7.5
CVE-2026-28388 - NULL Pointer Dereference When Processing a Delta CRL
Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the required CRL Number extension is missing. Impact summary: A NULL pointer dereference can trigger a crash which leads to a Denial of Service for an application. โฆ
4.3
CVE-2026-5900 - chromium-browser: Policy bypass in Downloads
Policy bypass in Downloads in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass of multi-download protections via a crafted HTML page. (Chromium security severity: Low)
8.8
CVE-2026-5866 - chromium-browser: Use after free in Media
Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
4.3
CVE-2026-5898 - chromium-browser: Incorrect security UI in Omnibox
Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
4.3
CVE-2026-5869 - chromium-browser: Heap buffer overflow in WebML
Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
6.1
CVE-2026-5899 - chromium-browser: Incorrect security UI in History Navigation
Insufficient policy enforcement in History Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Low)
8.8
CVE-2026-5877 - chromium-browser: Use after free in Navigation
Use after free in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
4.3
CVE-2026-5887 - chromium-browser: Insufficient validation of untrusted input in Downloads
Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 147.0.7727.55 allowed a remote attacker to bypass download restrictions via a crafted HTML page. (Chromium security severity: Medium)
4.3
CVE-2026-5878 - chromium-browser: Incorrect security UI in Blink
Incorrect security UI in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
8.8
CVE-2026-5862 - chromium-browser: Inappropriate implementation in V8
Inappropriate implementation in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)