CVE-2026-21017 - Improper handling of insufficient privileges in SecTelephonyProvider prior to SMR Jun-2026 Release 1 allows local attackers to access privileged files.
Published: Jun 05, 2026; 7:16:34 AM -0400

V3.1: 5.5 MEDIUM

CVE-2026-21025 - Incorrect privilege assignment in Telephony prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information.
Published: Jun 05, 2026; 7:16:34 AM -0400

V3.1: 5.5 MEDIUM

CVE-2026-21026 - Improper export of android application components in SpriteWallpaper prior to SMR Jun-2026 Release 1 allows local attackers to access to sensitive information.
Published: Jun 05, 2026; 7:16:35 AM -0400

V3.1: 5.5 MEDIUM

CVE-2026-21027 - Improper export of android application components in ImsSettings prior to SMR Jun-2026 Release 1 allows local attackers to trigger logging function.
Published: Jun 05, 2026; 7:16:35 AM -0400

V3.1: 3.3 LOW

CVE-2026-21028 - Improper access control in AuditLogService prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information.
Published: Jun 05, 2026; 7:16:35 AM -0400

V3.1: 5.5 MEDIUM

CVE-2026-21029 - Improper export of android application components in Galaxy Editing Service prior to SMR Jun-2026 Release 1 allows local attacker to execute privileged operations.
Published: Jun 05, 2026; 7:16:35 AM -0400

V3.1: 7.8 HIGH

CVE-2026-21030 - Improper access control in MediaTek Audio HAL prior to SMR Jun-2026 Release 1 allows local attackers to trigger privileged functions.
Published: Jun 05, 2026; 7:16:35 AM -0400

V3.1: 7.8 HIGH

CVE-2026-21031 - Improper authorization in AppBlock prior to SMR Jun-2026 Release 1 allows local attacker to launch arbitrary activity. User interaction is required for triggering this vulnerability.
Published: Jun 05, 2026; 7:16:35 AM -0400

V3.1: 7.8 HIGH

CVE-2026-11204 - Inappropriate implementation in Signin in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
Published: Jun 04, 2026; 7:17:27 PM -0400

CVE-2026-11206 - Insufficient policy enforcement in ServiceWorker in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
Published: Jun 04, 2026; 7:17:27 PM -0400

CVE-2026-11207 - Insufficient validation of untrusted input in Autofill in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via malicious network traffic. (Chromium security severity: Medium)
Published: Jun 04, 2026; 7:17:27 PM -0400

CVE-2026-11208 - Use after free in Codecs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
Published: Jun 04, 2026; 7:17:28 PM -0400

CVE-2026-11209 - Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium... read CVE-2026-11209
Published: Jun 04, 2026; 7:17:28 PM -0400

CVE-2026-11210 - Inappropriate implementation in Safe Browsing in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via a crafted RAR file. (Chromium security severity: Medium)
Published: Jun 04, 2026; 7:17:28 PM -0400

CVE-2026-11212 - Insufficient policy enforcement in DevTools in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Me... read CVE-2026-11212
Published: Jun 04, 2026; 7:17:28 PM -0400

CVE-2026-11225 - Inappropriate implementation in WebUI in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Low)
Published: Jun 04, 2026; 7:17:30 PM -0400

CVE-2026-11226 - Insufficient policy enforcement in PreviewTab in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass same origin policy via a crafted HTML page. (Chromium secur... read CVE-2026-11226
Published: Jun 04, 2026; 7:17:30 PM -0400

CVE-2026-11227 - Incorrect security UI in Tab Hover Cards in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Low)
Published: Jun 04, 2026; 7:17:30 PM -0400

CVE-2026-10939 - Use after free in WebRTC in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Published: Jun 04, 2026; 7:16:56 PM -0400

CVE-2026-10958 - Use after free in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Published: Jun 04, 2026; 7:16:58 PM -0400