NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
Assigner(CNA/発行元):[email protected] この条件を外す
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2025-34092 | Rejected reason: Neither filed by Chrome nor a valid security vulnerability. | 該当なし | 0.00% | 2025-07-02 | 2025-07-24 |
| CVE-2025-34090 | Rejected reason: Neither filed by Chrome nor a valid security vulnerability. | 該当なし | 0.00% | 2025-07-02 | 2025-07-24 |
| CVE-2025-34091 | Rejected reason: Neither filed by Chrome nor a valid security vulnerability. | 該当なし | 0.00% | 2025-07-02 | 2025-07-24 |
| CVE-2022-1480 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none | 該当なし | 0.04% | 2022-10-03 | 2023-11-06 |
| CVE-2026-8003 | Insufficient validation of untrusted input in TabGroups in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via malicious network traffic. (Chromium security severity: Low) | 5.4 | 0.05% | 2026-05-06 | 2026-06-17 |
| CVE-2024-13983 | Inappropriate implementation in Lens in Google Chrome on iOS prior to 136.0.7103.59 allowed a remote attacker to perform UI spoofing via a crafted QR code. (Chromium security severity: Low) | 6.3 | 0.05% | 2025-11-13 | 2026-06-17 |
| CVE-2025-12906 | Inappropriate implementation in Permissions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | 5.4 | 0.05% | 2025-11-07 | 2026-06-17 |
| CVE-2026-8584 | Inappropriate implementation in Views in Google Chrome on iOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | 4.2 | 0.06% | 2026-05-14 | 2026-06-17 |
| CVE-2026-11232 | Inappropriate implementation in TabGroups in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via malicious network traffic. (Chromium security severity: Low) | 5.4 | 0.06% | 2026-06-04 | 2026-06-17 |
| CVE-2025-12446 | Incorrect security UI in SplitView in Google Chrome prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted domain name. (Chromium security severity: Low) | 4.2 | 0.06% | 2025-11-10 | 2026-06-17 |
| CVE-2026-11677 | Race in Network in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker who had compromised the network process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | 8.3 | 0.06% | 2026-06-08 | 2026-06-17 |
| CVE-2026-11290 | Integer overflow in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to cause a denial of service via a malicious file. (Chromium security severity: Low) | 5.0 | 0.06% | 2026-06-04 | 2026-06-17 |
| CVE-2025-9864 | Rejected reason: This CVE ID was assigned in error to a vulnerability that was both introduced and fixed before the code landed in the Stable channel of Chrome, and has been withdrawn. | 該当なし | 0.07% | 2025-09-03 | 2025-11-13 |
| CVE-2026-9986 | Insufficient validation of untrusted input in OptimizationGuide in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: High) | 4.2 | 0.07% | 2026-05-28 | 2026-06-17 |
| CVE-2025-12439 | Inappropriate implementation in App-Bound Encryption in Google Chrome on Windows prior to 142.0.7444.59 allowed a local attacker to obtain potentially sensitive information from process memory via a malicious file. (Chromium security severity: Medium) | 5.5 | 0.07% | 2025-11-10 | 2026-06-17 |
| CVE-2025-0998 | Rejected reason: Not exploitable | 該当なし | 0.08% | 2025-02-14 | 2025-04-04 |
| CVE-2026-11115 | Use after free in Updater in Google Chrome on Windows prior to 149.0.7827.53 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: Medium) | 7.3 | 0.08% | 2026-06-04 | 2026-06-17 |
| CVE-2026-11035 | Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to perform privilege escalation via a crafted XML file. (Chromium security severity: Medium) | 7.3 | 0.08% | 2026-06-04 | 2026-06-17 |
| CVE-2026-7997 | Insufficient validation of untrusted input in Updater in Google Chrome on Mac prior to 148.0.7778.96 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: Low) | 7.8 | 0.08% | 2026-05-06 | 2026-06-17 |
| CVE-2026-11276 | Inappropriate implementation in Cast in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to bypass discretionary access control via malicious network traffic. (Chromium security severity: Low) | 5.1 | 0.08% | 2026-06-04 | 2026-06-17 |