|
551
|
8.3 |
HIGH
Network
|
google
|
chrome
|
Use after free in Media in Google Chrome on Android prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HT…
Update
|
CWE-416
Use After Free
|
CVE-2026-7352
|
2026-05-1 01:40 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
552
|
8.3 |
HIGH
Network
|
google
|
chrome
|
Heap buffer overflow in Skia in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML pag…
Update
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-7353
|
2026-05-1 01:39 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
553
|
7.2 |
HIGH
Local
|
palletsprojects
|
click
|
Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit() function, allowing attackers to pass arbitrary OS commands from an unprivileged account.
New
|
CWE-77
Command Injection
|
CVE-2026-7246
|
2026-05-1 01:39 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
554
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Out of bounds read and write in Angle in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: …
Update
|
CWE-125
CWE-787
Out-of-bounds Read
Out-of-bounds Write
|
CVE-2026-7354
|
2026-05-1 01:38 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
555
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in Media in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
Update
|
CWE-416
Use After Free
|
CVE-2026-7355
|
2026-05-1 01:38 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
556
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in Navigation in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Update
|
CWE-416
Use After Free
|
CVE-2026-7356
|
2026-05-1 01:38 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
557
|
7.5 |
HIGH
Network
|
google
|
chrome
|
Use after free in GPU in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chro…
Update
|
CWE-416
Use After Free
|
CVE-2026-7357
|
2026-05-1 01:37 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
558
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in Animation in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Update
|
CWE-416
Use After Free
|
CVE-2026-7358
|
2026-05-1 01:37 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
559
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in ANGLE in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (C…
Update
|
CWE-416
Use After Free
|
CVE-2026-7359
|
2026-05-1 01:37 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
560
|
3.1 |
LOW
Network
|
google
|
chrome
|
Insufficient validation of untrusted input. in Compositing in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a c…
Update
|
CWE-20
Improper Input Validation
|
CVE-2026-7360
|
2026-05-1 01:37 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
