By weakness (CWE)
CWE-843: related vulnerabilities
CVEs classified under CWE-843. Understanding the weakness class helps prioritize systemic fixes over one-off patches.
7 published vulnerabilities
- CVE-2026-10910HIGH 8.8
Google Chrome contains a type confusion vulnerability in its V8 JavaScript engine that allows an attacker to execute arbitrary code within the browser's sandbox by sending a specially crafted HTML page to a user. The vulnerability requires user interaction (clicking a link or visiting a malicious site) but no special privileges. Once exploited, an attacker gains the ability to run code inside the sandbox, potentially leading to data theft, credential capture, or lateral movement to the underlying system.
- CVE-2026-10935HIGH 8.8
A type confusion vulnerability in Google Chrome's V8 JavaScript engine allows attackers to execute arbitrary code within the browser's sandbox by tricking users into visiting a malicious website. The vulnerability affects Chrome versions prior to 149.0.7827.53 and requires user interaction (clicking a link or visiting a page). While the code executes within the sandbox, successful exploitation could allow attackers to read, modify, or delete user data accessible to the browser.
- CVE-2026-10936HIGH 8.8
A type confusion flaw in Chrome's V8 JavaScript engine allows attackers to execute arbitrary code within the browser's sandbox by tricking users into viewing a specially crafted webpage. The vulnerability requires user interaction (clicking a link or visiting a site) but no authentication or special privileges. Successful exploitation could give an attacker the ability to run malicious code with the same permissions as the Chrome process.
- CVE-2026-10955HIGH 8.8
A type confusion vulnerability exists in ANGLE, the graphics abstraction layer used by Google Chrome on Windows. An attacker can craft a malicious web page that, when visited by a user, exploits this flaw to access memory outside intended boundaries. This could lead to information disclosure, data corruption, or system crashes. The vulnerability requires user interaction (visiting a malicious page) but needs no special privileges to trigger.
- CVE-2026-10962HIGH 8.8
A type confusion vulnerability in Google Chrome's media handling allows attackers to execute malicious code within the browser's sandbox through a specially crafted webpage. The vulnerability requires user interaction (visiting a malicious page) but poses significant risk because it bypasses browser security boundaries. Chrome versions prior to 149.0.7827.53 are affected across Windows, macOS, and Linux platforms.
- CVE-2026-10022HIGH 7.5
A type confusion flaw in Google Chrome's V8 JavaScript engine (CVE-2026-10022) allows attackers to execute arbitrary code within the browser sandbox if they can trick a user into installing a malicious Chrome extension. The vulnerability affects Chrome versions before 148.0.7778.216 and impacts Windows, macOS, and Linux systems. While the underlying Chromium severity is rated Medium by Google, the CVSS v3.1 score of 7.5 reflects the practical risk: an attacker gaining code execution inside the Chrome sandbox can read sensitive data, modify browser state, or escalate privileges. The attack requires social engineering to distribute the malicious extension, which limits opportunistic exploitation but remains a credible threat in targeted campaigns.
- CVE-2026-10702MEDIUM 4.3
A flaw in Firefox's JavaScript Just-In-Time (JIT) compiler can cause it to miscompile code in certain circumstances. When a user visits a malicious website, the affected browser may crash or become unstable due to incorrect code generation during compilation. This is not a memory corruption issue and does not allow attackers to steal data or take control of the system, but it does impact availability and user experience.