CVE-2026-1021
published 2026-01-16CVE-2026-1021: Police Statistics Database System developed by Gotac has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attacker to upload and execute…
PriorityP273critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.64%
45.9th percentile
Police Statistics Database System developed by Gotac has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attacker to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gotac | police_statistics_database_system | <= 1.0.2 | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.09.3CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vendor_redhat8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Jupyter Server: Stored XSS in `NbconvertFileHandler` / `NbconvertPostHandler` via missing `sandbox` CSP
ghsa·2026-06-18
CVE-2026-44727 [CRITICAL] CWE-1021 Jupyter Server: Stored XSS in `NbconvertFileHandler` / `NbconvertPostHandler` via missing `sandbox` CSP
Jupyter Server: Stored XSS in `NbconvertFileHandler` / `NbconvertPostHandler` via missing `sandbox` CSP
The nbconvert HTTP handlers in jupyter_server render user-authored notebook HTML under the Jupyter origin without a sandbox directive in their `Content-Security-Policy`.
Combined with `nbconvert.HTMLExporter`'s default non-sanitizing behavior, a notebook carrying an HTML payload in a display_data output triggers stored XSS with cookie access, full /api/* authority, and kernel RCE.
### Impact
An authenticated victim who navigates to `/nbconvert/html/` containing attacker-authored output can have their token exfiltrated to another domain because it is executed in the Jupyter origin.
### Patches
Fixed in v2.20.0, commit [6cbee8d](https://github.com/jupyter-server/jupyter_server/commit
GHSA
XWiki vulnerable to click-jacking through CSS injection in comments
ghsa·2026-02-12
CVE-2026-26000 [MEDIUM] CWE-1021 XWiki vulnerable to click-jacking through CSS injection in comments
XWiki vulnerable to click-jacking through CSS injection in comments
### Impact
It's possible using comments to inject CSS that would transform the full wiki in a link area leading to a malicious page. All versions of XWiki are impacted by this kind of attack.
### Patches
The problem has been patched not by preventing injecting CSS in comments, which is currently a feature of XWiki, but by requiring confirmation from users when driving them to untrusted domains after clicking on a link, thus preventing any click-jacking attack.
This security measure has been put in place in XWiki 17.9.0, 17.4.6, 16.10.13.
### Workarounds
There's no out-of-the-box workaround, but it should be possible to partly reuse [the javascript code provided for the security measure](https://github.com/xwiki/xwiki
GHSA
GHSA-v9cc-297r-8m53: Police Statistics Database System developed by Gotac has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attacker to upload an
ghsa_unreviewed·2026-01-16
CVE-2026-1021 [CRITICAL] CWE-434 GHSA-v9cc-297r-8m53: Police Statistics Database System developed by Gotac has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attacker to upload an
Police Statistics Database System developed by Gotac has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attacker to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.
Red Hat
firefox: thunderbird: Clickjacking issue in the Widget: Gtk component
vendor_redhat·2026-06-16·CVSS 5.4
CVE-2026-12322 [MEDIUM] CWE-1021 firefox: thunderbird: Clickjacking issue in the Widget: Gtk component
firefox: thunderbird: Clickjacking issue in the Widget: Gtk component
Clickjacking issue in the Widget: Gtk component. This vulnerability was fixed in Firefox 152 and Thunderbird 152.
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue:
Clickjacking issue in the Widget: Gtk component
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.
Package: firefox (Red Hat Enterprise Linux 10) - Not affected
Package: rhel10/firefox-flatpak (Red Hat Enterprise Linux 10) - Not affected
Package: rhel10/thunderbird-flatpak (Red Hat Enterprise Linux 10) - Not affected
Package: thunderbird (Red Hat Enterprise Linux 10) - Not affected
Package: firefox (Red Hat En
Red Hat
firefox: thunderbird: Spoofing issue in the DOM: Core & HTML component
vendor_redhat·2026-06-16·CVSS 5.4
CVE-2026-12323 [MEDIUM] CWE-1021 firefox: thunderbird: Spoofing issue in the DOM: Core & HTML component
firefox: thunderbird: Spoofing issue in the DOM: Core & HTML component
Spoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 152 and Thunderbird 152.
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue:
Spoofing issue in the DOM: Core & HTML component
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.
Package: firefox (Red Hat Enterprise Linux 10) - Not affected
Package: rhel10/firefox-flatpak (Red Hat Enterprise Linux 10) - Not affected
Package: rhel10/thunderbird-flatpak (Red Hat Enterprise Linux 10) - Not affected
Package: thunderbird (Red Hat Enterprise Linux 10) - Not affected
Package: firefox (Red Hat
Red Hat
chromium-browser: Insufficient validation of untrusted input in Guest View
vendor_redhat·2026-06-08·CVSS 5.4
CVE-2026-11701 [MEDIUM] CWE-1021 chromium-browser: Insufficient validation of untrusted input in Guest View
chromium-browser: Insufficient validation of untrusted input in Guest View
Inappropriate implementation in Guest View in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
An insufficient validation of untrusted input flaw was found in the Guest View component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=516413817
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Red Hat
chromium-browser: Insufficient policy enforcement in Extensions
vendor_redhat·2026-06-02·CVSS 6.5
CVE-2026-11026 [MEDIUM] CWE-1021 chromium-browser: Insufficient policy enforcement in Extensions
chromium-browser: Insufficient policy enforcement in Extensions
Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium)
An insufficient policy enforcement flaw was found in the Extensions component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=497599683
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Red Hat
chromium-browser: Inappropriate implementation in TabGroups
vendor_redhat·2026-06-02·CVSS 5.4
CVE-2026-11232 [MEDIUM] CWE-1021 chromium-browser: Inappropriate implementation in TabGroups
chromium-browser: Inappropriate implementation in TabGroups
Inappropriate implementation in TabGroups in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via malicious network traffic. (Chromium security severity: Low)
An inappropriate implementation flaw was found in the TabGroups component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=495981782
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Red Hat
chromium-browser: Inappropriate implementation in Accessibility
vendor_redhat·2026-06-02·CVSS 5.4
CVE-2026-10984 [MEDIUM] CWE-1021 chromium-browser: Inappropriate implementation in Accessibility
chromium-browser: Inappropriate implementation in Accessibility
Inappropriate implementation in Accessibility in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High)
An inappropriate implementation flaw was found in the Accessibility component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=514022635
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Red Hat
chromium-browser: Insufficient validation of untrusted input in Password Manager
vendor_redhat·2026-06-02·CVSS 4.3
CVE-2026-11192 [MEDIUM] CWE-1021 chromium-browser: Insufficient validation of untrusted input in Password Manager
chromium-browser: Insufficient validation of untrusted input in Password Manager
Insufficient validation of untrusted input in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via malicious network traffic. (Chromium security severity: Medium)
An insufficient validation of untrusted input flaw was found in the Password Manager component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=503490678
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Red Hat
chromium-browser: Inappropriate implementation in Payments
vendor_redhat·2026-06-02·CVSS 5.6
CVE-2026-11019 [MEDIUM] CWE-1021 chromium-browser: Inappropriate implementation in Payments
chromium-browser: Inappropriate implementation in Payments
Inappropriate implementation in Payments in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)
An inappropriate implementation flaw was found in the Payments component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=497344640
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Red Hat
chromium-browser: Inappropriate implementation in MHTML
vendor_redhat·2026-06-02·CVSS 6.5
CVE-2026-11195 [MEDIUM] CWE-1021 chromium-browser: Inappropriate implementation in MHTML
chromium-browser: Inappropriate implementation in MHTML
Inappropriate implementation in MHTML in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
An inappropriate implementation flaw was found in the MHTML component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=503865896
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Red Hat
chromium-browser: Inappropriate implementation in Downloads
vendor_redhat·2026-06-02·CVSS 4.3
CVE-2026-11107 [MEDIUM] CWE-1021 chromium-browser: Inappropriate implementation in Downloads
chromium-browser: Inappropriate implementation in Downloads
Inappropriate implementation in Downloads in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
An inappropriate implementation flaw was found in the Downloads component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=500510384
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Red Hat
chromium-browser: Incorrect security UI in Tab Hover Cards
vendor_redhat·2026-06-02·CVSS 6.5
CVE-2026-11227 [MEDIUM] CWE-1021 chromium-browser: Incorrect security UI in Tab Hover Cards
chromium-browser: Incorrect security UI in Tab Hover Cards
Incorrect security UI in Tab Hover Cards in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Low)
An incorrect security ui flaw was found in the Tab Hover Cards component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=448421954
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Red Hat
chromium-browser: Inappropriate implementation in Passwords
vendor_redhat·2026-06-02·CVSS 4.3
CVE-2026-11294 [MEDIUM] CWE-1021 chromium-browser: Inappropriate implementation in Passwords
chromium-browser: Inappropriate implementation in Passwords
Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
An inappropriate implementation flaw was found in the Passwords component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=502403953
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Red Hat
chromium-browser: Incorrect security UI in File Input
vendor_redhat·2026-06-02·CVSS 4.3
CVE-2026-11216 [MEDIUM] CWE-1021 chromium-browser: Incorrect security UI in File Input
chromium-browser: Incorrect security UI in File Input
Incorrect security UI in File Input in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
An incorrect security ui flaw was found in the File Input component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=474583539
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Red Hat
chromium-browser: Insufficient policy enforcement in Glic
vendor_redhat·2026-06-02·CVSS 6.3
CVE-2026-11187 [MEDIUM] CWE-1021 chromium-browser: Insufficient policy enforcement in Glic
chromium-browser: Insufficient policy enforcement in Glic
Inappropriate implementation in Glic in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
An insufficient policy enforcement flaw was found in the Glic component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=502819675
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Red Hat
chromium-browser: Incorrect security UI in Payments
vendor_redhat·2026-06-02·CVSS 6.5
CVE-2026-11001 [MEDIUM] CWE-1021 chromium-browser: Incorrect security UI in Payments
chromium-browser: Incorrect security UI in Payments
Inappropriate implementation in Payments in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
An incorrect security ui flaw was found in the Payments component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=493691489
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Red Hat
chromium-browser: Insufficient policy enforcement in Page Info
vendor_redhat·2026-06-02·CVSS 6.5
CVE-2026-11275 [MEDIUM] CWE-1021 chromium-browser: Insufficient policy enforcement in Page Info
chromium-browser: Insufficient policy enforcement in Page Info
Inappropriate implementation in Page Info in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)
An insufficient policy enforcement flaw was found in the Page Info component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=501763121
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Red Hat
chromium-browser: Policy bypass in Google Lens
vendor_redhat·2026-06-02·CVSS 8.8
CVE-2026-11248 [HIGH] CWE-1021 chromium-browser: Policy bypass in Google Lens
chromium-browser: Policy bypass in Google Lens
Inappropriate implementation in Google Lens in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)
A policy bypass flaw was found in the Google Lens component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=497946941
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Red Hat
chromium-browser: Inappropriate implementation in Link Preview
vendor_redhat·2026-06-02·CVSS 5.4
CVE-2026-11017 [MEDIUM] CWE-1021 chromium-browser: Inappropriate implementation in Link Preview
chromium-browser: Inappropriate implementation in Link Preview
Inappropriate implementation in Link Preview in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
An inappropriate implementation flaw was found in the Link Preview component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=497336872
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Red Hat
kernel: usb: usblp: fix heap leak in IEEE 1284 device ID via short response
vendor_redhat·2026-05-28·CVSS 5.5
CVE-2026-46151 [MEDIUM] CWE-824 kernel: usb: usblp: fix heap leak in IEEE 1284 device ID via short response
kernel: usb: usblp: fix heap leak in IEEE 1284 device ID via short response
A flaw was found in the Linux kernel's USB printer (usblp) driver. A malicious USB printer can exploit a heap leak vulnerability by sending a truncated device ID response. This can lead to the disclosure of up to 1021 bytes of uninitialized kernel memory, potentially exposing sensitive information to an attacker.
Package: kernel (Red Hat Enterprise Linux 10) - Fix deferred
Package: kernel (Red Hat Enterprise Linux 6) - Out of support scope
Package: kernel (Red Hat Enterprise Linux 7) - Fix deferred
Package: kernel-rt (Red Hat Enterprise Linux 7) - Fix deferred
Package: kernel (Red Hat Enterprise Linux 8) - Fix deferred
Package: kernel-rt (Red Hat Enterprise Linux 8) - Fix deferred
Package: kernel (Red Hat E
Red Hat
chromium-browser: chromium-browser: Inappropriate implementation in Downloads
vendor_redhat·2026-05-14·CVSS 4.7
CVE-2026-8565 [MEDIUM] CWE-1021 chromium-browser: chromium-browser: Inappropriate implementation in Downloads
chromium-browser: chromium-browser: Inappropriate implementation in Downloads
An inappropriate implementation flaw was found in the Downloads component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=442860473
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Red Hat
chromium-browser: chromium-browser: Incorrect security UI in Downloads
vendor_redhat·2026-05-14·CVSS 4.2
CVE-2026-8564 [MEDIUM] CWE-1021 chromium-browser: chromium-browser: Incorrect security UI in Downloads
chromium-browser: chromium-browser: Incorrect security UI in Downloads
An incorrect security ui flaw was found in the Downloads component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=418273622
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Red Hat
chromium-browser: chromium-browser: Incorrect security UI in Fullscreen
vendor_redhat·2026-05-14·CVSS 5.4
CVE-2026-8561 [MEDIUM] CWE-1021 chromium-browser: chromium-browser: Incorrect security UI in Fullscreen
chromium-browser: chromium-browser: Incorrect security UI in Fullscreen
An incorrect security ui flaw was found in the Fullscreen component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=343352552
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Red Hat
chromium-browser: Insufficient policy enforcement in WebApp
vendor_redhat·2026-05-05·CVSS 5.4
CVE-2026-8019 [MEDIUM] CWE-1021 chromium-browser: Insufficient policy enforcement in WebApp
chromium-browser: Insufficient policy enforcement in WebApp
An insufficient policy enforcement flaw was found in the WebApp component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=498353173
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Red Hat
chromium-browser: Inappropriate implementation in DevTools
vendor_redhat·2026-05-05·CVSS 5.4
CVE-2026-8008 [MEDIUM] CWE-1021 chromium-browser: Inappropriate implementation in DevTools
chromium-browser: Inappropriate implementation in DevTools
An inappropriate implementation flaw was found in the DevTools component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=496426191
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Red Hat
chromium-browser: Inappropriate implementation in Cast
vendor_redhat·2026-05-05·CVSS 5.0
CVE-2026-8009 [MEDIUM] CWE-1021 chromium-browser: Inappropriate implementation in Cast
chromium-browser: Inappropriate implementation in Cast
An inappropriate implementation flaw was found in the Cast component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=496555077
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
GitLab
Improper Restriction of Rendered UI Layers or Frames in GitLab
vendor_gitlab·2026-04-22·CVSS 3.5
CVE-2026-3254 [LOW] CWE-1021 Improper Restriction of Rendered UI Layers or Frames in GitLab
Improper Restriction of Rendered UI Layers or Frames in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user to load unauthorized content into another user's browser due to improper input validation in the Mermaid sandbox.
Affected products: GitLab
Affected versions: >=18.11, <18.11.1 (affected)
Solution: Upgrade to version 18.11.1 or above.
Credit: Thanks [joaxcar](https://hackerone.com/joaxcar) for reporting this vulnerability through our HackerOne bug bounty program
Red Hat
chromium-browser: Incorrect security UI in Blink
vendor_redhat·2026-04-07·CVSS 4.3
CVE-2026-5878 [MEDIUM] CWE-1021 chromium-browser: Incorrect security UI in Blink
chromium-browser: Incorrect security UI in Blink
An incorrect security ui flaw was found in the Blink component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=365089001
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Red Hat
chromium-browser: Policy bypass in Blink
vendor_redhat·2026-04-07·CVSS 4.3
CVE-2026-5875 [MEDIUM] CWE-1021 chromium-browser: Policy bypass in Blink
chromium-browser: Policy bypass in Blink
A policy bypass flaw was found in the Blink component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=430198264
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Red Hat
chromium-browser: Incorrect security UI in Permissions
vendor_redhat·2026-04-07·CVSS 6.5
CVE-2026-5905 [MEDIUM] CWE-1021 chromium-browser: Incorrect security UI in Permissions
chromium-browser: Incorrect security UI in Permissions
An incorrect security ui flaw was found in the Permissions component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=483899628
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Red Hat
chromium-browser: Insufficient policy enforcement in browser UI
vendor_redhat·2026-04-07·CVSS 4.3
CVE-2026-5891 [MEDIUM] CWE-1021 chromium-browser: Insufficient policy enforcement in browser UI
chromium-browser: Insufficient policy enforcement in browser UI
An insufficient policy enforcement flaw was found in the browser UI component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=487471101
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-01-16
Published