Vulnerability-Lookup

WID-SEC-W-2026-1542

Vulnerability from csaf_certbund - Published: 2026-05-14 22:00 - Updated: 2026-05-25 22:00

Summary

Google Chrome und Microsoft Edge: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Chrome ist ein Internet-Browser von Google.

Angriff: Ein Angreifer kann mehrere Schwachstellen in Google Chrome und Microsoft Edge ausnutzen, um beliebigen Programmcode auszuführen, um einen Denial of Service Angriff durchzuführen, um Informationen offenzulegen, um Sicherheitsvorkehrungen zu umgehen, und um einen nicht näher spezifizierten Angriff durchzuführen.

Betroffene Betriebssysteme: - Linux - MacOS X - Sonstiges - UNIX - Windows

CVE-2026-0251

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-45351

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8509

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8510

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8511

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8512

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8513

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8514

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8515

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8516

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8517

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8518

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8519

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8520

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8521

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8522

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8523

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8524

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8525

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8526

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8527

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8528

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8529

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8530

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8531

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8532

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8533

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8534

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8535

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8536

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8537

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8538

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8539

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8540

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8541

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8542

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8543

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8544

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8545

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8546

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8547

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8548

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8549

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8550

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8551

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8552

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8553

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8554

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8555

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8556

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8557

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8558

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8559

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8560

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8561

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8562

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8563

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8564

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8565

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8566

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8567

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8568

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8569

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8570

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8571

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8572

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8573

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8574

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8575

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8576

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8577

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8578

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8579

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8580

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8581

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8582

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8583

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8584

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8585

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8586

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-8587

Affected products

Known affected 6 products

Product	Identifier	Version
Google Chrome <148.0.7778.168 Google / Chrome		<148.0.7778.168
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Google Chrome <148.0.7778.167 Google / Chrome		<148.0.7778.167
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Edge <148.0.3967.70 Microsoft / Edge		<148.0.3967.70
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

References

14 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://chromereleases.googleblog.com/2026/05/sta…	external
https://learn.microsoft.com/en-us/DeployEdge/micr…	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external
https://bodhi.fedoraproject.org/updates/FEDORA-EP…	external
https://bodhi.fedoraproject.org/updates/FEDORA-EP…	external
https://bodhi.fedoraproject.org/updates/FEDORA-EP…	external
https://bodhi.fedoraproject.org/updates/FEDORA-EP…	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external
https://lists.opensuse.org/archives/list/security…	external
https://lists.debian.org/debian-security-announce…	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external
https://lists.opensuse.org/archives/list/security…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Chrome ist ein Internet-Browser von Google.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Google Chrome und Microsoft Edge ausnutzen, um beliebigen Programmcode auszuf\u00fchren, um einen Denial of Service Angriff durchzuf\u00fchren, um Informationen offenzulegen, um Sicherheitsvorkehrungen zu umgehen, und um einen nicht n\u00e4her spezifizierten Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- MacOS X\n- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-1542 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1542.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-1542 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1542"
      },
      {
        "category": "external",
        "summary": "Chrome Releases: Stable Channel Update for Desktop vom 2026-05-14",
        "url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
      },
      {
        "category": "external",
        "summary": "Release notes for Microsoft Edge Security Updates vom 2026-05-15",
        "url": "https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#may-15-2026"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2026-F8C2552DE7 vom 2026-05-16",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-f8c2552de7"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2026-21C0E6B20C vom 2026-05-17",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-21c0e6b20c"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2026-266B62AEA6 vom 2026-05-17",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-266b62aea6"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2026-4DD3A97960 vom 2026-05-17",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-4dd3a97960"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2026-F121D3BE68 vom 2026-05-17",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-f121d3be68"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2026-6D848132EE vom 2026-05-16",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-6d848132ee"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:10786-1 vom 2026-05-17",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WI237TDM57LG4CHFIHJ4TNIWQ3L62GZG/"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-6273 vom 2026-05-15",
        "url": "https://lists.debian.org/debian-security-announce/2026/msg00184.html"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2026-885A3F8C70 vom 2026-05-16",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-885a3f8c70"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:20775-1 vom 2026-05-23",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JSXMBJAQKZ5EDPGO5YH4Z2YNWN4EUHVN/"
      }
    ],
    "source_lang": "en-US",
    "title": "Google Chrome und Microsoft Edge: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-05-25T22:00:00.000+00:00",
      "generator": {
        "date": "2026-05-26T12:17:31.555+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.6.0"
        }
      },
      "id": "WID-SEC-W-2026-1542",
      "initial_release_date": "2026-05-14T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-05-14T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-05-17T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Microsoft aufgenommen"
        },
        {
          "date": "2026-05-25T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von openSUSE aufgenommen"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Fedora Linux",
            "product": {
              "name": "Fedora Linux",
              "product_id": "74185",
              "product_identification_helper": {
                "cpe": "cpe:/o:fedoraproject:fedora:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Fedora"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c148.0.7778.167",
                "product": {
                  "name": "Google Chrome \u003c148.0.7778.167",
                  "product_id": "T054196"
                }
              },
              {
                "category": "product_version",
                "name": "148.0.7778.167",
                "product": {
                  "name": "Google Chrome 148.0.7778.167",
                  "product_id": "T054196-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:google:chrome:148.0.7778.167"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c148.0.7778.168",
                "product": {
                  "name": "Google Chrome \u003c148.0.7778.168",
                  "product_id": "T054197"
                }
              },
              {
                "category": "product_version",
                "name": "148.0.7778.168",
                "product": {
                  "name": "Google Chrome 148.0.7778.168",
                  "product_id": "T054197-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:google:chrome:148.0.7778.168"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Chrome"
          }
        ],
        "category": "vendor",
        "name": "Google"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c148.0.3967.70",
                "product": {
                  "name": "Microsoft Edge \u003c148.0.3967.70",
                  "product_id": "T054236"
                }
              },
              {
                "category": "product_version",
                "name": "148.0.3967.70",
                "product": {
                  "name": "Microsoft Edge 148.0.3967.70",
                  "product_id": "T054236-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:edge:148.0.3967.70"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Edge"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE openSUSE",
            "product": {
              "name": "SUSE openSUSE",
              "product_id": "T027843",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:opensuse:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-0251",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-0251"
    },
    {
      "cve": "CVE-2026-45351",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-45351"
    },
    {
      "cve": "CVE-2026-8509",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8509"
    },
    {
      "cve": "CVE-2026-8510",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8510"
    },
    {
      "cve": "CVE-2026-8511",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8511"
    },
    {
      "cve": "CVE-2026-8512",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8512"
    },
    {
      "cve": "CVE-2026-8513",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8513"
    },
    {
      "cve": "CVE-2026-8514",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8514"
    },
    {
      "cve": "CVE-2026-8515",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8515"
    },
    {
      "cve": "CVE-2026-8516",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8516"
    },
    {
      "cve": "CVE-2026-8517",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8517"
    },
    {
      "cve": "CVE-2026-8518",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8518"
    },
    {
      "cve": "CVE-2026-8519",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8519"
    },
    {
      "cve": "CVE-2026-8520",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8520"
    },
    {
      "cve": "CVE-2026-8521",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8521"
    },
    {
      "cve": "CVE-2026-8522",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8522"
    },
    {
      "cve": "CVE-2026-8523",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8523"
    },
    {
      "cve": "CVE-2026-8524",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8524"
    },
    {
      "cve": "CVE-2026-8525",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8525"
    },
    {
      "cve": "CVE-2026-8526",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8526"
    },
    {
      "cve": "CVE-2026-8527",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8527"
    },
    {
      "cve": "CVE-2026-8528",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8528"
    },
    {
      "cve": "CVE-2026-8529",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8529"
    },
    {
      "cve": "CVE-2026-8530",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8530"
    },
    {
      "cve": "CVE-2026-8531",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8531"
    },
    {
      "cve": "CVE-2026-8532",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8532"
    },
    {
      "cve": "CVE-2026-8533",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8533"
    },
    {
      "cve": "CVE-2026-8534",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8534"
    },
    {
      "cve": "CVE-2026-8535",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8535"
    },
    {
      "cve": "CVE-2026-8536",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8536"
    },
    {
      "cve": "CVE-2026-8537",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8537"
    },
    {
      "cve": "CVE-2026-8538",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8538"
    },
    {
      "cve": "CVE-2026-8539",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8539"
    },
    {
      "cve": "CVE-2026-8540",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8540"
    },
    {
      "cve": "CVE-2026-8541",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8541"
    },
    {
      "cve": "CVE-2026-8542",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8542"
    },
    {
      "cve": "CVE-2026-8543",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8543"
    },
    {
      "cve": "CVE-2026-8544",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8544"
    },
    {
      "cve": "CVE-2026-8545",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8545"
    },
    {
      "cve": "CVE-2026-8546",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8546"
    },
    {
      "cve": "CVE-2026-8547",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8547"
    },
    {
      "cve": "CVE-2026-8548",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8548"
    },
    {
      "cve": "CVE-2026-8549",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8549"
    },
    {
      "cve": "CVE-2026-8550",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8550"
    },
    {
      "cve": "CVE-2026-8551",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8551"
    },
    {
      "cve": "CVE-2026-8552",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8552"
    },
    {
      "cve": "CVE-2026-8553",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8553"
    },
    {
      "cve": "CVE-2026-8554",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8554"
    },
    {
      "cve": "CVE-2026-8555",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8555"
    },
    {
      "cve": "CVE-2026-8556",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8556"
    },
    {
      "cve": "CVE-2026-8557",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8557"
    },
    {
      "cve": "CVE-2026-8558",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8558"
    },
    {
      "cve": "CVE-2026-8559",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8559"
    },
    {
      "cve": "CVE-2026-8560",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8560"
    },
    {
      "cve": "CVE-2026-8561",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8561"
    },
    {
      "cve": "CVE-2026-8562",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8562"
    },
    {
      "cve": "CVE-2026-8563",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8563"
    },
    {
      "cve": "CVE-2026-8564",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8564"
    },
    {
      "cve": "CVE-2026-8565",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8565"
    },
    {
      "cve": "CVE-2026-8566",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8566"
    },
    {
      "cve": "CVE-2026-8567",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8567"
    },
    {
      "cve": "CVE-2026-8568",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8568"
    },
    {
      "cve": "CVE-2026-8569",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8569"
    },
    {
      "cve": "CVE-2026-8570",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8570"
    },
    {
      "cve": "CVE-2026-8571",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8571"
    },
    {
      "cve": "CVE-2026-8572",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8572"
    },
    {
      "cve": "CVE-2026-8573",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8573"
    },
    {
      "cve": "CVE-2026-8574",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8574"
    },
    {
      "cve": "CVE-2026-8575",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8575"
    },
    {
      "cve": "CVE-2026-8576",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8576"
    },
    {
      "cve": "CVE-2026-8577",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8577"
    },
    {
      "cve": "CVE-2026-8578",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8578"
    },
    {
      "cve": "CVE-2026-8579",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8579"
    },
    {
      "cve": "CVE-2026-8580",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8580"
    },
    {
      "cve": "CVE-2026-8581",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8581"
    },
    {
      "cve": "CVE-2026-8582",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8582"
    },
    {
      "cve": "CVE-2026-8583",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8583"
    },
    {
      "cve": "CVE-2026-8584",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8584"
    },
    {
      "cve": "CVE-2026-8585",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8585"
    },
    {
      "cve": "CVE-2026-8586",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8586"
    },
    {
      "cve": "CVE-2026-8587",
      "product_status": {
        "known_affected": [
          "T054197",
          "2951",
          "T054196",
          "T027843",
          "T054236",
          "74185"
        ]
      },
      "release_date": "2026-05-14T22:00:00.000+00:00",
      "title": "CVE-2026-8587"
    }
  ]
}

CVE-2026-0251 (GCVE-0-2026-0251)

Vulnerability from cvelistv5 – Published: 2026-05-13 18:20 – Updated: 2026-05-14 03:56

Title

GlobalProtect App: Local Privilege Escalation Vulnerabilities

Summary

Multiple local privilege escalation vulnerabilities in the Palo Alto Networks GlobalProtect™ app allow a local user to escalate their privileges to NT AUTHORITY\SYSTEM on Windows and root on macOS and Linux. This enables a non-administrative user to execute arbitrary commands with administrative privileges. The GlobalProtect app on iOS, Android, Chrome OS and GlobalProtect UWP app are not affected.

Severity

5.9 (Medium)


                        
                          CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-426 - Untrusted Search Path

Assigner

palo_alto

References

1 reference

URL	Tags
https://security.paloaltonetworks.com/CVE-2026-0251	vendor-advisory

Impacted products

4 products

Vendor	Product	Version
Palo Alto Networks	GlobalProtect App	Affected: 6.3.0 , < 6.3.3-h9 (6.3.3-999) (custom) Affected: 6.2.0 , < 6.2.8-h10 (6.2.8-948) (custom) Affected: 6.0.0 , < 6.0.13 (custom) cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.12:::::Windows:: cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.11:::::Windows:: cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.10:::::Windows:: cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.8:::::Windows:: cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.7:::::Windows:: cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.6:::::Windows:: cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.5:::::Windows:: cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.4:::::Windows:: cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.3:::::Windows:: cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.2:::::Windows:: cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.1:::::Windows:: cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.0:::::Windows::
Palo Alto Networks	GlobalProtect App	Affected: 6.3.0 , < 6.3.3-h9 (6.3.3-999) (custom) Affected: 6.2.0 , < 6.2.8-h10 (6.2.8-948) (custom) Affected: 6.0.0 , < 6.0.13 (custom) cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.12:::::macOS:: cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.11:::::macOS:: cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.10:::::macOS:: cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.8:::::macOS:: cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.7:::::macOS:: cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.6:::::macOS:: cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.5:::::macOS:: cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.4:::::macOS:: cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.3:::::macOS:: cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.2:::::macOS:: cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.1:::::macOS:: cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.0:::::macOS::
Palo Alto Networks	GlobalProtect App	Affected: 6.3.0 , < 6.3.3-h2 (6.3.3-42) (custom) Affected: 6.0.0 , < 6.0.11 (custom) cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.12:::::Linux:: cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.11:::::Linux:: cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.10:::::Linux:: cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.8:::::Linux:: cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.7:::::Linux:: cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.6:::::Linux:: cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.5:::::Linux:: cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.4:::::Linux:: cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.3:::::Linux:: cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.2:::::Linux:: cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.1:::::Linux:: cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.0:::::Linux::
Palo Alto Networks	Global Protect App	Unaffected: All (custom)

Date Public

2026-05-13 16:00

Credits

Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-0251",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-13T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-14T03:56:34.668Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.12:*:*:*:*:Windows:*:*",
            "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.11:*:*:*:*:Windows:*:*",
            "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.10:*:*:*:*:Windows:*:*",
            "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.8:*:*:*:*:Windows:*:*",
            "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.7:*:*:*:*:Windows:*:*",
            "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.6:*:*:*:*:Windows:*:*",
            "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.5:*:*:*:*:Windows:*:*",
            "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.4:*:*:*:*:Windows:*:*",
            "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.3:*:*:*:*:Windows:*:*",
            "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.2:*:*:*:*:Windows:*:*",
            "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.1:*:*:*:*:Windows:*:*",
            "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.0:*:*:*:*:Windows:*:*"
          ],
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "GlobalProtect App",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "changes": [
                {
                  "at": "6.3.3-h9 (6.3.3-999)",
                  "status": "unaffected"
                }
              ],
              "lessThan": "6.3.3-h9 (6.3.3-999)",
              "status": "affected",
              "version": "6.3.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "6.2.8-h10 (6.2.8-948)",
                  "status": "unaffected"
                }
              ],
              "lessThan": "6.2.8-h10 (6.2.8-948)",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "6.0.13",
                  "status": "unaffected"
                }
              ],
              "lessThan": "6.0.13",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.12:*:*:*:*:macOS:*:*",
            "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.11:*:*:*:*:macOS:*:*",
            "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.10:*:*:*:*:macOS:*:*",
            "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.8:*:*:*:*:macOS:*:*",
            "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.7:*:*:*:*:macOS:*:*",
            "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.6:*:*:*:*:macOS:*:*",
            "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.5:*:*:*:*:macOS:*:*",
            "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.4:*:*:*:*:macOS:*:*",
            "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.3:*:*:*:*:macOS:*:*",
            "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.2:*:*:*:*:macOS:*:*",
            "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.1:*:*:*:*:macOS:*:*",
            "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.0:*:*:*:*:macOS:*:*"
          ],
          "defaultStatus": "unaffected",
          "platforms": [
            "macOS"
          ],
          "product": "GlobalProtect App",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "changes": [
                {
                  "at": "6.3.3-h9 (6.3.3-999)",
                  "status": "unaffected"
                }
              ],
              "lessThan": "6.3.3-h9 (6.3.3-999)",
              "status": "affected",
              "version": "6.3.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "6.2.8-h10 (6.2.8-948)",
                  "status": "unaffected"
                }
              ],
              "lessThan": "6.2.8-h10 (6.2.8-948)",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "6.0.13",
                  "status": "unaffected"
                }
              ],
              "lessThan": "6.0.13",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.12:*:*:*:*:Linux:*:*",
            "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.11:*:*:*:*:Linux:*:*",
            "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.10:*:*:*:*:Linux:*:*",
            "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.8:*:*:*:*:Linux:*:*",
            "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.7:*:*:*:*:Linux:*:*",
            "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.6:*:*:*:*:Linux:*:*",
            "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.5:*:*:*:*:Linux:*:*",
            "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.4:*:*:*:*:Linux:*:*",
            "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.3:*:*:*:*:Linux:*:*",
            "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.2:*:*:*:*:Linux:*:*",
            "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.1:*:*:*:*:Linux:*:*",
            "cpe:2.3:a:palo_alto_networks:globalprotect_app:6.0.0:*:*:*:*:Linux:*:*"
          ],
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux"
          ],
          "product": "GlobalProtect App",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "changes": [
                {
                  "at": "6.3.3-h2 (6.3.3-42)",
                  "status": "unaffected"
                }
              ],
              "lessThan": "6.3.3-h2 (6.3.3-42)",
              "status": "affected",
              "version": "6.3.0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "6.0.11",
                  "status": "unaffected"
                }
              ],
              "lessThan": "6.0.11",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Android",
            "ChromeOS",
            "iOS",
            "UWP"
          ],
          "product": "Global Protect App",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "All",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "eng",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eNo special configuration is required to be affected by this issue.\u003c/p\u003e"
            }
          ],
          "value": "No special configuration is required to be affected by this issue."
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:*:*:*:Windows:*:*",
                  "versionEndExcluding": "6.3.3-h9_(6.3.3-999)",
                  "versionStartIncluding": "6.3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:*:*:*:Windows:*:*",
                  "versionEndExcluding": "6.2.8-h10_(6.2.8-948)",
                  "versionStartIncluding": "6.2.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:*:*:*:Windows:*:*",
                  "versionEndExcluding": "6.0.13",
                  "versionStartIncluding": "6.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:*:*:*:macOS:*:*",
                  "versionEndExcluding": "6.3.3-h9_(6.3.3-999)",
                  "versionStartIncluding": "6.3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:*:*:*:macOS:*:*",
                  "versionEndExcluding": "6.2.8-h10_(6.2.8-948)",
                  "versionStartIncluding": "6.2.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:*:*:*:macOS:*:*",
                  "versionEndExcluding": "6.0.13",
                  "versionStartIncluding": "6.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:*:*:*:Linux:*:*",
                  "versionEndExcluding": "6.3.3-h2_(6.3.3-42)",
                  "versionStartIncluding": "6.3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:palo_alto_networks:globalprotect_app:*:*:*:*:*:Linux:*:*",
                  "versionEndExcluding": "6.0.11",
                  "versionStartIncluding": "6.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "other",
          "value": "Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue."
        }
      ],
      "datePublic": "2026-05-13T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eMultiple local privilege escalation vulnerabilities in the Palo Alto Networks GlobalProtect\u2122 app allow a local user to escalate their privileges to NT AUTHORITY\\SYSTEM on Windows and root on macOS and Linux. This enables a non-administrative user to execute arbitrary commands with administrative privileges.\u003cbr\u003e\u003cbr\u003eThe GlobalProtect app on iOS, Android, Chrome OS and GlobalProtect UWP app are not affected.\u003c/p\u003e"
            }
          ],
          "value": "Multiple local privilege escalation vulnerabilities in the Palo Alto Networks GlobalProtect\u2122 app allow a local user to escalate their privileges to NT AUTHORITY\\SYSTEM on Windows and root on macOS and Linux. This enables a non-administrative user to execute arbitrary commands with administrative privileges.\n\nThe GlobalProtect app on iOS, Android, Chrome OS and GlobalProtect UWP app are not affected."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003ePalo Alto Networks is not aware of any malicious exploitation of these issues.\u003c/p\u003e"
            }
          ],
          "value": "Palo Alto Networks is not aware of any malicious exploitation of these issues."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NO",
            "Recovery": "USER",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "UNREPORTED",
            "privilegesRequired": "LOW",
            "providerUrgency": "AMBER",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "DIFFUSE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-426",
              "description": "CWE-426 Untrusted Search Path",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-13T18:20:01.156Z",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2026-0251"
        }
      ],
      "solutions": [
        {
          "lang": "eng",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003ctable class=\"tbl\"\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003c/th\u003e\u003cth\u003eMinor Version\u003c/th\u003e\u003cth\u003eSuggested Solution\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App 6.0 on Windows\u003c/td\u003e\u003ctd\u003e6.0.0 through 6.0.12\u003c/td\u003e\u003ctd\u003eUpgrade to 6.0.13 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App 6.2 on Windows\u003c/td\u003e\u003ctd\u003e6.2.0 through 6.2.8-h9\u003c/td\u003e\u003ctd\u003eUpgrade to 6.2.8-h10 (6.2.8-948) or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App 6.3 on Windows\u003c/td\u003e\u003ctd\u003e6.3.0 through 6.3.3-h8\u003c/td\u003e\u003ctd\u003eUpgrade to 6.3.3-h9 (6.3.3-999) or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App 6.0 on macOS\u003c/td\u003e\u003ctd\u003e6.0.0 through 6.0.12\u003c/td\u003e\u003ctd\u003eUpgrade to 6.0.13 or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App 6.2 on macOS\u003c/td\u003e\u003ctd\u003e6.2.0 through 6.2.8-h9\u003c/td\u003e\u003ctd\u003eUpgrade to 6.2.8-h10 (6.2.8-948) or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App 6.3 on macOS\u003c/td\u003e\u003ctd\u003e6.3.0 through 6.3.3-h8\u003c/td\u003e\u003ctd\u003eUpgrade to 6.3.3-h9 (6.3.3-999) or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App 6.0 on Linux\u003c/td\u003e\u003ctd\u003e6.0.0 through 6.0.10\u003c/td\u003e\u003ctd\u003eUpgrade to 6.0.11 or later\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App 6.2 on Linux\u003c/td\u003e\u003ctd\u003e6.2.0 through 6.2.9\u003c/td\u003e\u003ctd\u003eUpgrade to 6.3.3-h2 (6.3.3-42) or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App 6.3 on Linux\u003c/td\u003e\u003ctd\u003e6.3.0 through 6.3.3-h1\u003c/td\u003e\u003ctd\u003eUpgrade to 6.3.3-h2 (6.3.3-42) or later.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App on Android\u003c/td\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App on Chrome OS\u003c/td\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App on iOS\u003c/td\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGlobalProtect App on UWP\u003c/td\u003e\u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
            }
          ],
          "value": "VERSION                            MINOR VERSION            SUGGESTED SOLUTION\nGlobalProtect App 6.0 on Windows   6.0.0 through 6.0.12     Upgrade to 6.0.13 or later.\nGlobalProtect App 6.2 on Windows   6.2.0 through 6.2.8-h9   Upgrade to 6.2.8-h10 (6.2.8-948) or later.\nGlobalProtect App 6.3 on Windows   6.3.0 through 6.3.3-h8   Upgrade to 6.3.3-h9 (6.3.3-999) or later.\nGlobalProtect App 6.0 on macOS     6.0.0 through 6.0.12     Upgrade to 6.0.13 or later.\nGlobalProtect App 6.2 on macOS     6.2.0 through 6.2.8-h9   Upgrade to 6.2.8-h10 (6.2.8-948) or later.\nGlobalProtect App 6.3 on macOS     6.3.0 through 6.3.3-h8   Upgrade to 6.3.3-h9 (6.3.3-999) or later.\nGlobalProtect App 6.0 on Linux     6.0.0 through 6.0.10     Upgrade to 6.0.11 or later\nGlobalProtect App 6.2 on Linux     6.2.0 through 6.2.9      Upgrade to 6.3.3-h2 (6.3.3-42) or later.\nGlobalProtect App 6.3 on Linux     6.3.0 through 6.3.3-h1   Upgrade to 6.3.3-h2 (6.3.3-42) or later.\nGlobalProtect App on Android                                No action needed.\nGlobalProtect App on Chrome OS                              No action needed.\nGlobalProtect App on iOS                                    No action needed.\nGlobalProtect App on UWP                                    No action needed."
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2026-05-13T16:00:00.000Z",
          "value": "Initial publication."
        }
      ],
      "title": "GlobalProtect App: Local Privilege Escalation Vulnerabilities",
      "workarounds": [
        {
          "lang": "eng",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eNo known workarounds exist for this issue.\u003c/p\u003e"
            }
          ],
          "value": "No known workarounds exist for this issue."
        }
      ],
      "x_affectedList": [
        "GlobalProtect App 6.0.12",
        "GlobalProtect App 6.0.11",
        "GlobalProtect App 6.0.10",
        "GlobalProtect App 6.0.8",
        "GlobalProtect App 6.0.7",
        "GlobalProtect App 6.0.6",
        "GlobalProtect App 6.0.5",
        "GlobalProtect App 6.0.4",
        "GlobalProtect App 6.0.3",
        "GlobalProtect App 6.0.2",
        "GlobalProtect App 6.0.1",
        "GlobalProtect App 6.0.0",
        "GlobalProtect App 6.0"
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2026-0251",
    "datePublished": "2026-05-13T18:20:01.156Z",
    "dateReserved": "2025-11-03T20:44:11.930Z",
    "dateUpdated": "2026-05-14T03:56:34.668Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-45351 (GCVE-0-2026-45351)

Vulnerability from cvelistv5 – Published: 2026-05-15 21:09 – Updated: 2026-05-18 19:39

Title

Open WebUI: Exposure of System Prompt to Regular User [Non-Admin]

Summary

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.9, when a regular user [non-admin] logs into the application, a http://IP:8080/api/models? web request is initiated by the application and in response, it reveals the system prompt of available models set by admin on models pages in workspace affecting the confidentiality of application. This vulnerability is fixed in 0.8.9.

Severity

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

SSVC

Exploitation: poc Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Assigner

GitHub_M

References

1 reference

URL	Tags
https://github.com/open-webui/open-webui/security…	x_refsource_CONFIRM

Impacted products

1 product

Vendor	Product	Version
open-webui	open-webui	Affected: < 0.8.9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-45351",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-18T19:39:16.167751Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-18T19:39:46.217Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/open-webui/open-webui/security/advisories/GHSA-jh9g-8jqw-m2qx"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "open-webui",
          "vendor": "open-webui",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.8.9"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.9, when a regular user [non-admin] logs into the application, a http://IP:8080/api/models? web request is initiated by the application and in response, it reveals the system prompt of available models set by admin on models pages in workspace affecting the confidentiality of application. This vulnerability is fixed in 0.8.9."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-15T21:09:41.689Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/open-webui/open-webui/security/advisories/GHSA-jh9g-8jqw-m2qx",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/open-webui/open-webui/security/advisories/GHSA-jh9g-8jqw-m2qx"
        }
      ],
      "source": {
        "advisory": "GHSA-jh9g-8jqw-m2qx",
        "discovery": "UNKNOWN"
      },
      "title": "Open WebUI: Exposure of System Prompt to Regular User [Non-Admin]"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-45351",
    "datePublished": "2026-05-15T21:09:41.689Z",
    "dateReserved": "2026-05-11T21:40:08.178Z",
    "dateUpdated": "2026-05-18T19:39:46.217Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-8509 (GCVE-0-2026-8509)

Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-15 03:56

Summary

Heap buffer overflow in WebML in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Critical)

Severity

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-122 - Heap buffer overflow

Assigner

Chrome

References

2 references

URL	Tags
https://chromereleases.googleblog.com/2026/05/sta…
https://issues.chromium.org/issues/493310462

Impacted products

1 product

Vendor	Product	Version
Google	Chrome	Affected: 148.0.7778.168 , < 148.0.7778.168 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-8509",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-14T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-15T03:56:36.011Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "148.0.7778.168",
              "status": "affected",
              "version": "148.0.7778.168",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap buffer overflow in WebML in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Critical)"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "Heap buffer overflow",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-14T19:52:09.937Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
        },
        {
          "url": "https://issues.chromium.org/issues/493310462"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2026-8509",
    "datePublished": "2026-05-14T19:52:09.937Z",
    "dateReserved": "2026-05-14T05:40:09.815Z",
    "dateUpdated": "2026-05-15T03:56:36.011Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-8510 (GCVE-0-2026-8510)

Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-15 03:57

Summary

Integer overflow in Skia in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-472 - Integer overflow

Assigner

Chrome

References

2 references

URL	Tags
https://chromereleases.googleblog.com/2026/05/sta…
https://issues.chromium.org/issues/502636904

Impacted products

1 product

Vendor	Product	Version
Google	Chrome	Affected: 148.0.7778.168 , < 148.0.7778.168 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-8510",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-14T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-15T03:57:26.849Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "148.0.7778.168",
              "status": "affected",
              "version": "148.0.7778.168",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in Skia in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-472",
              "description": "Integer overflow",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-14T19:52:10.435Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
        },
        {
          "url": "https://issues.chromium.org/issues/502636904"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2026-8510",
    "datePublished": "2026-05-14T19:52:10.435Z",
    "dateReserved": "2026-05-14T05:40:10.193Z",
    "dateUpdated": "2026-05-15T03:57:26.849Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-8511 (GCVE-0-2026-8511)

Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-15 03:56

Summary

Use after free in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Severity

9.6 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-416 - Use after free

Assigner

Chrome

References

2 references

URL	Tags
https://chromereleases.googleblog.com/2026/05/sta…
https://issues.chromium.org/issues/495108488

Impacted products

1 product

Vendor	Product	Version
Google	Chrome	Affected: 148.0.7778.168 , < 148.0.7778.168 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.6,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-8511",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-14T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-15T03:56:52.134Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "148.0.7778.168",
              "status": "affected",
              "version": "148.0.7778.168",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Use after free in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "Use after free",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-14T19:52:10.918Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
        },
        {
          "url": "https://issues.chromium.org/issues/495108488"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2026-8511",
    "datePublished": "2026-05-14T19:52:10.918Z",
    "dateReserved": "2026-05-14T05:40:10.520Z",
    "dateUpdated": "2026-05-15T03:56:52.134Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-8512 (GCVE-0-2026-8512)

Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-15 03:56

Summary

Use after free in FileSystem in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Severity

8.3 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-416 - Use after free

Assigner

Chrome

References

2 references

URL	Tags
https://chromereleases.googleblog.com/2026/05/sta…
https://issues.chromium.org/issues/495782021

Impacted products

1 product

Vendor	Product	Version
Google	Chrome	Affected: 148.0.7778.168 , < 148.0.7778.168 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.3,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-8512",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-14T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-15T03:56:53.683Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "148.0.7778.168",
              "status": "affected",
              "version": "148.0.7778.168",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Use after free in FileSystem in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "Use after free",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-14T19:52:11.336Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
        },
        {
          "url": "https://issues.chromium.org/issues/495782021"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2026-8512",
    "datePublished": "2026-05-14T19:52:11.336Z",
    "dateReserved": "2026-05-14T05:40:10.867Z",
    "dateUpdated": "2026-05-15T03:56:53.683Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-8513 (GCVE-0-2026-8513)

Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-15 03:56

Summary

Use after free in Input in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Severity

8.3 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-416 - Use after free

Assigner

Chrome

References

2 references

URL	Tags
https://chromereleases.googleblog.com/2026/05/sta…
https://issues.chromium.org/issues/495939973

Impacted products

1 product

Vendor	Product	Version
Google	Chrome	Affected: 148.0.7778.168 , < 148.0.7778.168 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.3,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-8513",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-14T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-15T03:56:55.205Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "148.0.7778.168",
              "status": "affected",
              "version": "148.0.7778.168",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Use after free in Input in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "Use after free",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-14T19:52:11.781Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
        },
        {
          "url": "https://issues.chromium.org/issues/495939973"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2026-8513",
    "datePublished": "2026-05-14T19:52:11.781Z",
    "dateReserved": "2026-05-14T05:40:11.173Z",
    "dateUpdated": "2026-05-15T03:56:55.205Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-8514 (GCVE-0-2026-8514)

Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-15 03:56

Summary

Use after free in Aura in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Severity

8.3 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-416 - Use after free

Assigner

Chrome

References

2 references

URL	Tags
https://chromereleases.googleblog.com/2026/05/sta…
https://issues.chromium.org/issues/495948109

Impacted products

1 product

Vendor	Product	Version
Google	Chrome	Affected: 148.0.7778.168 , < 148.0.7778.168 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.3,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-8514",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-14T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-15T03:56:56.749Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "148.0.7778.168",
              "status": "affected",
              "version": "148.0.7778.168",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Use after free in Aura in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "Use after free",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-14T19:52:12.496Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
        },
        {
          "url": "https://issues.chromium.org/issues/495948109"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2026-8514",
    "datePublished": "2026-05-14T19:52:12.496Z",
    "dateReserved": "2026-05-14T05:40:11.408Z",
    "dateUpdated": "2026-05-15T03:56:56.749Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-8515 (GCVE-0-2026-8515)

Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-15 03:56

Summary

Use after free in HID in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Severity

8.3 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-416 - Use after free

Assigner

Chrome

References

2 references

URL	Tags
https://chromereleases.googleblog.com/2026/05/sta…
https://issues.chromium.org/issues/495999127

Impacted products

1 product

Vendor	Product	Version
Google	Chrome	Affected: 148.0.7778.168 , < 148.0.7778.168 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.3,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-8515",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-14T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-15T03:56:58.251Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "148.0.7778.168",
              "status": "affected",
              "version": "148.0.7778.168",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Use after free in HID in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "Use after free",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-14T19:52:12.912Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
        },
        {
          "url": "https://issues.chromium.org/issues/495999127"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2026-8515",
    "datePublished": "2026-05-14T19:52:12.912Z",
    "dateReserved": "2026-05-14T05:40:11.666Z",
    "dateUpdated": "2026-05-15T03:56:58.251Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-8516 (GCVE-0-2026-8516)

Vulnerability from cvelistv5 – Published: 2026-05-14 19:52 – Updated: 2026-05-14 21:33

Summary

Insufficient validation of untrusted input in DataTransfer in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Critical)

Severity

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-20 - Insufficient validation of untrusted input

Assigner

Chrome

References

2 references

URL	Tags
https://chromereleases.googleblog.com/2026/05/sta…
https://issues.chromium.org/issues/496393078

Impacted products

1 product

Vendor	Product	Version
Google	Chrome	Affected: 148.0.7778.168 , < 148.0.7778.168 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-8516",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-14T21:33:32.762377Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-14T21:33:49.533Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "148.0.7778.168",
              "status": "affected",
              "version": "148.0.7778.168",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Insufficient validation of untrusted input in DataTransfer in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Critical)"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "Insufficient validation of untrusted input",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-14T19:52:13.261Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html"
        },
        {
          "url": "https://issues.chromium.org/issues/496393078"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2026-8516",
    "datePublished": "2026-05-14T19:52:13.261Z",
    "dateReserved": "2026-05-14T05:40:11.943Z",
    "dateUpdated": "2026-05-14T21:33:49.533Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2026-1542

CVE-2026-0251 (GCVE-0-2026-0251)

CVE-2026-45351 (GCVE-0-2026-45351)

CVE-2026-8509 (GCVE-0-2026-8509)

CVE-2026-8510 (GCVE-0-2026-8510)

CVE-2026-8511 (GCVE-0-2026-8511)

CVE-2026-8512 (GCVE-0-2026-8512)

CVE-2026-8513 (GCVE-0-2026-8513)

CVE-2026-8514 (GCVE-0-2026-8514)

CVE-2026-8515 (GCVE-0-2026-8515)

CVE-2026-8516 (GCVE-0-2026-8516)

Tags

Sightings

Nomenclature