By weakness (CWE)

CWE-474: related vulnerabilities

CVEs classified under CWE-474. Understanding the weakness class helps prioritize systemic fixes over one-off patches.

2 published vulnerabilities

  • CVE-2026-11102HIGH 8.8

    Google Chrome versions before 149.0.7827.53 contain a flaw in how Isolated Web Apps are implemented that could allow an attacker to run malicious code inside Chrome's sandbox. The vulnerability requires user interaction—such as opening a malicious file—but does not require any special privileges. Once triggered, an attacker gains the ability to read sensitive data, modify information, or disrupt availability within the sandbox context.

  • CVE-2026-11097MEDIUM 6.5

    Google Chrome on Android contains a flaw in how its WebView component handles cross-origin requests, allowing an attacker to trick users into visiting a malicious webpage that leaks sensitive data from other websites the user is logged into. The vulnerability requires user interaction (clicking a link or visiting a page) but does not require the user to be an administrator or to bypass additional security measures. This affects Chrome versions before 149.0.7827.53.