{"url":"http://public2.vulnerablecode.io/api/packages/114622?format=json","purl":"pkg:apk/alpine/qt6-qtwebengine@6.10.3-r1?arch=aarch64&distroversion=v3.23&reponame=community","type":"apk","namespace":"alpine","name":"qt6-qtwebengine","version":"6.10.3-r1","qualifiers":{"arch":"aarch64","distroversion":"v3.23","reponame":"community"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"6.10.3-r2","latest_non_vulnerable_version":"6.10.3-r3","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72638?format=json","vulnerability_id":"VCID-2vgk-vgjw-u3h3","summary":"Insufficient validation of untrusted input in Feedback in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7345","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7345"},{"reference_url":"https://issues.chromium.org/issues/502248774","reference_id":"502248774","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T13:01:32Z/"}],"url":"https://issues.chromium.org/issues/502248774"},{"reference_url":"https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_28.html","reference_id":"stable-channel-update-for-desktop_28.html","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T13:01:32Z/"}],"url":"https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_28.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/114622?format=json","purl":"pkg:apk/alpine/qt6-qtwebengine@6.10.3-r1?arch=aarch64&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.10.3-r1%3Farch=aarch64&distroversion=v3.23&reponame=community"}],"aliases":["CVE-2026-7345"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2vgk-vgjw-u3h3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68500?format=json","vulnerability_id":"VCID-3ex2-38um-k7df","summary":"Inappropriate implementation in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5918","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5918"},{"reference_url":"https://issues.chromium.org/issues/490139441","reference_id":"490139441","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T14:31:29Z/"}],"url":"https://issues.chromium.org/issues/490139441"},{"reference_url":"https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","reference_id":"stable-channel-update-for-desktop.html","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T14:31:29Z/"}],"url":"https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/114622?format=json","purl":"pkg:apk/alpine/qt6-qtwebengine@6.10.3-r1?arch=aarch64&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.10.3-r1%3Farch=aarch64&distroversion=v3.23&reponame=community"}],"aliases":["CVE-2026-5918"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3ex2-38um-k7df"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69050?format=json","vulnerability_id":"VCID-47mr-fnbj-dfee","summary":"Race in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5893","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5893"},{"reference_url":"https://issues.chromium.org/issues/487768771","reference_id":"487768771","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-13T20:11:45Z/"}],"url":"https://issues.chromium.org/issues/487768771"},{"reference_url":"https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","reference_id":"stable-channel-update-for-desktop.html","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-13T20:11:45Z/"}],"url":"https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/114622?format=json","purl":"pkg:apk/alpine/qt6-qtwebengine@6.10.3-r1?arch=aarch64&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.10.3-r1%3Farch=aarch64&distroversion=v3.23&reponame=community"}],"aliases":["CVE-2026-5893"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-47mr-fnbj-dfee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68834?format=json","vulnerability_id":"VCID-c5ye-7nfn-23ee","summary":"Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5883","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5883"},{"reference_url":"https://issues.chromium.org/issues/482958590","reference_id":"482958590","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-10T03:55:59Z/"}],"url":"https://issues.chromium.org/issues/482958590"},{"reference_url":"https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","reference_id":"stable-channel-update-for-desktop.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-10T03:55:59Z/"}],"url":"https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/114622?format=json","purl":"pkg:apk/alpine/qt6-qtwebengine@6.10.3-r1?arch=aarch64&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.10.3-r1%3Farch=aarch64&distroversion=v3.23&reponame=community"}],"aliases":["CVE-2026-5883"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c5ye-7nfn-23ee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72547?format=json","vulnerability_id":"VCID-cn6q-4zj5-ukcn","summary":"Use after free in GPU in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7357","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7357"},{"reference_url":"https://issues.chromium.org/issues/497047552","reference_id":"497047552","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T18:24:19Z/"}],"url":"https://issues.chromium.org/issues/497047552"},{"reference_url":"https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_28.html","reference_id":"stable-channel-update-for-desktop_28.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T18:24:19Z/"}],"url":"https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_28.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/114622?format=json","purl":"pkg:apk/alpine/qt6-qtwebengine@6.10.3-r1?arch=aarch64&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.10.3-r1%3Farch=aarch64&distroversion=v3.23&reponame=community"}],"aliases":["CVE-2026-7357"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cn6q-4zj5-ukcn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68541?format=json","vulnerability_id":"VCID-d1de-7d6s-cue5","summary":"Out of bounds read and write in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5873"},{"reference_url":"https://issues.chromium.org/issues/496301615","reference_id":"496301615","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-10T03:55:56Z/"}],"url":"https://issues.chromium.org/issues/496301615"},{"reference_url":"https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","reference_id":"stable-channel-update-for-desktop.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-10T03:55:56Z/"}],"url":"https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/114622?format=json","purl":"pkg:apk/alpine/qt6-qtwebengine@6.10.3-r1?arch=aarch64&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.10.3-r1%3Farch=aarch64&distroversion=v3.23&reponame=community"}],"aliases":["CVE-2026-5873"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d1de-7d6s-cue5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68878?format=json","vulnerability_id":"VCID-du3y-tkke-cfee","summary":"Cryptographic Flaw in PDFium in Google Chrome prior to 147.0.7727.55 allowed an attacker to read potentially sensitive information from encrypted PDFs via a brute-force attack. (Chromium security severity: Medium)","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5889","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5889"},{"reference_url":"https://issues.chromium.org/issues/486906037","reference_id":"486906037","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T20:17:44Z/"}],"url":"https://issues.chromium.org/issues/486906037"},{"reference_url":"https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","reference_id":"stable-channel-update-for-desktop.html","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T20:17:44Z/"}],"url":"https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/114622?format=json","purl":"pkg:apk/alpine/qt6-qtwebengine@6.10.3-r1?arch=aarch64&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.10.3-r1%3Farch=aarch64&distroversion=v3.23&reponame=community"}],"aliases":["CVE-2026-5889"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-du3y-tkke-cfee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68893?format=json","vulnerability_id":"VCID-g92b-sqqx-7yg3","summary":"Use after free in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5860","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5860"},{"reference_url":"https://issues.chromium.org/issues/486495143","reference_id":"486495143","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-10T03:55:39Z/"}],"url":"https://issues.chromium.org/issues/486495143"},{"reference_url":"https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","reference_id":"stable-channel-update-for-desktop.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-10T03:55:39Z/"}],"url":"https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/114622?format=json","purl":"pkg:apk/alpine/qt6-qtwebengine@6.10.3-r1?arch=aarch64&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.10.3-r1%3Farch=aarch64&distroversion=v3.23&reponame=community"}],"aliases":["CVE-2026-5860"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g92b-sqqx-7yg3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72453?format=json","vulnerability_id":"VCID-jebf-j7nm-17d9","summary":"Race in MHTML in Google Chrome prior to 147.0.7727.138 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: High)","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7351","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7351"},{"reference_url":"https://issues.chromium.org/issues/499119490","reference_id":"499119490","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T13:20:07Z/"}],"url":"https://issues.chromium.org/issues/499119490"},{"reference_url":"https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_28.html","reference_id":"stable-channel-update-for-desktop_28.html","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T13:20:07Z/"}],"url":"https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_28.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/114622?format=json","purl":"pkg:apk/alpine/qt6-qtwebengine@6.10.3-r1?arch=aarch64&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.10.3-r1%3Farch=aarch64&distroversion=v3.23&reponame=community"}],"aliases":["CVE-2026-7351"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jebf-j7nm-17d9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72160?format=json","vulnerability_id":"VCID-nc7h-nyvu-ruee","summary":"Insufficient validation of untrusted input. in Compositing in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7360","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7360"},{"reference_url":"https://issues.chromium.org/issues/495852034","reference_id":"495852034","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T13:26:27Z/"}],"url":"https://issues.chromium.org/issues/495852034"},{"reference_url":"https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_28.html","reference_id":"stable-channel-update-for-desktop_28.html","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T13:26:27Z/"}],"url":"https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_28.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/114622?format=json","purl":"pkg:apk/alpine/qt6-qtwebengine@6.10.3-r1?arch=aarch64&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.10.3-r1%3Farch=aarch64&distroversion=v3.23&reponame=community"}],"aliases":["CVE-2026-7360"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nc7h-nyvu-ruee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72142?format=json","vulnerability_id":"VCID-r2tt-ntxe-zyaz","summary":"Heap buffer overflow in WebRTC in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7339","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7339"},{"reference_url":"https://issues.chromium.org/issues/493957495","reference_id":"493957495","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T13:08:46Z/"}],"url":"https://issues.chromium.org/issues/493957495"},{"reference_url":"https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_28.html","reference_id":"stable-channel-update-for-desktop_28.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T13:08:46Z/"}],"url":"https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_28.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/114622?format=json","purl":"pkg:apk/alpine/qt6-qtwebengine@6.10.3-r1?arch=aarch64&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.10.3-r1%3Farch=aarch64&distroversion=v3.23&reponame=community"}],"aliases":["CVE-2026-7339"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r2tt-ntxe-zyaz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68914?format=json","vulnerability_id":"VCID-s5gp-n64q-kqby","summary":"Incorrect security UI in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5878","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5878"},{"reference_url":"https://issues.chromium.org/issues/365089001","reference_id":"365089001","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:53:53Z/"}],"url":"https://issues.chromium.org/issues/365089001"},{"reference_url":"https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","reference_id":"stable-channel-update-for-desktop.html","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:53:53Z/"}],"url":"https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/114622?format=json","purl":"pkg:apk/alpine/qt6-qtwebengine@6.10.3-r1?arch=aarch64&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.10.3-r1%3Farch=aarch64&distroversion=v3.23&reponame=community"}],"aliases":["CVE-2026-5878"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s5gp-n64q-kqby"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69077?format=json","vulnerability_id":"VCID-text-mpwp-g7cy","summary":"Use after free in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5872","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5872"},{"reference_url":"https://issues.chromium.org/issues/496281816","reference_id":"496281816","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-10T03:55:54Z/"}],"url":"https://issues.chromium.org/issues/496281816"},{"reference_url":"https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","reference_id":"stable-channel-update-for-desktop.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-10T03:55:54Z/"}],"url":"https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/114622?format=json","purl":"pkg:apk/alpine/qt6-qtwebengine@6.10.3-r1?arch=aarch64&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.10.3-r1%3Farch=aarch64&distroversion=v3.23&reponame=community"}],"aliases":["CVE-2026-5872"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-text-mpwp-g7cy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68639?format=json","vulnerability_id":"VCID-vt1j-udfk-5be5","summary":"Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5868","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5868"},{"reference_url":"https://issues.chromium.org/issues/493256564","reference_id":"493256564","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-10T03:55:50Z/"}],"url":"https://issues.chromium.org/issues/493256564"},{"reference_url":"https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","reference_id":"stable-channel-update-for-desktop.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-10T03:55:50Z/"}],"url":"https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/114622?format=json","purl":"pkg:apk/alpine/qt6-qtwebengine@6.10.3-r1?arch=aarch64&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.10.3-r1%3Farch=aarch64&distroversion=v3.23&reponame=community"}],"aliases":["CVE-2026-5868"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vt1j-udfk-5be5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68809?format=json","vulnerability_id":"VCID-wp12-uddu-5kf2","summary":"Out of bounds read in WebAudio in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5886","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5886"},{"reference_url":"https://issues.chromium.org/issues/485397283","reference_id":"485397283","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:38:06Z/"}],"url":"https://issues.chromium.org/issues/485397283"},{"reference_url":"https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","reference_id":"stable-channel-update-for-desktop.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:38:06Z/"}],"url":"https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/114622?format=json","purl":"pkg:apk/alpine/qt6-qtwebengine@6.10.3-r1?arch=aarch64&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.10.3-r1%3Farch=aarch64&distroversion=v3.23&reponame=community"}],"aliases":["CVE-2026-5886"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wp12-uddu-5kf2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69130?format=json","vulnerability_id":"VCID-x1tf-r6pa-6bfj","summary":"Type Confusion in CSS in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Low)","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5914","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5914"},{"reference_url":"https://issues.chromium.org/issues/490023239","reference_id":"490023239","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-09T14:51:33Z/"}],"url":"https://issues.chromium.org/issues/490023239"},{"reference_url":"https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","reference_id":"stable-channel-update-for-desktop.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-09T14:51:33Z/"}],"url":"https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/114622?format=json","purl":"pkg:apk/alpine/qt6-qtwebengine@6.10.3-r1?arch=aarch64&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.10.3-r1%3Farch=aarch64&distroversion=v3.23&reponame=community"}],"aliases":["CVE-2026-5914"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x1tf-r6pa-6bfj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72239?format=json","vulnerability_id":"VCID-y8nm-41nd-dfbq","summary":"Use after free in Cast in Google Chrome prior to 147.0.7727.138 allowed an attacker on the local network segment to execute arbitrary code inside a sandbox via malicious network traffic. (Chromium security severity: High)","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7349","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7349"},{"reference_url":"https://issues.chromium.org/issues/500034684","reference_id":"500034684","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T13:11:11Z/"}],"url":"https://issues.chromium.org/issues/500034684"},{"reference_url":"https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_28.html","reference_id":"stable-channel-update-for-desktop_28.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T13:11:11Z/"}],"url":"https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_28.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/114622?format=json","purl":"pkg:apk/alpine/qt6-qtwebengine@6.10.3-r1?arch=aarch64&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.10.3-r1%3Farch=aarch64&distroversion=v3.23&reponame=community"}],"aliases":["CVE-2026-7349"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y8nm-41nd-dfbq"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qt6-qtwebengine@6.10.3-r1%3Farch=aarch64&distroversion=v3.23&reponame=community"}