VDB

GCVE-110-NCSC-2026-148

GCVE-110-NCSC-2026-148
Advisory PublishedCVSS 7.4/10
Vulnetix · Advisory published May 13, 2026
A medium severity vulnerability in the ServiceWorker implementation of Google Chrome versions before 148.0.7778.96 allowed arbitrary script or HTML injection via malicious extensions, with the fix also applied to Chromium-based Microsoft Edge.

Weaknesses (CWE)

CWE-122Heap-based Buffer OverflowCWE-843Access of Resource Using Incompatible Type ('Type Confusion')CWE-451User Interface (UI) Misrepresentation of Critical InformationCWE-346Origin Validation ErrorCWE-73External Control of File Name or PathCWE-416Use After FreeCWE-125Out-of-bounds ReadCWE-472External Control of Assumed-Immutable Web ParameterCWE-457Use of Uninitialized VariableCWE-362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')CWE-787Out-of-bounds WriteCWE-1021Improper Restriction of Rendered UI Layers or FramesCWE-1300Improper Protection of Physical Side ChannelsCWE-94Improper Control of Generation of Code ('Code Injection')CWE-77Improper Neutralization of Special Elements used in a Command ('Command Injection')

Risk Scores

CVSS 3.1
7.4/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C

Affected Products

VendorProductVersionsPlatforms
Microsoftvers:unknown/*

Aliases

CVE-2026-33111CVE-2026-35429CVE-2026-40416CVE-2026-41107CVE-2026-42838CVE-2026-42891CVE-2026-7896CVE-2026-7897CVE-2026-7898CVE-2026-7899CVE-2026-7900CVE-2026-7901CVE-2026-7902CVE-2026-7903CVE-2026-7904CVE-2026-7905CVE-2026-7906CVE-2026-7907CVE-2026-7908CVE-2026-7909CVE-2026-7910CVE-2026-7911CVE-2026-7912CVE-2026-7913CVE-2026-7914CVE-2026-7915CVE-2026-7916CVE-2026-7917CVE-2026-7918CVE-2026-7919CVE-2026-7920CVE-2026-7921CVE-2026-7922CVE-2026-7923CVE-2026-7924CVE-2026-7925CVE-2026-7926CVE-2026-7927CVE-2026-7928CVE-2026-7929CVE-2026-7930CVE-2026-7931CVE-2026-7932CVE-2026-7933CVE-2026-7934CVE-2026-7935CVE-2026-7936CVE-2026-7937CVE-2026-7938CVE-2026-7939CVE-2026-7940CVE-2026-7941CVE-2026-7942CVE-2026-7943CVE-2026-7944CVE-2026-7945CVE-2026-7946CVE-2026-7947CVE-2026-7948CVE-2026-7949CVE-2026-7950CVE-2026-7951CVE-2026-7952CVE-2026-7953CVE-2026-7954CVE-2026-7955CVE-2026-7956CVE-2026-7957CVE-2026-7958CVE-2026-7959CVE-2026-7960CVE-2026-7961CVE-2026-7962CVE-2026-7963CVE-2026-7964CVE-2026-7965CVE-2026-7966CVE-2026-7967CVE-2026-7968CVE-2026-7969CVE-2026-7970CVE-2026-7971CVE-2026-7972CVE-2026-7973CVE-2026-7974CVE-2026-7975CVE-2026-7976CVE-2026-7977CVE-2026-7978CVE-2026-7979CVE-2026-7980CVE-2026-7981CVE-2026-7982CVE-2026-7983CVE-2026-7984CVE-2026-7985CVE-2026-7986CVE-2026-7987CVE-2026-7988CVE-2026-7989CVE-2026-7990CVE-2026-7991CVE-2026-7992CVE-2026-7993CVE-2026-7994CVE-2026-7995CVE-2026-7996CVE-2026-7997CVE-2026-7998CVE-2026-7999CVE-2026-8000CVE-2026-8001CVE-2026-8002CVE-2026-8003CVE-2026-8004CVE-2026-8005CVE-2026-8006CVE-2026-8007CVE-2026-8008CVE-2026-8009CVE-2026-8010CVE-2026-8011CVE-2026-8012CVE-2026-8013CVE-2026-8014CVE-2026-8015CVE-2026-8016CVE-2026-8017CVE-2026-8018CVE-2026-8019CVE-2026-8020CVE-2026-8021CVE-2026-8022

References

advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory

Browse GCVE Records

73,738 records in the GCVE database · Updated July 19, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›