By weakness (CWE)
CWE-358: related vulnerabilities
CVEs classified under CWE-358. Understanding the weakness class helps prioritize systemic fixes over one-off patches.
2 published vulnerabilities
- CVE-2026-11127MEDIUM 6.5
Google Chrome on Android contains a flaw in how it handles WebAPKs—web applications packaged as native Android apps—that could allow an attacker to trick users into believing they're visiting a legitimate website when they're actually on a spoofed domain. An attacker would need to craft a malicious WebAPK and get a user to install it, but once active, the spoofing could occur without additional user interaction beyond normal app use. This affects Chrome versions before 149.0.7827.53 on Android.
- CVE-2026-11122MEDIUM 6.1
Google Chrome versions before 149.0.7827.53 contain a flaw in how the keyboard input handler processes certain HTML page elements. An attacker can craft a malicious webpage that, when visited by an unsuspecting user, injects arbitrary scripts or HTML content that executes in a security context where it shouldn't be allowed—a technique called Uniform Cross-Site Scripting (UXSS). This bypasses the browser's same-origin policy protections that normally prevent cross-domain attacks. The vulnerability requires user interaction (clicking or viewing the page) but affects all major platforms where Chrome runs.