T22:21:58.436Z",
        "dateReserved": "2026-07-01T21:37:32.635Z",
        "dateUpdated": "2026-07-02T00:31:57.538Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14417 (GCVE-0-2026-14417)

    Vulnerability from nvd – Published: 2026-07-01 22:22 – Updated: 2026-07-03 03:55
    VLAI
    Summary
    Use after free in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Google Chrome Affected: 150.0.7871.46 , < 150.0.7871.46 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.6,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14417",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-03T03:55:21.979Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Chrome",
              "vendor": "Google",
              "versions": [
                {
                  "lessThan": "150.0.7871.46",
                  "status": "affected",
                  "version": "150.0.7871.46",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Use after free in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "Use after free",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T22:22:04.158Z",
            "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            "shortName": "Chrome"
          },
          "references": [
            {
              "url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html"
            },
            {
              "url": "https://issues.chromium.org/issues/516649133"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "assignerShortName": "Chrome",
        "cveId": "CVE-2026-14417",
        "datePublished": "2026-07-01T22:22:04.158Z",
        "dateReserved": "2026-07-01T21:37:32.392Z",
        "dateUpdated": "2026-07-03T03:55:21.979Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14416 (GCVE-0-2026-14416)

    Vulnerability from nvd – Published: 2026-07-01 22:21 – Updated: 2026-07-03 03:55
    VLAI
    Summary
    Out of bounds read in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Google Chrome Affected: 150.0.7871.46 , < 150.0.7871.46 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.6,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14416",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-03T03:55:29.159Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Chrome",
              "vendor": "Google",
              "versions": [
                {
                  "lessThan": "150.0.7871.46",
                  "status": "affected",
                  "version": "150.0.7871.46",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Out of bounds read in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "Out of bounds read",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T22:21:53.436Z",
            "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            "shortName": "Chrome"
          },
          "references": [
            {
              "url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html"
            },
            {
              "url": "https://issues.chromium.org/issues/515428315"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "assignerShortName": "Chrome",
        "cveId": "CVE-2026-14416",
        "datePublished": "2026-07-01T22:21:53.436Z",
        "dateReserved": "2026-07-01T21:37:32.150Z",
        "dateUpdated": "2026-07-03T03:55:29.159Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14415 (GCVE-0-2026-14415)

    Vulnerability from nvd – Published: 2026-07-01 22:21 – Updated: 2026-07-02 16:56
    VLAI
    Summary
    Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Inappropriate implementation
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Google Chrome Affected: 150.0.7871.46 , < 150.0.7871.46 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14415",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T16:46:34.056284Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-122",
                    "description": "CWE-122 Heap-based Buffer Overflow",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T16:56:51.702Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Chrome",
              "vendor": "Google",
              "versions": [
                {
                  "lessThan": "150.0.7871.46",
                  "status": "affected",
                  "version": "150.0.7871.46",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Inappropriate implementation",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T22:21:42.193Z",
            "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            "shortName": "Chrome"
          },
          "references": [
            {
              "url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html"
            },
            {
              "url": "https://issues.chromium.org/issues/515086856"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "assignerShortName": "Chrome",
        "cveId": "CVE-2026-14415",
        "datePublished": "2026-07-01T22:21:42.193Z",
        "dateReserved": "2026-07-01T21:37:31.926Z",
        "dateUpdated": "2026-07-02T16:56:51.702Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14414 (GCVE-0-2026-14414)

    Vulnerability from nvd – Published: 2026-07-01 22:21 – Updated: 2026-07-02 00:35
    VLAI
    Summary
    Insufficient validation of untrusted input in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Insufficient validation of untrusted input
    Assigner
    Impacted products
    Vendor Product Version
    Google Chrome Affected: 150.0.7871.46 , < 150.0.7871.46 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14414",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T00:35:25.880712Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T00:35:41.684Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Chrome",
              "vendor": "Google",
              "versions": [
                {
                  "lessThan": "150.0.7871.46",
                  "status": "affected",
                  "version": "150.0.7871.46",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Insufficient validation of untrusted input in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "Insufficient validation of untrusted input",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T22:21:46.219Z",
            "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            "shortName": "Chrome"
          },
          "references": [
            {
              "url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html"
            },
            {
              "url": "https://issues.chromium.org/issues/513948227"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "assignerShortName": "Chrome",
        "cveId": "CVE-2026-14414",
        "datePublished": "2026-07-01T22:21:46.219Z",
        "dateReserved": "2026-07-01T21:37:31.694Z",
        "dateUpdated": "2026-07-02T00:35:41.684Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14413 (GCVE-0-2026-14413)

    Vulnerability from nvd – Published: 2026-07-01 22:21 – Updated: 2026-07-03 03:55
    VLAI
    Summary
    Uninitialized Use in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Google Chrome Affected: 150.0.7871.46 , < 150.0.7871.46 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.3,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14413",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-03T03:55:37.520Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Chrome",
              "vendor": "Google",
              "versions": [
                {
                  "lessThan": "150.0.7871.46",
                  "status": "affected",
                  "version": "150.0.7871.46",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Uninitialized Use in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-457",
                  "description": "Uninitialized Use",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T22:21:59.017Z",
            "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            "shortName": "Chrome"
          },
          "references": [
            {
              "url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html"
            },
            {
              "url": "https://issues.chromium.org/issues/513922055"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "assignerShortName": "Chrome",
        "cveId": "CVE-2026-14413",
        "datePublished": "2026-07-01T22:21:59.017Z",
        "dateReserved": "2026-07-01T21:37:31.482Z",
        "dateUpdated": "2026-07-03T03:55:37.520Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14412 (GCVE-0-2026-14412)

    Vulnerability from nvd – Published: 2026-07-01 22:21 – Updated: 2026-07-03 03:55
    VLAI
    Summary
    Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Insufficient validation of untrusted input
    Assigner
    Impacted products
    Vendor Product Version
    Google Chrome Affected: 150.0.7871.46 , < 150.0.7871.46 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.3,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14412",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-03T03:55:42.948Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Chrome",
              "vendor": "Google",
              "versions": [
                {
                  "lessThan": "150.0.7871.46",
                  "status": "affected",
                  "version": "150.0.7871.46",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "Insufficient validation of untrusted input",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T22:21:45.091Z",
            "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            "shortName": "Chrome"
          },
          "references": [
            {
              "url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html"
            },
            {
              "url": "https://issues.chromium.org/issues/513920834"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "assignerShortName": "Chrome",
        "cveId": "CVE-2026-14412",
        "datePublished": "2026-07-01T22:21:45.091Z",
        "dateReserved": "2026-07-01T21:37:31.255Z",
        "dateUpdated": "2026-07-03T03:55:42.948Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14411 (GCVE-0-2026-14411)

    Vulnerability from nvd – Published: 2026-07-01 22:21 – Updated: 2026-07-03 03:55
    VLAI
    Summary
    Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Insufficient validation of untrusted input
    Assigner
    Impacted products
    Vendor Product Version
    Google Chrome Affected: 150.0.7871.46 , < 150.0.7871.46 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.6,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14411",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-03T03:55:33.186Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Chrome",
              "vendor": "Google",
              "versions": [
                {
                  "lessThan": "150.0.7871.46",
                  "status": "affected",
                  "version": "150.0.7871.46",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "Insufficient validation of untrusted input",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T22:21:44.570Z",
            "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            "shortName": "Chrome"
          },
          "references": [
            {
              "url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html"
            },
            {
              "url": "https://issues.chromium.org/issues/513919827"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "assignerShortName": "Chrome",
        "cveId": "CVE-2026-14411",
        "datePublished": "2026-07-01T22:21:44.570Z",
        "dateReserved": "2026-07-01T21:37:31.043Z",
        "dateUpdated": "2026-07-03T03:55:33.186Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14410 (GCVE-0-2026-14410)

    Vulnerability from nvd – Published: 2026-07-01 22:21 – Updated: 2026-07-02 16:56
    VLAI
    Summary
    Inappropriate implementation in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Inappropriate implementation
    • CWE-451 - User Interface (UI) Misrepresentation of Critical Information
    Assigner
    Impacted products
    Vendor Product Version
    Google Chrome Affected: 150.0.7871.46 , < 150.0.7871.46 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 4.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14410",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T16:48:06.365310Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-451",
                    "description": "CWE-451 User Interface (UI) Misrepresentation of Critical Information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T16:56:57.504Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Chrome",
              "vendor": "Google",
              "versions": [
                {
                  "lessThan": "150.0.7871.46",
                  "status": "affected",
                  "version": "150.0.7871.46",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Inappropriate implementation in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Inappropriate implementation",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T22:21:39.904Z",
            "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            "shortName": "Chrome"
          },
          "references": [
            {
              "url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html"
            },
            {
              "url": "https://issues.chromium.org/issues/513836996"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "assignerShortName": "Chrome",
        "cveId": "CVE-2026-14410",
        "datePublished": "2026-07-01T22:21:39.904Z",
        "dateReserved": "2026-07-01T21:37:30.822Z",
        "dateUpdated": "2026-07-02T16:56:57.504Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14409 (GCVE-0-2026-14409)

    Vulnerability from nvd – Published: 2026-07-01 22:21 – Updated: 2026-07-03 03:55
    VLAI
    Summary
    Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Inappropriate implementation
    • CWE-693 - Protection Mechanism Failure
    Assigner
    Impacted products
    Vendor Product Version
    Google Chrome Affected: 150.0.7871.46 , < 150.0.7871.46 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14409",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-693",
                    "description": "CWE-693 Protection Mechanism Failure",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-03T03:55:59.345Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Chrome",
              "vendor": "Google",
              "versions": [
                {
                  "lessThan": "150.0.7871.46",
                  "status": "affected",
                  "version": "150.0.7871.46",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Inappropriate implementation",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T22:21:41.596Z",
            "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            "shortName": "Chrome"
          },
          "references": [
            {
              "url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html"
            },
            {
              "url": "https://issues.chromium.org/issues/513810921"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "assignerShortName": "Chrome",
        "cveId": "CVE-2026-14409",
        "datePublished": "2026-07-01T22:21:41.596Z",
        "dateReserved": "2026-07-01T21:37:30.582Z",
        "dateUpdated": "2026-07-03T03:55:59.345Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14408 (GCVE-0-2026-14408)

    Vulnerability from nvd – Published: 2026-07-01 22:22 – Updated: 2026-07-02 00:34
    VLAI
    Summary
    Uninitialized Use in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Google Chrome Affected: 150.0.7871.46 , < 150.0.7871.46 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14408",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T00:33:50.800150Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T00:34:09.115Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Chrome",
              "vendor": "Google",
              "versions": [
                {
                  "lessThan": "150.0.7871.46",
                  "status": "affected",
                  "version": "150.0.7871.46",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Uninitialized Use in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-457",
                  "description": "Uninitialized Use",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T22:22:00.125Z",
            "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            "shortName": "Chrome"
          },
          "references": [
            {
              "url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html"
            },
            {
              "url": "https://issues.chromium.org/issues/513631768"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "assignerShortName": "Chrome",
        "cveId": "CVE-2026-14408",
        "datePublished": "2026-07-01T22:22:00.125Z",
        "dateReserved": "2026-07-01T21:37:30.375Z",
        "dateUpdated": "2026-07-02T00:34:09.115Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14407 (GCVE-0-2026-14407)

    Vulnerability from nvd – Published: 2026-07-01 22:21 – Updated: 2026-07-03 03:55
    VLAI
    Summary
    Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Inappropriate implementation
    • CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Google Chrome Affected: 150.0.7871.46 , < 150.0.7871.46 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14407",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-119",
                    "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              },
              {
                "descriptions": [
                  {
                    "cweId": "CWE-94",
                    "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-03T03:55:57.085Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Chrome",
              "vendor": "Google",
              "versions": [
                {
                  "lessThan": "150.0.7871.46",
                  "status": "affected",
                  "version": "150.0.7871.46",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Inappropriate implementation",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T22:21:41.028Z",
            "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            "shortName": "Chrome"
          },
          "references": [
            {
              "url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html"
            },
            {
              "url": "https://issues.chromium.org/issues/513586956"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "assignerShortName": "Chrome",
        "cveId": "CVE-2026-14407",
        "datePublished": "2026-07-01T22:21:41.028Z",
        "dateReserved": "2026-07-01T21:37:30.137Z",
        "dateUpdated": "2026-07-03T03:55:57.085Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14406 (GCVE-0-2026-14406)

    Vulnerability from nvd – Published: 2026-07-01 22:21 – Updated: 2026-07-02 00:33
    VLAI
    Summary
    Out of bounds read in V8 in Google Chrome prior to 150.0.7871.46 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. (Chromium security severity: Medium)
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Google Chrome Affected: 150.0.7871.46 , < 150.0.7871.46 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.9,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14406",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T00:32:55.881198Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T00:33:00.247Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Chrome",
              "vendor": "Google",
              "versions": [
                {
                  "lessThan": "150.0.7871.46",
                  "status": "affected",
                  "version": "150.0.7871.46",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Out of bounds read in V8 in Google Chrome prior to 150.0.7871.46 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. (Chromium security severity: Medium)"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "Out of bounds read",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T22:21:53.998Z",
            "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            "shortName": "Chrome"
          },
          "references": [
            {
              "url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html"
            },
            {
              "url": "https://issues.chromium.org/issues/513435594"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "assignerShortName": "Chrome",
        "cveId": "CVE-2026-14406",
        "datePublished": "2026-07-01T22:21:53.998Z",
        "dateReserved": "2026-07-01T21:37:29.917Z",
        "dateUpdated": "2026-07-02T00:33:00.247Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14405 (GCVE-0-2026-14405)

    Vulnerability from nvd – Published: 2026-07-01 22:22 – Updated: 2026-07-03 03:55
    VLAI
    Summary
    Uninitialized Use in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Google Chrome Affected: 150.0.7871.46 , < 150.0.7871.46 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.6,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14405",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-03T03:55:24.809Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Chrome",
              "vendor": "Google",
              "versions": [
                {
                  "lessThan": "150.0.7871.46",
                  "status": "affected",
                  "version": "150.0.7871.46",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Uninitialized Use in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-457",
                  "description": "Uninitialized Use",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T22:22:01.246Z",
            "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            "shortName": "Chrome"
          },
          "references": [
            {
              "url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html"
            },
            {
              "url": "https://issues.chromium.org/issues/513376037"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "assignerShortName": "Chrome",
        "cveId": "CVE-2026-14405",
        "datePublished": "2026-07-01T22:22:01.246Z",
        "dateReserved": "2026-07-01T21:37:29.708Z",
        "dateUpdated": "2026-07-03T03:55:24.809Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14404 (GCVE-0-2026-14404)

    Vulnerability from nvd – Published: 2026-07-01 22:21 – Updated: 2026-07-02 13:12
    VLAI
    Summary
    Inappropriate implementation in PDFium in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to perform UI spoofing via a crafted PDF file. (Chromium security severity: Medium)
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Inappropriate implementation
    • CWE-451 - User Interface (UI) Misrepresentation of Critical Information
    Assigner
    Impacted products
    Vendor Product Version
    Google Chrome Affected: 150.0.7871.46 , < 150.0.7871.46 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14404",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T13:12:15.749303Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-451",
                    "description": "CWE-451 User Interface (UI) Misrepresentation of Critical Information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T13:12:41.518Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Chrome",
              "vendor": "Google",
              "versions": [
                {
                  "lessThan": "150.0.7871.46",
                  "status": "affected",
                  "version": "150.0.7871.46",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Inappropriate implementation in PDFium in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to perform UI spoofing via a crafted PDF file. (Chromium security severity: Medium)"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Inappropriate implementation",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T22:21:39.035Z",
            "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            "shortName": "Chrome"
          },
          "references": [
            {
              "url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html"
            },
            {
              "url": "https://issues.chromium.org/issues/513337989"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "assignerShortName": "Chrome",
        "cveId": "CVE-2026-14404",
        "datePublished": "2026-07-01T22:21:39.035Z",
        "dateReserved": "2026-07-01T21:37:29.470Z",
        "dateUpdated": "2026-07-02T13:12:41.518Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14403 (GCVE-0-2026-14403)

    Vulnerability from nvd – Published: 2026-07-01 22:22 – Updated: 2026-07-03 03:55
    VLAI
    Summary
    Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Google Chrome Affected: 150.0.7871.46 , < 150.0.7871.46 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14403",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-03T03:55:53.628Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Chrome",
              "vendor": "Google",
              "versions": [
                {
                  "lessThan": "150.0.7871.46",
                  "status": "affected",
                  "version": "150.0.7871.46",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "Use after free",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T22:22:05.291Z",
            "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            "shortName": "Chrome"
          },
          "references": [
            {
              "url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html"
            },
            {
              "url": "https://issues.chromium.org/issues/513298483"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "assignerShortName": "Chrome",
        "cveId": "CVE-2026-14403",
        "datePublished": "2026-07-01T22:22:05.291Z",
        "dateReserved": "2026-07-01T21:37:29.175Z",
        "dateUpdated": "2026-07-03T03:55:53.628Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }