Skip to content
Threat Feed
Subscribe

Tag

Chromium

12 briefs RSS
critical advisory

Crawl4AI Unauthenticated RCE via Chromium Launch-Argument Injection

An attacker can achieve unauthenticated remote code execution (RCE) in Crawl4AI Docker deployments by injecting malicious Chromium launch arguments, such as `--utility-cmd-prefix` and `--no-zygote`, into the `browser_config.extra_args` field of the API request, allowing for arbitrary command execution as the container's runtime user.

crawl4ai RCE web-vulnerability Chromium container Docker Linux
3r 2t
high advisory

CVE-2026-7928 Use-After-Free Vulnerability in WebRTC

CVE-2026-7928 is a use-after-free vulnerability in the WebRTC component of Chromium, affecting Google Chrome and Microsoft Edge (Chromium-based) and potentially allowing for arbitrary code execution.

Edge +1 use-after-free webrtc chromium cve remote-code-execution
2r 4t 1c
high advisory

Chromium Type Confusion Vulnerability in Accessibility (CVE-2026-7914)

CVE-2026-7914 is a type confusion vulnerability in the Accessibility component of Chromium, also affecting Microsoft Edge.

Chrome +1 cve-2026-7914 type confusion chromium
2r 2t 1c
high advisory

Chromium CVE-2026-7906 Use-After-Free in SVG

CVE-2026-7906 is a use-after-free vulnerability in the SVG component of Chromium, also affecting Microsoft Edge.

Chrome +1 chromium use-after-free svg cve-2026-7906
2r 1c
high advisory

Chromium Use-After-Free Vulnerability in ANGLE (CVE-2026-7359)

A use-after-free vulnerability in the ANGLE graphics engine within Chromium (CVE-2026-7359) allows for potential exploitation in Google Chrome and Microsoft Edge.

Chrome +1 use-after-free chromium edge cve-2026-7359
2r 1c
high advisory

Chromium Use-After-Free Vulnerability in Media Component (CVE-2026-7355)

CVE-2026-7355 is a use-after-free vulnerability in the Media component of Chromium, affecting Google Chrome and Microsoft Edge, potentially allowing for arbitrary code execution.

Chrome +1 use-after-free chromium cve-2026-7355 browser
2r 1t 1c
critical advisory

Chromium Use-After-Free Vulnerability in GPU Component (CVE-2026-7357)

CVE-2026-7357 is a use-after-free vulnerability in the GPU component of Chromium that also affects Microsoft Edge, potentially leading to arbitrary code execution.

Chrome +1 use-after-free chromium edge
2r 1t 1c
critical threat

Chromium Use-After-Free Vulnerability in GPU Component (CVE-2026-7333)

CVE-2026-7333 is a use-after-free vulnerability in the GPU component of Chromium, affecting Google Chrome and Microsoft Edge, potentially leading to arbitrary code execution.

Chrome +1 use-after-free chromium gpu cve-2026-7333 remote code execution
2r 1c
high advisory

Chromium Use-After-Free Vulnerability in Cast (CVE-2026-7349)

CVE-2026-7349 is a use-after-free vulnerability in the Cast component of Chromium, affecting Google Chrome and Microsoft Edge.

Chrome +1 use-after-free browser chromium
2r 1t 1c
critical advisory

Chromium Heap Buffer Overflow Vulnerability (CVE-2026-7353)

CVE-2026-7353 is a heap buffer overflow vulnerability in the Skia graphics library used by Chromium, affecting both Google Chrome and Microsoft Edge.

Chrome +1 heap overflow chromium cve-2026-7353
2r 2t 1c
high advisory

Gotenberg Chromium Deny-List Bypass via Case-Insensitive URL Scheme

Gotenberg versions before 8.29.0 are vulnerable to unauthenticated arbitrary file read, where a case-insensitive URL scheme bypasses the Chromium deny-list, allowing attackers to read sensitive files such as /etc/passwd by using mixed-case or uppercase URL schemes like FILE:///etc/passwd, leading to the leakage of sensitive data from the Gotenberg container and bypassing the fix for CVE-2024-21527.

gotenberg file-read vulnerability chromium
2r 1t
high advisory

CVE-2026-7337 Type Confusion Vulnerability in Chromium V8 Engine

CVE-2026-7337 is a type confusion vulnerability in the V8 JavaScript engine that affects Google Chrome and Microsoft Edge (Chromium-based).

Chrome +1 type confusion v8 engine chromium cve-2026-7337
2r 1t 1c