5.4

CVSS3.1

CVE-2026-8019 - UI Spoofing via Weak Policy Enforcement in Chrome WebApp

Insufficient policy enforcement in WebApp in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

📅 Published: May 6, 2026, 6:13 p.m. 🔄 Last Modified: May 7, 2026, 3:26 p.m.

8.1

CVSS3.1

CVE-2026-8018 - Insufficient Policy Enforcement in DevTools Enabling Sandbox Escape

Insufficient policy enforcement in DevTools in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to potentially perform a sandbox escape via malicious network traffic. (Chromium security severity: Low)

📅 Published: May 6, 2026, 6:13 p.m. 🔄 Last Modified: May 7, 2026, 5 p.m.

3.1

CVSS3.1

CVE-2026-8017 -

Side-channel information leakage in Media in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

📅 Published: May 6, 2026, 6:13 p.m. 🔄 Last Modified: May 7, 2026, 3:29 p.m.

8.8

CVSS3.1

CVE-2026-8016 -

Use after free in WebRTC in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)

📅 Published: May 6, 2026, 6:13 p.m. 🔄 Last Modified: May 7, 2026, 3:29 p.m.

5.4

CVSS3.1

CVE-2026-8015 - Chrome Media Component UI Spoofing Vulnerability

Inappropriate implementation in Media in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

📅 Published: May 6, 2026, 6:13 p.m. 🔄 Last Modified: May 7, 2026, 3:30 p.m.

4.3

CVSS3.1

CVE-2026-8014 - Chrome Preload Feature Causing Cross‑Origin Data Leakage

Inappropriate implementation in Preload in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

📅 Published: May 6, 2026, 6:13 p.m. 🔄 Last Modified: May 7, 2026, 3:16 p.m.

4.3

CVSS3.1

CVE-2026-8013 -

Insufficient validation of untrusted input in FedCM in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

📅 Published: May 6, 2026, 6:13 p.m. 🔄 Last Modified: May 7, 2026, 3:19 p.m.

5.4

CVSS3.1

CVE-2026-8012 -

Inappropriate implementation in MHTML in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Low)

📅 Published: May 6, 2026, 6:13 p.m. 🔄 Last Modified: May 7, 2026, 3:19 p.m.

4.3

CVSS3.1

CVE-2026-8011 - Insufficient Search Policy Enforces Cross‑Origin Data Leak in Chrome

Insufficient policy enforcement in Search in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

📅 Published: May 6, 2026, 6:13 p.m. 🔄 Last Modified: May 7, 2026, 3:16 p.m.

6.3

CVSS3.1

CVE-2026-8010 -

Insufficient validation of untrusted input in SiteIsolation in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Low)

📅 Published: May 6, 2026, 6:13 p.m. 🔄 Last Modified: May 7, 2026, 3:17 p.m.

Vulnerability Database Index

5.4

CVE-2026-8019 - UI Spoofing via Weak Policy Enforcement in Chrome WebApp

8.1

CVE-2026-8018 - Insufficient Policy Enforcement in DevTools Enabling Sandbox Escape

3.1

CVE-2026-8017 -

8.8

CVE-2026-8016 -

5.4

CVE-2026-8015 - Chrome Media Component UI Spoofing Vulnerability

4.3

CVE-2026-8014 - Chrome Preload Feature Causing Cross‑Origin Data Leakage

4.3

CVE-2026-8013 -

5.4

CVE-2026-8012 -

4.3

CVE-2026-8011 - Insufficient Search Policy Enforces Cross‑Origin Data Leak in Chrome

6.3

CVE-2026-8010 -