CVE-2026-9907

4.3 MEDIUM

Out of bounds read in Dawn in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a ...

Published: 2026-05-28 · Last updated: 2026-06-01

Severity and scoring

CVSS: 4.3 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CWE: CWE-125

Affected products

Vendor	Product
google	chrome

Description

Out of bounds read in Dawn in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

Source: NVD

References

Related CVEs

Same vendor

CVE-2026-12035 — Use after free in Views in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corrupt... (8.8 HIGH)
CVE-2026-12034 — Insufficient validation of untrusted input in Linux Toolkit Theming in Google Chrome on Linux prior to 149.0.7827.115 allowed a remote at... (8.3 HIGH)
CVE-2026-12033 — Out of bounds read in VideoCapture in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the GPU process... (5.3 MEDIUM)
CVE-2026-12032 — Inappropriate implementation in Passwords in Google Chrome on Android prior to 149.0.7827.115 allowed a remote attacker who had compromis... (3.1 LOW)
CVE-2026-12031 — Inappropriate implementation in Views in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker who had compromised t... (8.3 HIGH)

Same CWE

CVE-2026-1765 — A flaw was found in the `tracker-extract-mp3` component of GNOME localsearch (previously known as tracker-miners) (5.6 MEDIUM)
CVE-2026-1764 — A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor (5.6 MEDIUM)
CVE-2026-12087 — Socket versions before 2.041 for Perl have an out-of-bounds heap read
CVE-2026-53704 — A flaw was found in GStreamer's RealMedia demuxer in the gst-plugins-ugly package (7.1 HIGH)
CVE-2026-53703 — A vulnerability was found in the GStreamer RealMedia demuxer (gst-plugins-ugly) (7.1 HIGH)