CVE-2026-7345 - Google Chrome Renderer Process Sandbox Escape
CVE ID :CVE-2026-7345
Published : April 28, 2026, 11:16 p.m. | 4 hours, 14 minutes ago
Description :Insufficient validation of untrusted input in Feedback in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-7345
Published : April 28, 2026, 11:16 p.m. | 4 hours, 14 minutes ago
Description :Insufficient validation of untrusted input in Feedback in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-7346 - Google Chrome Tint Out-of-Bounds Memory Access Vulnerability
CVE ID :CVE-2026-7346
Published : April 28, 2026, 11:16 p.m. | 4 hours, 14 minutes ago
Description :Inappropriate implementation in Tint in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-7346
Published : April 28, 2026, 11:16 p.m. | 4 hours, 14 minutes ago
Description :Inappropriate implementation in Tint in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-7347 - Google Chrome Chromium Use After Free Remote Code Execution
CVE ID :CVE-2026-7347
Published : April 28, 2026, 11:16 p.m. | 4 hours, 14 minutes ago
Description :Use after free in Chromoting in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-7347
Published : April 28, 2026, 11:16 p.m. | 4 hours, 14 minutes ago
Description :Use after free in Chromoting in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-7348 - Google Chrome Codecs Use After Free Arbitrary Code Execution Vulnerability
CVE ID :CVE-2026-7348
Published : April 28, 2026, 11:16 p.m. | 4 hours, 14 minutes ago
Description :Use after free in Codecs in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-7348
Published : April 28, 2026, 11:16 p.m. | 4 hours, 14 minutes ago
Description :Use after free in Codecs in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-7349 - Google Chrome Use-After-Free Arbitrary Code Execution Vulnerability
CVE ID :CVE-2026-7349
Published : April 28, 2026, 11:16 p.m. | 4 hours, 14 minutes ago
Description :Use after free in Cast in Google Chrome prior to 147.0.7727.138 allowed an attacker on the local network segment to execute arbitrary code inside a sandbox via malicious network traffic. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-7349
Published : April 28, 2026, 11:16 p.m. | 4 hours, 14 minutes ago
Description :Use after free in Cast in Google Chrome prior to 147.0.7727.138 allowed an attacker on the local network segment to execute arbitrary code inside a sandbox via malicious network traffic. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-7350 - Google Chrome WebMIDI Use After Free Vulnerability
CVE ID :CVE-2026-7350
Published : April 28, 2026, 11:16 p.m. | 4 hours, 14 minutes ago
Description :Use after free in WebMIDI in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-7350
Published : April 28, 2026, 11:16 p.m. | 4 hours, 14 minutes ago
Description :Use after free in WebMIDI in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-7351 - Google Chrome MHTML Cross-Origin Data Leak Vulnerability
CVE ID :CVE-2026-7351
Published : April 28, 2026, 11:16 p.m. | 4 hours, 14 minutes ago
Description :Race in MHTML in Google Chrome prior to 147.0.7727.138 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-7351
Published : April 28, 2026, 11:16 p.m. | 4 hours, 14 minutes ago
Description :Race in MHTML in Google Chrome prior to 147.0.7727.138 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-7352 - Google Chrome Android Media Use-After-Free Sandbox Escape
CVE ID :CVE-2026-7352
Published : April 28, 2026, 11:16 p.m. | 4 hours, 14 minutes ago
Description :Use after free in Media in Google Chrome on Android prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-7352
Published : April 28, 2026, 11:16 p.m. | 4 hours, 14 minutes ago
Description :Use after free in Media in Google Chrome on Android prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-7353 - Google Chrome Skia Heap Buffer Overflow
CVE ID :CVE-2026-7353
Published : April 28, 2026, 11:16 p.m. | 4 hours, 14 minutes ago
Description :Heap buffer overflow in Skia in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-7353
Published : April 28, 2026, 11:16 p.m. | 4 hours, 14 minutes ago
Description :Heap buffer overflow in Skia in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-7354 - Google Chrome Angle Out-of-Bounds Write Vulnerability
CVE ID :CVE-2026-7354
Published : April 28, 2026, 11:16 p.m. | 4 hours, 14 minutes ago
Description :Out of bounds read and write in Angle in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-7354
Published : April 28, 2026, 11:16 p.m. | 4 hours, 14 minutes ago
Description :Out of bounds read and write in Angle in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-7355 - Google Chrome Media Use-After-Free Vulnerability
CVE ID :CVE-2026-7355
Published : April 28, 2026, 11:16 p.m. | 4 hours, 14 minutes ago
Description :Use after free in Media in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-7355
Published : April 28, 2026, 11:16 p.m. | 4 hours, 14 minutes ago
Description :Use after free in Media in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-7356 - Google Chrome Use After Free Vulnerability in Navigation
CVE ID :CVE-2026-7356
Published : April 28, 2026, 11:16 p.m. | 4 hours, 14 minutes ago
Description :Use after free in Navigation in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-7356
Published : April 28, 2026, 11:16 p.m. | 4 hours, 14 minutes ago
Description :Use after free in Navigation in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-7357 - Google Chrome GPU Use-After-Free Vulnerability
CVE ID :CVE-2026-7357
Published : April 28, 2026, 11:16 p.m. | 4 hours, 14 minutes ago
Description :Use after free in GPU in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-7357
Published : April 28, 2026, 11:16 p.m. | 4 hours, 14 minutes ago
Description :Use after free in GPU in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-7358 - Google Chrome Use After Free in Animation Vulnerability
CVE ID :CVE-2026-7358
Published : April 28, 2026, 11:16 p.m. | 4 hours, 14 minutes ago
Description :Use after free in Animation in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-7358
Published : April 28, 2026, 11:16 p.m. | 4 hours, 14 minutes ago
Description :Use after free in Animation in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-7359 - Google Chrome ANGLE Use-After-Free Sandbox Escape
CVE ID :CVE-2026-7359
Published : April 28, 2026, 11:16 p.m. | 4 hours, 14 minutes ago
Description :Use after free in ANGLE in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-7359
Published : April 28, 2026, 11:16 p.m. | 4 hours, 14 minutes ago
Description :Use after free in ANGLE in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-7360 - Google Chrome Site Isolation Bypass
CVE ID :CVE-2026-7360
Published : April 28, 2026, 11:16 p.m. | 4 hours, 14 minutes ago
Description :Insufficient validation of untrusted input. in Compositing in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-7360
Published : April 28, 2026, 11:16 p.m. | 4 hours, 14 minutes ago
Description :Insufficient validation of untrusted input. in Compositing in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-7361 - Google Chrome iOS Use-After-Free Heap Corruption
CVE ID :CVE-2026-7361
Published : April 28, 2026, 11:16 p.m. | 4 hours, 14 minutes ago
Description :Use after free in iOS in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-7361
Published : April 28, 2026, 11:16 p.m. | 4 hours, 14 minutes ago
Description :Use after free in iOS in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-7363 - "Google Chrome Canvas Use-After-Free Vulnerability"
CVE ID :CVE-2026-7363
Published : April 28, 2026, 11:16 p.m. | 4 hours, 14 minutes ago
Description :Use after free in Canvas in Google Chrome on Linux, ChromeOS prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Critical)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-7363
Published : April 28, 2026, 11:16 p.m. | 4 hours, 14 minutes ago
Description :Use after free in Canvas in Google Chrome on Linux, ChromeOS prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Critical)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-40560 - Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence
CVE ID :CVE-2026-40560
Published : April 29, 2026, 12:16 a.m. | 3 hours, 14 minutes ago
Description :Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starman incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An attacker could exploit this to smuggle malicious HTTP requests via a front-end reverse proxy.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-40560
Published : April 29, 2026, 12:16 a.m. | 3 hours, 14 minutes ago
Description :Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starman incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An attacker could exploit this to smuggle malicious HTTP requests via a front-end reverse proxy.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-23773 - Dell Disk Library for Mainframe SSRF
CVE ID :CVE-2026-23773
Published : April 29, 2026, 4:16 a.m. | 1 hour, 16 minutes ago
Description :Dell Disk Library for Mainframe, version(s) DLm 8700/2700 contain(s) a Server-Side Request Forgery (SSRF) vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Server-side request forgery.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-23773
Published : April 29, 2026, 4:16 a.m. | 1 hour, 16 minutes ago
Description :Dell Disk Library for Mainframe, version(s) DLm 8700/2700 contain(s) a Server-Side Request Forgery (SSRF) vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Server-side request forgery.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-42615 - GCHQ CyberChef XSS Vulnerability
CVE ID :CVE-2026-42615
Published : April 29, 2026, 4:16 a.m. | 1 hour, 16 minutes ago
Description :GCHQ CyberChef before 11.0.0 allows XSS via Show Base64 offsets, as demonstrated by the /#recipe=Show_Base64_offsets('%3Cscript substring.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-42615
Published : April 29, 2026, 4:16 a.m. | 1 hour, 16 minutes ago
Description :GCHQ CyberChef before 11.0.0 allows XSS via Show Base64 offsets, as demonstrated by the /#recipe=Show_Base64_offsets('%3Cscript substring.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...