MITRE ATT&CK CVE list for this attack path. Use risk scores and timeline to decide what to patch first and what to track next.
| CVE | 描述 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|
| CVE-2026-11307 | Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: Low) | 無 | 無 | 2026-06-05 | 2026-06-05 |
| CVE-2026-11306 | Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: Low) | 無 | 無 | 2026-06-05 | 2026-06-05 |
| CVE-2026-11305 | Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: Low) | 無 | 無 | 2026-06-05 | 2026-06-05 |
| CVE-2026-11304 | Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Low) | 無 | 無 | 2026-06-05 | 2026-06-05 |
| CVE-2026-11303 | Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: Low) | 無 | 無 | 2026-06-05 | 2026-06-05 |
| CVE-2026-11293 | Use after free in Input in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low) | 無 | 無 | 2026-06-05 | 2026-06-05 |
| CVE-2026-11262 | Use after free in TabStrip in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low) | 無 | 無 | 2026-06-05 | 2026-06-05 |
| CVE-2026-11249 | Use after free in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low) | 無 | 無 | 2026-06-05 | 2026-06-05 |
| CVE-2026-11230 | Use after free in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low) | 無 | 無 | 2026-06-04 | 2026-06-04 |
| CVE-2026-11224 | Use after free in Chromoting in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Low) | 無 | 無 | 2026-06-04 | 2026-06-04 |
| CVE-2026-11208 | Use after free in Codecs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) | 無 | 無 | 2026-06-04 | 2026-06-04 |
| CVE-2026-11201 | Use after free in ServiceWorker in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Medium) | 無 | 無 | 2026-06-04 | 2026-06-04 |
| CVE-2026-11188 | Use after free in USB in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) | 無 | 無 | 2026-06-04 | 2026-06-04 |
| CVE-2026-11185 | Use after free in V8 in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code inside a sandbox via a crafted Chrome Extension. (Chromium security severity: Medium) | 無 | 無 | 2026-06-04 | 2026-06-04 |
| CVE-2026-11177 | Use after free in Omnibox in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | 無 | 無 | 2026-06-04 | 2026-06-04 |
| CVE-2026-11165 | Use after free in WebMIDI in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) | 無 | 無 | 2026-06-04 | 2026-06-04 |
| CVE-2026-11164 | Use after free in Blink in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | 無 | 無 | 2026-06-04 | 2026-06-04 |
| CVE-2026-11163 | Use after free in Messages in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) | 無 | 無 | 2026-06-04 | 2026-06-04 |
| CVE-2026-11154 | Use after free in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) | 無 | 無 | 2026-06-04 | 2026-06-04 |
| CVE-2026-11147 | Use after free in WebML in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | 無 | 無 | 2026-06-04 | 2026-06-04 |