VDB
GCVE-110-NCSC-2026-148
GCVE-110-NCSC-2026-148
Advisory PublishedCVSS 7.4/10
A medium severity vulnerability in the ServiceWorker implementation of Google Chrome versions before 148.0.7778.96 allowed arbitrary script or HTML injection via malicious extensions, with the fix also applied to Chromium-based Microsoft Edge.
Weaknesses (CWE)
CWE-122Heap-based Buffer OverflowCWE-843Access of Resource Using Incompatible Type ('Type Confusion')CWE-451User Interface (UI) Misrepresentation of Critical InformationCWE-346Origin Validation ErrorCWE-73External Control of File Name or PathCWE-416Use After FreeCWE-125Out-of-bounds ReadCWE-472External Control of Assumed-Immutable Web ParameterCWE-457Use of Uninitialized VariableCWE-362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')CWE-787Out-of-bounds WriteCWE-1021Improper Restriction of Rendered UI Layers or FramesCWE-1300Improper Protection of Physical Side ChannelsCWE-94Improper Control of Generation of Code ('Code Injection')CWE-77Improper Neutralization of Special Elements used in a Command ('Command Injection')
Risk Scores
CVSS 3.1
7.4/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Microsoft | vers:unknown/* | — | — |
Aliases
CVE-2026-33111CVE-2026-35429CVE-2026-40416CVE-2026-41107CVE-2026-42838CVE-2026-42891CVE-2026-7896CVE-2026-7897CVE-2026-7898CVE-2026-7899CVE-2026-7900CVE-2026-7901CVE-2026-7902CVE-2026-7903CVE-2026-7904CVE-2026-7905CVE-2026-7906CVE-2026-7907CVE-2026-7908CVE-2026-7909CVE-2026-7910CVE-2026-7911CVE-2026-7912CVE-2026-7913CVE-2026-7914CVE-2026-7915CVE-2026-7916CVE-2026-7917CVE-2026-7918CVE-2026-7919CVE-2026-7920CVE-2026-7921CVE-2026-7922CVE-2026-7923CVE-2026-7924CVE-2026-7925CVE-2026-7926CVE-2026-7927CVE-2026-7928CVE-2026-7929CVE-2026-7930CVE-2026-7931CVE-2026-7932CVE-2026-7933CVE-2026-7934CVE-2026-7935CVE-2026-7936CVE-2026-7937CVE-2026-7938CVE-2026-7939CVE-2026-7940CVE-2026-7941CVE-2026-7942CVE-2026-7943CVE-2026-7944CVE-2026-7945CVE-2026-7946CVE-2026-7947CVE-2026-7948CVE-2026-7949CVE-2026-7950CVE-2026-7951CVE-2026-7952CVE-2026-7953CVE-2026-7954CVE-2026-7955CVE-2026-7956CVE-2026-7957CVE-2026-7958CVE-2026-7959CVE-2026-7960CVE-2026-7961CVE-2026-7962CVE-2026-7963CVE-2026-7964CVE-2026-7965CVE-2026-7966CVE-2026-7967CVE-2026-7968CVE-2026-7969CVE-2026-7970CVE-2026-7971CVE-2026-7972CVE-2026-7973CVE-2026-7974CVE-2026-7975CVE-2026-7976CVE-2026-7977CVE-2026-7978CVE-2026-7979CVE-2026-7980CVE-2026-7981CVE-2026-7982CVE-2026-7983CVE-2026-7984CVE-2026-7985CVE-2026-7986CVE-2026-7987CVE-2026-7988CVE-2026-7989CVE-2026-7990CVE-2026-7991CVE-2026-7992CVE-2026-7993CVE-2026-7994CVE-2026-7995CVE-2026-7996CVE-2026-7997CVE-2026-7998CVE-2026-7999CVE-2026-8000CVE-2026-8001CVE-2026-8002CVE-2026-8003CVE-2026-8004CVE-2026-8005CVE-2026-8006CVE-2026-8007CVE-2026-8008CVE-2026-8009CVE-2026-8010CVE-2026-8011CVE-2026-8012CVE-2026-8013CVE-2026-8014CVE-2026-8015CVE-2026-8016CVE-2026-8017CVE-2026-8018CVE-2026-8019CVE-2026-8020CVE-2026-8021CVE-2026-8022
References
Browse GCVE Records
73,738 records in the GCVE database · Updated July 19, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.