newsThe portal itself — self-promo until real sponsors land
Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
25 results//sorted by published//last sync 2026-06-09 05:47Z
Subscribe to news →
CVE-2026-11256 — Integer: overflow in GPU in Google Chrome prior to 149.0.7827.53 allowed a remote attacker
Integer overflow in GPU in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low) CVSSv3.1 8.3 (HIGH)
8.3
CVSS v3.1
92
Edit Score
CVE-2026-11250 — Inappropriate: implementation in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker
Inappropriate implementation in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low) CVSSv3.1 9.6 (CRITICAL)
9.6
CVSS v3.1
98
Edit Score
CVE-2026-11248 — Inappropriate: implementation in Google Lens in Google Chrome prior to 149.0.7827.53 allowed a remote
Inappropriate implementation in Google Lens in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-11241 — Insufficient validation of untrusted input in Cast in Google Chrome prior to 149.0.7827.53 allowed
Insufficient validation of untrusted input in Cast in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low) CVSSv3.1 8.0 (HIGH)
8.0
CVSS v3.1
90
Edit Score
CVE-2026-48579 — Microsoft: Improper authorization in Microsoft Exchange Online allows an unauthorized attacker to disclose information over
Improper authorization in Microsoft Exchange Online allows an unauthorized attacker to disclose information over a network. CVSSv3.1 9.1 (CRITICAL)
9.1
CVSS v3.1
96
Edit Score
CVE-2026-48567 — Authentication: bypass by spoofing in Azure HorizonDB allows an unauthorized attacker to elevate privileges
Authentication bypass by spoofing in Azure HorizonDB allows an unauthorized attacker to elevate privileges over a network. CVSSv3.1 10.0 (CRITICAL)
10.0
CVSS v3.1
100
Edit Score
CVE-2026-11237 — Insufficient validation of untrusted input in Media in Google Chrome prior to 149.0.7827.53 allowed
Insufficient validation of untrusted input in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) CVSSv3.1 8.3 (HIGH)
8.3
CVSS v3.1
92
Edit Score
CVE-2026-11236 — Web: Insufficient policy enforcement in Web Bluetooth in Google Chrome prior to 149.0.7827.53 allowed a
Insufficient policy enforcement in Web Bluetooth in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low) CVSSv3.1 8.3 (HIGH)
8.3
CVSS v3.1
92
Edit Score
CVE-2026-11235 — Compositing: Insufficient policy enforcement in Compositing in Google Chrome prior to 149.0.7827.53 allowed a remote
Insufficient policy enforcement in Compositing in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low) CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-11231 — Inappropriate: implementation in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.53 allowed
Inappropriate implementation in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a malicious file. (Chromium security severity: Low) CVSSv3.1 8.1 (HIGH)
8.1
CVSS v3.1
91
Edit Score
CVE-2026-11230 — Use: after free in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote
Use after free in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low) CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-11224 — Use: after free in Chromoting in Google Chrome on Linux prior to 149.0.7827.53 allowed
Use after free in Chromoting in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Low) CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-11218 — Inappropriate: implementation in PlatformIntegration in Google Chrome on Windows prior to 149.0.7827.53 allowed a
Inappropriate implementation in PlatformIntegration in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a malicious file. (Chromium security severity: Low) CVSSv3.1 8.1 (HIGH)
8.1
CVSS v3.1
91
Edit Score
CVE-2026-11213 — Insufficient validation of untrusted input in Reading Mode in Google Chrome prior to 149.0.7827.53
Insufficient validation of untrusted input in Reading Mode in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) CVSSv3.1 9.6 (CRITICAL)
9.6
CVSS v3.1
98
Edit Score
CVE-2026-11211 — Integer: overflow in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker
Integer overflow in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) CVSSv3.1 8.8 (HIGH) · EPSS 12th percentile
8.8
CVSS v3.1
94
Edit Score
CVE-2026-11207 — Insufficient validation of untrusted input in Autofill in Google Chrome prior to 149.0.7827.53 allowed
Insufficient validation of untrusted input in Autofill in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via malicious network traffic. (Chromium security severity: Medium) CVSSv3.1 9.6 (CRITICAL)
9.6
CVSS v3.1
98
Edit Score
CVE-2026-11202 — Inappropriate: implementation in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53
Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-11201 — Use: after free in ServiceWorker in Google Chrome prior to 149.0.7827.53 allowed an attacker
Use after free in ServiceWorker in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Medium) CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-11198 — Insufficient validation of untrusted input in Codecs in Google Chrome prior to 149.0.7827.53 allowed
Insufficient validation of untrusted input in Codecs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. (Chromium security severity: Medium) CVSSv3.1 9.6 (CRITICAL)
9.6
CVSS v3.1
98
Edit Score
CVE-2026-11191 — Out: of bounds memory access in ANGLE in Google Chrome prior to 149.0.7827.53 allowed
Out of bounds memory access in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-11188 — Use: after free in USB in Google Chrome on Android prior to 149.0.7827.53 allowed
Use after free in USB in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-11185 — Use: after free in V8 in Google Chrome prior to 149.0.7827.53 allowed an attacker
Use after free in V8 in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code inside a sandbox via a crafted Chrome Extension. (Chromium security severity: Medium) CVSSv3.1 8.1 (HIGH)
8.1
CVSS v3.1
91
Edit Score
CVE-2026-11179 — Inappropriate: implementation in ORB in Google Chrome prior to 149.0.7827.53 allowed a remote attacker
Inappropriate implementation in ORB in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium) CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-11177 — Use: after free in Omnibox in Google Chrome prior to 149.0.7827.53 allowed a remote
Use after free in Omnibox in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-11175 — Incorrect: security UI in Messages in Google Chrome on Android prior to 149.0.7827.53 allowed
Incorrect security UI in Messages in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score