PAN-SA-2026-0010 Chromium and Prisma Browser: Monthly Vulnerability Update (July 2026)
Exploit Maturity
UNREPORTED
Response Effort
MODERATE
Recovery
USER
Value Density
DIFFUSE
Attack Vector
NETWORK
Attack Complexity
HIGH
Attack Requirements
NONE
Automatable
NO
User Interaction
NONE
Product Confidentiality
HIGH
Product Integrity
HIGH
Product Availability
HIGH
Privileges Required
NONE
Subsequent Confidentiality
NONE
Subsequent Integrity
NONE
Subsequent Availability
NONE
Description
Palo Alto Networks incorporated the following Chromium security fixes into our products:
- https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html
- https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_01245939337.html
- https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0482630350.html
- https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_01750511403.html
- https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_01962725236.html
- https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0153744567.html
| CVE | Summary |
|---|---|
| CVE-2026-10881 | Out of bounds read and write in ANGLE |
| CVE-2026-10882 | Use after free in Network |
| CVE-2026-10883 | Type Confusion in ANGLE |
| CVE-2026-10884 | Use after free in Chromecast |
| CVE-2026-10885 | Use after free in Chrome for iOS |
| CVE-2026-10886 | Use after free in FileSystem |
| CVE-2026-10887 | Use after free in Chromoting |
| CVE-2026-10888 | Use after free in Cast Streaming |
| CVE-2026-10889 | Out of bounds read in ANGLE |
| CVE-2026-10890 | Use after free in Cast |
| CVE-2026-10891 | Use after free in GFX |
| CVE-2026-10892 | Out of bounds write in GPU |
| CVE-2026-10893 | Use after free in Chromoting |
| CVE-2026-10894 | Use after free in Printing |
| CVE-2026-10895 | Use after free in Ozone |
| CVE-2026-10896 | Use after free in Chrome for iOS |
| CVE-2026-10897 | Inappropriate implementation in GPU |
| CVE-2026-10898 | Stack buffer overflow in GPU |
| CVE-2026-10899 | Use after free in Ozone |
| CVE-2026-10900 | Use after free in Passwords |
| CVE-2026-10901 | Use after free in Passwords |
| CVE-2026-10902 | Use after free in Ozone |
| CVE-2026-10903 | Use after free in WebRTC |
| CVE-2026-10904 | Inappropriate implementation in V8 |
| CVE-2026-10905 | Use after free in Network |
| CVE-2026-10906 | Use after free in WebAuthentication |
| CVE-2026-10907 | Out of bounds write in ANGLE |
| CVE-2026-10908 | Use after free in FullScreen |
| CVE-2026-10909 | Use after free in Dawn |
| CVE-2026-10910 | Type Confusion in V8 |
| CVE-2026-10911 | Insufficient validation of untrusted input in Media |
| CVE-2026-10912 | Insufficient validation of untrusted input in Extensions |
| CVE-2026-10913 | Use after free in ANGLE |
| CVE-2026-10914 | Use after free in ANGLE |
| CVE-2026-10915 | Use after free in Core |
| CVE-2026-10916 | Insufficient validation of untrusted input in DevTools |
| CVE-2026-10917 | Insufficient validation of untrusted input in Media |
| CVE-2026-10918 | Use after free in Viz |
| CVE-2026-10919 | Use after free in ANGLE |
| CVE-2026-10920 | Insufficient validation of untrusted input in WebShare |
| CVE-2026-10921 | Integer overflow in Dawn |
| CVE-2026-10922 | Insufficient validation of untrusted input in DevTools |
| CVE-2026-10923 | Use after free in WebAppInstalls |
| CVE-2026-10924 | Integer overflow in Chromecast |
| CVE-2026-10925 | Out of bounds write in Skia |
| CVE-2026-10926 | Use after free in Cast |
| CVE-2026-10927 | Out of bounds read in Dawn |
| CVE-2026-10928 | Script injection in Headless |
| CVE-2026-10929 | Heap buffer overflow in ANGLE |
| CVE-2026-10930 | Out of bounds read in ANGLE |
| CVE-2026-10931 | Use after free in FileSystem |
| CVE-2026-10932 | Use after free in UI |
| CVE-2026-10933 | Use after free in Audio |
| CVE-2026-10934 | Use after free in Autofill |
| CVE-2026-10935 | Type Confusion in V8 |
| CVE-2026-10936 | Type Confusion in V8 |
| CVE-2026-10937 | Inappropriate implementation in Passwords |
| CVE-2026-10938 | Inappropriate implementation in Input |
| CVE-2026-10939 | Use after free in WebRTC |
| CVE-2026-10940 | Race in Codecs |
| CVE-2026-10941 | Out of bounds memory access in Skia |
| CVE-2026-10942 | Inappropriate implementation in UI |
| CVE-2026-10943 | Use after free in WebRTC |
| CVE-2026-10944 | Insufficient policy enforcement in Autofill |
| CVE-2026-10945 | Use after free in PDF |
| CVE-2026-10946 | Heap buffer overflow in Media |
| CVE-2026-10947 | Use after free in WebRTC |
| CVE-2026-10948 | Use after free in WebRTC |
| CVE-2026-10949 | Heap buffer overflow in Video |
| CVE-2026-10950 | Insufficient policy enforcement in Autofill |
| CVE-2026-10951 | Use after free in Autofill |
| CVE-2026-10952 | Use after free in Chrome for iOS |
| CVE-2026-10953 | Use after free in Core |
| CVE-2026-10954 | Use after free in Actor |
| CVE-2026-10955 | Type Confusion in ANGLE |
| CVE-2026-10956 | Use after free in MimeHandlerView |
| CVE-2026-10957 | Use after free in Glic |
| CVE-2026-10958 | Use after free in Chrome for iOS |
| CVE-2026-10959 | Use after free in Input |
| CVE-2026-10960 | Uninitialized Use in Codecs |
| CVE-2026-10961 | Use after free in Chrome for iOS |
| CVE-2026-10962 | Type Confusion in Media |
| CVE-2026-10963 | Integer overflow in V8 |
| CVE-2026-10964 | Integer overflow in V8 |
| CVE-2026-10965 | Integer overflow in DevTools |
| CVE-2026-10966 | Inappropriate implementation in Codecs |
| CVE-2026-10967 | Use after free in SurfaceCapture |
| CVE-2026-10968 | Insufficient validation of untrusted input in Dawn |
| CVE-2026-10969 | Insufficient validation of untrusted input in Extensions |
| CVE-2026-10970 | Insufficient validation of untrusted input in InterestGroups |
| CVE-2026-10971 | Insufficient validation of untrusted input in Printing |
| CVE-2026-10972 | Use after free in Ozone |
| CVE-2026-10973 | Uninitialized Use in Dawn |
| CVE-2026-10974 | Insufficient validation of untrusted input in ANGLE |
| CVE-2026-10975 | Use after free in WebRTC |
| CVE-2026-10976 | Uninitialized Use in Dawn |
| CVE-2026-10977 | Uninitialized Use in Skia |
| CVE-2026-10978 | Use after free in Chromoting |
| CVE-2026-10979 | Out of bounds read in ANGLE |
| CVE-2026-10980 | Insufficient validation of untrusted input in DevTools |
| CVE-2026-10981 | Insufficient validation of untrusted input in Codecs |
| CVE-2026-10982 | Use after free in WebXR |
| CVE-2026-10983 | Insufficient validation of untrusted input in Dawn |
| CVE-2026-10984 | Inappropriate implementation in Accessibility |
| CVE-2026-10985 | Out of bounds read in Skia |
| CVE-2026-10986 | Integer overflow in Media |
| CVE-2026-10987 | Integer overflow in V8 |
| CVE-2026-10988 | Use after free in Views |
| CVE-2026-10989 | Inappropriate implementation in V8 |
| CVE-2026-10990 | Use after free in Glic |
| CVE-2026-10991 | Use after free in V8 |
| CVE-2026-10992 | Insufficient data validation in Animation |
| CVE-2026-10993 | Heap buffer overflow in Skia |
| CVE-2026-10994 | Uninitialized Use in ANGLE |
| CVE-2026-10995 | Heap buffer overflow in TabStrip |
| CVE-2026-10996 | Inappropriate implementation in Workers |
| CVE-2026-10997 | Insufficient policy enforcement in Extensions |
| CVE-2026-10998 | Out of bounds read in Media |
| CVE-2026-10999 | Integer overflow in ANGLE |
| CVE-2026-11000 | Use after free in Fonts |
| CVE-2026-11001 | Inappropriate implementation in Payments |
| CVE-2026-11002 | Use after free in Autofill |
| CVE-2026-11003 | Use after free in WebRTC |
| CVE-2026-11004 | Out of bounds read in ANGLE |
| CVE-2026-11005 | Out of bounds read in ANGLE |
| CVE-2026-11006 | Out of bounds read in Dawn |
| CVE-2026-11007 | Insufficient validation of untrusted input in WebView |
| CVE-2026-11008 | Insufficient validation of untrusted input in WebAppInstalls |
| CVE-2026-11009 | Use after free in USB |
| CVE-2026-11010 | Use after free in WebShare |
| CVE-2026-11011 | Insufficient policy enforcement in Password Manager |
| CVE-2026-11012 | Use after free in Serial |
| CVE-2026-11013 | Insufficient validation of untrusted input in Network |
| CVE-2026-11014 | Insufficient policy enforcement in Extensions |
| CVE-2026-11015 | Out of bounds read in WebGPU |
| CVE-2026-11016 | Insufficient validation of untrusted input in Network |
| CVE-2026-11017 | Inappropriate implementation in Link Preview |
| CVE-2026-11018 | Insufficient policy enforcement in Actor |
| CVE-2026-11019 | Inappropriate implementation in Payments |
| CVE-2026-11020 | Inappropriate implementation in Extensions |
| CVE-2026-11021 | Insufficient validation of untrusted input in GPU |
| CVE-2026-11022 | Insufficient validation of untrusted input in DevTools |
| CVE-2026-11023 | Inappropriate implementation in WebAppInstalls |
| CVE-2026-11024 | Stack buffer overflow in Skia |
| CVE-2026-11025 | Insufficient policy enforcement in Navigation |
| CVE-2026-11026 | Inappropriate implementation in Extensions |
| CVE-2026-11027 | Insufficient validation of untrusted input in Glic |
| CVE-2026-11028 | Use after free in Media |
| CVE-2026-11029 | Insufficient validation of untrusted input in Drag and Drop |
| CVE-2026-11030 | Use after free in Network |
| CVE-2026-11031 | Insufficient validation of untrusted input in Password Manager |
| CVE-2026-11032 | Inappropriate implementation in Password Manager |
| CVE-2026-11033 | Uninitialized Use in WebML |
| CVE-2026-11034 | Insufficient validation of untrusted input in Tab Group Sync |
| CVE-2026-11035 | Inappropriate implementation in Custom Tabs |
| CVE-2026-11036 | Inappropriate implementation in DOM |
| CVE-2026-11037 | Out of bounds write in Codecs |
| CVE-2026-11038 | Insufficient policy enforcement in Subresource Integrity |
| CVE-2026-11039 | Uninitialized Use in Skia |
| CVE-2026-11040 | Use after free in ANGLE |
| CVE-2026-11041 | Insufficient validation of untrusted input in Media |
| CVE-2026-11042 | Use after free in Views |
| CVE-2026-11043 | Out of bounds write in ANGLE |
| CVE-2026-11044 | Integer overflow in ANGLE |
| CVE-2026-11045 | Insufficient validation of untrusted input in GPU |
| CVE-2026-11046 | Insufficient validation of untrusted input in Media |
| CVE-2026-11047 | Inappropriate implementation in Base |
| CVE-2026-11048 | Inappropriate implementation in Extensions |
| CVE-2026-11049 | Use after free in Password Manager |
| CVE-2026-11050 | Use after free in V8 |
| CVE-2026-11051 | Out of bounds read in ANGLE |
| CVE-2026-11052 | Type Confusion in GPU |
| CVE-2026-11054 | Use after free in WebRTC |
| CVE-2026-11055 | Use after free in ANGLE |
| CVE-2026-11056 | Insufficient validation of untrusted input in SiteIsolation |
| CVE-2026-11057 | Uninitialized Use in Skia |
| CVE-2026-11058 | Integer overflow in CredentialProvider |
| CVE-2026-11059 | Use after free in Blink |
| CVE-2026-11060 | Use after free in Media |
| CVE-2026-11061 | Type Confusion in ANGLE |
| CVE-2026-11062 | Insufficient policy enforcement in Extensions |
| CVE-2026-11063 | Insufficient validation of untrusted input in WebNN |
| CVE-2026-11064 | Race in GPU |
| CVE-2026-11065 | Use after free in ANGLE |
| CVE-2026-11066 | Insufficient validation of untrusted input in ANGLE |
| CVE-2026-11067 | Uninitialized Use in Dawn |
| CVE-2026-11068 | Use after free in WebSockets |
| CVE-2026-11069 | Insufficient validation of untrusted input in Cast |
| CVE-2026-11070 | Insufficient validation of untrusted input in Chromoting |
| CVE-2026-11071 | Use after free in Base |
| CVE-2026-11072 | Use after free in WebView |
| CVE-2026-11073 | Use after free in WebGL |
| CVE-2026-11074 | Use after free in WebRTC |
| CVE-2026-11075 | Out of bounds read in V8 |
| CVE-2026-11076 | Type Confusion in CSS |
| CVE-2026-11077 | Bad cast in Dawn |
| CVE-2026-11078 | Inappropriate implementation in FileSystem |
| CVE-2026-11079 | Insufficient validation of untrusted input in Codecs |
| CVE-2026-11080 | Use after free in WebView |
| CVE-2026-11081 | Inappropriate implementation in Canvas |
| CVE-2026-11082 | Race in GPU |
| CVE-2026-11083 | Inappropriate implementation in Password Manager |
| CVE-2026-11084 | Inappropriate implementation in Password Manager |
| CVE-2026-11085 | Integer overflow in GPU |
| CVE-2026-11086 | Inappropriate implementation in Dawn |
| CVE-2026-11087 | Uninitialized Use in ANGLE |
| CVE-2026-11088 | Integer overflow in ANGLE |
| CVE-2026-11089 | Uninitialized Use in Media |
| CVE-2026-11090 | Uninitialized Use in ANGLE |
| CVE-2026-11091 | Inappropriate implementation in Dawn |
| CVE-2026-11092 | Insufficient policy enforcement in DevTools |
| CVE-2026-11093 | Inappropriate implementation in Printing |
| CVE-2026-11094 | Use after free in Codecs |
| CVE-2026-11095 | Insufficient validation of untrusted input in Codecs |
| CVE-2026-11096 | Out of bounds read in WebRTC |
| CVE-2026-11097 | Inappropriate implementation in WebView |
| CVE-2026-11098 | Insufficient validation of untrusted input in GPU |
| CVE-2026-11100 | Use after free in File Input |
| CVE-2026-11101 | Uninitialized Use in Dawn |
| CVE-2026-11102 | Inappropriate implementation in Isolated Web Apps |
| CVE-2026-11103 | Inappropriate implementation in Installer |
| CVE-2026-11104 | Uninitialized Use in ANGLE |
| CVE-2026-11105 | Insufficient validation of untrusted input in WebUI |
| CVE-2026-11106 | Inappropriate implementation in Media |
| CVE-2026-11107 | Inappropriate implementation in Downloads |
| CVE-2026-11108 | Inappropriate implementation in NFC |
| CVE-2026-11109 | Uninitialized Use in ANGLE |
| CVE-2026-11110 | Uninitialized Use in ANGLE |
| CVE-2026-11111 | Out of bounds read in ANGLE |
| CVE-2026-11112 | Insufficient validation of untrusted input in Chromoting |
| CVE-2026-11113 | Insufficient validation of untrusted input in ANGLE |
| CVE-2026-11114 | Use after free in Device Trust |
| CVE-2026-11115 | Use after free in Updater |
| CVE-2026-11116 | Use after free in Chromoting |
| CVE-2026-11117 | Use after free in Views |
| CVE-2026-11118 | Use after free in WebRTC |
| CVE-2026-11119 | Inappropriate implementation in GPU |
| CVE-2026-11120 | Insufficient validation of untrusted input in Enterprise Reporting |
| CVE-2026-11121 | Insufficient validation of untrusted input in Skia |
| CVE-2026-11122 | Inappropriate implementation in Keyboard |
| CVE-2026-11123 | Uninitialized Use in ANGLE |
| CVE-2026-11124 | Integer overflow in Skia |
| CVE-2026-11125 | Use after free in Compositing |
| CVE-2026-11126 | Inappropriate implementation in DevTools |
| CVE-2026-11127 | Inappropriate implementation in WebAPKs |
| CVE-2026-11128 | Inappropriate implementation in Web Share |
| CVE-2026-11129 | Inappropriate implementation in Extensions |
| CVE-2026-11130 | Use after free in Media |
| CVE-2026-11131 | Use after free in Autofill |
| CVE-2026-11132 | Insufficient policy enforcement in Paint |
| CVE-2026-11133 | Insufficient policy enforcement in Paint |
| CVE-2026-11134 | Inappropriate implementation in Media |
| CVE-2026-11135 | Insufficient policy enforcement in Autofill |
| CVE-2026-11136 | Use after free in Canvas |
| CVE-2026-11137 | Uninitialized Use in ANGLE |
| CVE-2026-11138 | Uninitialized Use in ANGLE |
| CVE-2026-11139 | Inappropriate implementation in Paint |
| CVE-2026-11140 | Out of bounds read in Chromecast |
| CVE-2026-11141 | Uninitialized Use in Audio |
| CVE-2026-11142 | Insufficient policy enforcement in Paint |
| CVE-2026-11143 | Out of bounds read in Extensions |
| CVE-2026-11144 | Use after free in Media |
| CVE-2026-11145 | Race in Geolocation |
| CVE-2026-11146 | Insufficient validation of untrusted input in Chromoting |
| CVE-2026-11147 | Use after free in WebML |
| CVE-2026-11148 | Inappropriate implementation in Payments |
| CVE-2026-11149 | Insufficient validation of untrusted input in Extensions |
| CVE-2026-11150 | Inappropriate implementation in XML |
| CVE-2026-11151 | Insufficient validation of untrusted input in Password Manager |
| CVE-2026-11152 | Object lifecycle issue in Dawn |
| CVE-2026-11153 | Side-channel information leakage in Forms |
| CVE-2026-11154 | Use after free in Dawn |
| CVE-2026-11155 | Inappropriate implementation in CSS |
| CVE-2026-11156 | Inappropriate implementation in CSS |
| CVE-2026-11157 | Script injection in Accessibility |
| CVE-2026-11158 | Insufficient validation of untrusted input in Downloads |
| CVE-2026-11159 | Uninitialized Use in Skia |
| CVE-2026-11160 | Out of bounds read in Input |
| CVE-2026-11161 | Inappropriate implementation in DataTransfer |
| CVE-2026-11162 | Inappropriate implementation in CSS |
| CVE-2026-11163 | Use after free in Messages |
| CVE-2026-11164 | Use after free in Blink |
| CVE-2026-11165 | Use after free in WebMIDI |
| CVE-2026-11166 | Inappropriate implementation in SVG |
| CVE-2026-11167 | Inappropriate implementation in WebView |
| CVE-2026-11168 | Inappropriate implementation in Extensions |
| CVE-2026-11169 | Inappropriate implementation in XML |
| CVE-2026-11170 | Inappropriate implementation in Chromoting |
| CVE-2026-11171 | Integer overflow in Blink |
| CVE-2026-11172 | Incorrect security UI in Contact Picker |
| CVE-2026-11173 | Out of bounds write in V8 |
| CVE-2026-11174 | Inappropriate implementation in Site Isolation |
| CVE-2026-11175 | Incorrect security UI in Messages |
| CVE-2026-11176 | Inappropriate implementation in Media |
| CVE-2026-11177 | Use after free in Omnibox |
| CVE-2026-11178 | Insufficient policy enforcement in WebView |
| CVE-2026-11179 | Inappropriate implementation in ORB |
| CVE-2026-11180 | Inappropriate implementation in SVG |
| CVE-2026-11181 | Inappropriate implementation in Media Session |
| CVE-2026-11182 | Inappropriate implementation in SVG |
| CVE-2026-11183 | Out of bounds read in GWP-ASan |
| CVE-2026-11184 | Insufficient policy enforcement in Actor |
| CVE-2026-11185 | Use after free in V8 |
| CVE-2026-11186 | Inappropriate implementation in CSS |
| CVE-2026-11187 | Inappropriate implementation in Glic |
| CVE-2026-11188 | Use after free in USB |
| CVE-2026-11189 | Insufficient validation of untrusted input in DevTools |
| CVE-2026-11190 | Inappropriate implementation in Extensions |
| CVE-2026-11191 | Out of bounds memory access in ANGLE |
| CVE-2026-11192 | Insufficient validation of untrusted input in Password Manager |
| CVE-2026-11193 | Insufficient policy enforcement in Password Manager |
| CVE-2026-11194 | Inappropriate implementation in Network |
| CVE-2026-11195 | Inappropriate implementation in MHTML |
| CVE-2026-11196 | Type Confusion in XML |
| CVE-2026-11197 | Insufficient policy enforcement in Workers |
| CVE-2026-11198 | Insufficient validation of untrusted input in Codecs |
| CVE-2026-11199 | Inappropriate implementation in WebRTC |
| CVE-2026-11200 | Inappropriate implementation in WebRTC |
| CVE-2026-11201 | Use after free in ServiceWorker |
| CVE-2026-11202 | Inappropriate implementation in Chrome for iOS |
| CVE-2026-11203 | Inappropriate implementation in GPU |
| CVE-2026-11204 | Inappropriate implementation in Signin |
| CVE-2026-11205 | Insufficient validation of untrusted input in Chrome for iOS |
| CVE-2026-11206 | Insufficient policy enforcement in ServiceWorker |
| CVE-2026-11207 | Insufficient validation of untrusted input in Autofill |
| CVE-2026-11208 | Use after free in Codecs |
| CVE-2026-11209 | Inappropriate implementation in Passwords |
| CVE-2026-11210 | Inappropriate implementation in Safe Browsing |
| CVE-2026-11211 | Integer overflow in V8 |
| CVE-2026-11212 | Insufficient policy enforcement in DevTools |
| CVE-2026-11213 | Insufficient validation of untrusted input in Reading Mode |
| CVE-2026-11214 | Inappropriate implementation in Chrome for iOS |
| CVE-2026-11215 | Inappropriate implementation in Cronet |
| CVE-2026-11216 | Incorrect security UI in File Input |
| CVE-2026-11217 | Inappropriate implementation in Fenced Frames |
| CVE-2026-11218 | Inappropriate implementation in PlatformIntegration |
| CVE-2026-11219 | Inappropriate implementation in Navigation |
| CVE-2026-11220 | Insufficient validation of untrusted input in Navigation |
| CVE-2026-11221 | Insufficient validation of untrusted input in PointerLock |
| CVE-2026-11222 | Incorrect security UI in Tab Strip |
| CVE-2026-11223 | Insufficient validation of untrusted input in Network |
| CVE-2026-11224 | Use after free in Chromoting |
| CVE-2026-11225 | Inappropriate implementation in WebUI |
| CVE-2026-11226 | Insufficient policy enforcement in PreviewTab |
| CVE-2026-11227 | Incorrect security UI in Tab Hover Cards |
| CVE-2026-11228 | Inappropriate implementation in File Input |
| CVE-2026-11229 | Inappropriate implementation in Enterprise |
| CVE-2026-11230 | Use after free in Extensions |
| CVE-2026-11231 | Inappropriate implementation in Safe Browsing |
| CVE-2026-11232 | Inappropriate implementation in TabGroups |
| CVE-2026-11233 | Insufficient policy enforcement in FoldableAPIs |
| CVE-2026-11234 | Inappropriate implementation in FoldableAPIs |
| CVE-2026-11235 | Insufficient policy enforcement in Compositing |
| CVE-2026-11236 | Insufficient policy enforcement in Web Bluetooth |
| CVE-2026-11237 | Insufficient validation of untrusted input in Media |
| CVE-2026-11238 | Inappropriate implementation in DevTools |
| CVE-2026-11239 | Inappropriate implementation in Extensions |
| CVE-2026-11240 | Insufficient validation of untrusted input in Loader |
| CVE-2026-11241 | Insufficient validation of untrusted input in Cast |
| CVE-2026-11242 | Insufficient validation of untrusted input in Plugins |
| CVE-2026-11243 | Inappropriate implementation in Downloads |
| CVE-2026-11244 | Insufficient validation of untrusted input in WebAuthentication |
| CVE-2026-11245 | Inappropriate implementation in Payments |
| CVE-2026-11246 | Insufficient validation of untrusted input in IndexedDB |
| CVE-2026-11247 | Insufficient policy enforcement in CustomTabs |
| CVE-2026-11248 | Inappropriate implementation in Google Lens |
| CVE-2026-11249 | Use after free in Network |
| CVE-2026-11250 | Inappropriate implementation in DevTools |
| CVE-2026-11251 | Insufficient policy enforcement in Password Manager |
| CVE-2026-11252 | Insufficient policy enforcement in Content Settings |
| CVE-2026-11253 | Inappropriate implementation in Permissions |
| CVE-2026-11254 | Inappropriate implementation in Permissions |
| CVE-2026-11255 | Insufficient validation of untrusted input in Storage Access API |
| CVE-2026-11256 | Integer overflow in GPU |
| CVE-2026-11257 | Inappropriate implementation in Browser |
| CVE-2026-11258 | Inappropriate implementation in File System Access |
| CVE-2026-11259 | Insufficient validation of untrusted input in Cast |
| CVE-2026-11260 | Inappropriate implementation in Permissions |
| CVE-2026-11261 | Inappropriate implementation in PDF |
| CVE-2026-11262 | Use after free in TabStrip |
| CVE-2026-11263 | Insufficient policy enforcement in WebAuthentication |
| CVE-2026-11264 | Policy bypass in Content Security Policy |
| CVE-2026-11265 | Inappropriate implementation in Autofill |
| CVE-2026-11266 | Inappropriate implementation in SafeBrowsing |
| CVE-2026-11267 | Insufficient policy enforcement in Extensions |
| CVE-2026-11268 | Uninitialized Use in ANGLE |
| CVE-2026-11269 | Inappropriate implementation in Extensions |
| CVE-2026-11270 | Inappropriate implementation in UI |
| CVE-2026-11271 | Inappropriate implementation in Passwords |
| CVE-2026-11272 | Insufficient validation of untrusted input in Reading List |
| CVE-2026-11273 | Insufficient validation of untrusted input in Omnibox |
| CVE-2026-11274 | Inappropriate implementation in DOM Distiller |
| CVE-2026-11275 | Inappropriate implementation in Page Info |
| CVE-2026-11276 | Inappropriate implementation in Cast |
| CVE-2026-11277 | Insufficient policy enforcement in Chrome for iOS |
| CVE-2026-11278 | Inappropriate implementation in CustomTabs |
| CVE-2026-11279 | Out of bounds read in DevTools |
| CVE-2026-11280 | Inappropriate implementation in Signin |
| CVE-2026-11281 | Integer overflow in Chromoting |
| CVE-2026-11282 | Insufficient policy enforcement in Sandbox |
| CVE-2026-11283 | Insufficient validation of untrusted input in Shortcuts |
| CVE-2026-11284 | Side-channel information leakage in PerformanceAPIs |
| CVE-2026-11285 | Inappropriate implementation in Chrome for iOS |
| CVE-2026-11286 | Insufficient validation of untrusted input in Wallet |
| CVE-2026-11287 | Insufficient policy enforcement in Navigation |
| CVE-2026-11288 | Insufficient policy enforcement in CSS |
| CVE-2026-11289 | Side-channel information leakage in Paint |
| CVE-2026-11290 | Integer overflow in WebView |
| CVE-2026-11291 | Inappropriate implementation in Android Autofill |
| CVE-2026-11292 | Insufficient policy enforcement in Blink |
| CVE-2026-11293 | Use after free in Input |
| CVE-2026-11294 | Inappropriate implementation in Passwords |
| CVE-2026-11295 | Inappropriate implementation in WebView |
| CVE-2026-11296 | Inappropriate implementation in ImageCapture |
| CVE-2026-11297 | Insufficient validation of untrusted input in Reader Mode |
| CVE-2026-11298 | Inappropriate implementation in Chrome for iOS |
| CVE-2026-11299 | Integer overflow in Fonts |
| CVE-2026-11300 | Inappropriate implementation in Permissions |
| CVE-2026-11301 | Inappropriate implementation in LiveCaption |
| CVE-2026-11302 | Insufficient policy enforcement in Chrome for iOS |
| CVE-2026-11303 | Use after free in PDFium |
| CVE-2026-11304 | Use after free in PDFium |
| CVE-2026-11305 | Use after free in PDFium |
| CVE-2026-11306 | Use after free in PDFium |
| CVE-2026-11307 | Use after free in PDFium |
| CVE-2026-11308 | Inappropriate implementation in Extensions |
| CVE-2026-11309 | Insufficient policy enforcement in History |
| CVE-2026-11628 | Use after free in Ozone |
| CVE-2026-11629 | Use after free in Ozone |
| CVE-2026-11630 | Use after free in File Input |
| CVE-2026-11631 | Use after free in Aura |
| CVE-2026-11632 | Use after free in TabStrip |
| CVE-2026-11633 | Use after free in Bluetooth |
| CVE-2026-11634 | Use after free in Gamepad |
| CVE-2026-11635 | Use after free in Bluetooth |
| CVE-2026-11636 | Use after free in Autofill |
| CVE-2026-11637 | Use after free in Views |
| CVE-2026-11638 | Use after free in Printing |
| CVE-2026-11639 | Use after free in Compositing |
| CVE-2026-11640 | Integer overflow in libyuv |
| CVE-2026-11641 | Use after free in Bluetooth |
| CVE-2026-11642 | Use after free in Web Apps |
| CVE-2026-11643 | Use after free in Proxy |
| CVE-2026-11644 | Use after free in Views |
| CVE-2026-11645 | Out of bounds read and write in V8 |
| CVE-2026-11646 | Use after free in ViewTransitions |
| CVE-2026-11647 | Use after free in Printing |
| CVE-2026-11648 | Use after free in FullScreen |
| CVE-2026-11649 | Use after free in V8 |
| CVE-2026-11650 | Use after free in V8 |
| CVE-2026-11651 | Use after free in Network |
| CVE-2026-11652 | Use after free in Extensions |
| CVE-2026-11653 | Inappropriate implementation in Extensions |
| CVE-2026-11654 | Use after free in CameraCapture |
| CVE-2026-11655 | Integer overflow in Media |
| CVE-2026-11656 | Use after free in ServiceWorker |
| CVE-2026-11657 | Use after free in Payments |
| CVE-2026-11658 | Insufficient validation of untrusted input in Extensions |
| CVE-2026-11659 | Integer overflow in UI |
| CVE-2026-11660 | Insufficient validation of untrusted input in New Tab Page |
| CVE-2026-11661 | Use after free in Views |
| CVE-2026-11662 | Type Confusion in Bindings |
| CVE-2026-11663 | Use after free in Skia |
| CVE-2026-11664 | Use after free in Payments |
| CVE-2026-11665 | Out of bounds read in Dawn |
| CVE-2026-11666 | Insufficient validation of untrusted input in Input |
| CVE-2026-11667 | Out of bounds read in WebRTC |
| CVE-2026-11668 | Uninitialized Use in Codecs |
| CVE-2026-11669 | Out of bounds read in Media |
| CVE-2026-11670 | Use after free in PDF |
| CVE-2026-11671 | Use after free in Navigation |
| CVE-2026-11672 | Heap buffer overflow in GPU |
| CVE-2026-11673 | Use after free in InterestGroups |
| CVE-2026-11674 | Use after free in Guest View |
| CVE-2026-11675 | Out of bounds read in Skia |
| CVE-2026-11676 | Insufficient validation of untrusted input in Dawn |
| CVE-2026-11677 | Race in Network |
| CVE-2026-11678 | Integer overflow in libyuv |
| CVE-2026-11679 | Use after free in Codecs |
| CVE-2026-11680 | Use after free in Media |
| CVE-2026-11681 | Use after free in Ozone |
| CVE-2026-11682 | Inappropriate implementation in Views |
| CVE-2026-11683 | Use after free in WebCodecs |
| CVE-2026-11684 | Insufficient policy enforcement in Network |
| CVE-2026-11685 | Inappropriate implementation in MediaCapture |
| CVE-2026-11686 | Insufficient validation of untrusted input in Dawn |
| CVE-2026-11687 | Use after free in Dawn |
| CVE-2026-11688 | Inappropriate implementation in SVG |
| CVE-2026-11689 | Insufficient policy enforcement in Passwords |
| CVE-2026-11690 | Out of bounds read and write in Media |
| CVE-2026-11691 | Insufficient validation of untrusted input in New Tab Page |
| CVE-2026-11692 | Use after free in Read Anything |
| CVE-2026-11693 | Inappropriate implementation in Plugins |
| CVE-2026-11694 | Use after free in ServiceWorker |
| CVE-2026-11695 | Inappropriate implementation in Passwords |
| CVE-2026-11696 | Uninitialized Use in Video |
| CVE-2026-11697 | Insufficient validation of untrusted input in UI |
| CVE-2026-11698 | Use after free in Bluetooth |
| CVE-2026-11699 | Use after free in Bluetooth |
| CVE-2026-11700 | Use after free in Tracing |
| CVE-2026-11701 | Inappropriate implementation in Guest View |
| CVE-2026-12007 | Use after free in Core |
| CVE-2026-12008 | Use after free in DigitalCredentials |
| CVE-2026-12009 | Insufficient validation of untrusted input in Accessibility |
| CVE-2026-12010 | Heap buffer overflow in GPU |
| CVE-2026-12011 | Use after free in WebMIDI |
| CVE-2026-12012 | Use after free in Network |
| CVE-2026-12013 | Use after free in Media |
| CVE-2026-12014 | Use after free in Cast |
| CVE-2026-12015 | Use after free in Autofill |
| CVE-2026-12016 | Inappropriate implementation in DevTools |
| CVE-2026-12017 | Inappropriate implementation in Extensions |
| CVE-2026-12018 | Inappropriate implementation in Mojo |
| CVE-2026-12019 | Heap buffer overflow in Codecs |
| CVE-2026-12020 | Use after free in Autofill |
| CVE-2026-12022 | Race in Safe Browsing |
| CVE-2026-12023 | Use after free in GPU |
| CVE-2026-12024 | Insufficient policy enforcement in DevTools |
| CVE-2026-12025 | Insufficient validation of untrusted input in Network |
| CVE-2026-12026 | Out of bounds read in Video |
| CVE-2026-12027 | Inappropriate implementation in Headless |
| CVE-2026-12028 | Use after free in GPU |
| CVE-2026-12029 | Use after free in Video |
| CVE-2026-12030 | Out of bounds write in GPU |
| CVE-2026-12031 | Inappropriate implementation in Views |
| CVE-2026-12032 | Inappropriate implementation in Passwords |
| CVE-2026-12033 | Out of bounds read in VideoCapture |
| CVE-2026-12034 | Insufficient validation of untrusted input in Linux Toolkit Theming |
| CVE-2026-12035 | Use after free in Views |
| CVE-2026-0275 | Prisma Browser: Local Privilege Escalation on macOS |
Product Status
| Versions | Affected | Unaffected |
|---|---|---|
| Prisma Browser | < 149.10.3.53 | >= 150.33.2.46 |
Required Configuration for Exposure
No special configuration is required to be affected by this issue.
Severity: HIGH, Suggested Urgency: MODERATE
CVSS-BT: 7.2 / CVSS-B: 9.2 (CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber)
Exploitation Status
Palo Alto Networks is not aware of any malicious exploitation of this issue.
Solution
| CVE | Prisma Browser |
|---|---|
| CVE-2026-10881 | 149.10.3.53 |
| CVE-2026-10882 | 149.10.3.53 |
| CVE-2026-10883 | 149.10.3.53 |
| CVE-2026-10884 | 149.10.3.53 |
| CVE-2026-10885 | 149.10.3.53 |
| CVE-2026-10886 | 149.10.3.53 |
| CVE-2026-10887 | 149.10.3.53 |
| CVE-2026-10888 | 149.10.3.53 |
| CVE-2026-10889 | 149.10.3.53 |
| CVE-2026-10890 | 149.10.3.53 |
| CVE-2026-10891 | 149.10.3.53 |
| CVE-2026-10892 | 149.10.3.53 |
| CVE-2026-10893 | 149.10.3.53 |
| CVE-2026-10894 | 149.10.3.53 |
| CVE-2026-10895 | 149.10.3.53 |
| CVE-2026-10896 | 149.10.3.53 |
| CVE-2026-10897 | 149.10.3.53 |
| CVE-2026-10898 | 149.10.3.53 |
| CVE-2026-10899 | 149.10.3.53 |
| CVE-2026-10900 | 149.10.3.53 |
| CVE-2026-10901 | 149.10.3.53 |
| CVE-2026-10902 | 149.10.3.53 |
| CVE-2026-10903 | 149.10.3.53 |
| CVE-2026-10904 | 149.10.3.53 |
| CVE-2026-10905 | 149.10.3.53 |
| CVE-2026-10906 | 149.10.3.53 |
| CVE-2026-10907 | 149.10.3.53 |
| CVE-2026-10908 | 149.10.3.53 |
| CVE-2026-10909 | 149.10.3.53 |
| CVE-2026-10910 | 149.10.3.53 |
| CVE-2026-10911 | 149.10.3.53 |
| CVE-2026-10912 | 149.10.3.53 |
| CVE-2026-10913 | 149.10.3.53 |
| CVE-2026-10914 | 149.10.3.53 |
| CVE-2026-10915 | 149.10.3.53 |
| CVE-2026-10916 | 149.10.3.53 |
| CVE-2026-10917 | 149.10.3.53 |
| CVE-2026-10918 | 149.10.3.53 |
| CVE-2026-10919 | 149.10.3.53 |
| CVE-2026-10920 | 149.10.3.53 |
| CVE-2026-10921 | 149.10.3.53 |
| CVE-2026-10922 | 149.10.3.53 |
| CVE-2026-10923 | 149.10.3.53 |
| CVE-2026-10924 | 149.10.3.53 |
| CVE-2026-10925 | 149.10.3.53 |
| CVE-2026-10926 | 149.10.3.53 |
| CVE-2026-10927 | 149.10.3.53 |
| CVE-2026-10928 | 149.10.3.53 |
| CVE-2026-10929 | 149.10.3.53 |
| CVE-2026-10930 | 149.10.3.53 |
| CVE-2026-10931 | 149.10.3.53 |
| CVE-2026-10932 | 149.10.3.53 |
| CVE-2026-10933 | 149.10.3.53 |
| CVE-2026-10934 | 149.10.3.53 |
| CVE-2026-10935 | 149.10.3.53 |
| CVE-2026-10936 | 149.10.3.53 |
| CVE-2026-10937 | 149.10.3.53 |
| CVE-2026-10938 | 149.10.3.53 |
| CVE-2026-10939 | 149.10.3.53 |
| CVE-2026-10940 | 149.10.3.53 |
| CVE-2026-10941 | 149.10.3.53 |
| CVE-2026-10942 | 149.10.3.53 |
| CVE-2026-10943 | 149.10.3.53 |
| CVE-2026-10944 | 149.10.3.53 |
| CVE-2026-10945 | 149.10.3.53 |
| CVE-2026-10946 | 149.10.3.53 |
| CVE-2026-10947 | 149.10.3.53 |
| CVE-2026-10948 | 149.10.3.53 |
| CVE-2026-10949 | 149.10.3.53 |
| CVE-2026-10950 | 149.10.3.53 |
| CVE-2026-10951 | 149.10.3.53 |
| CVE-2026-10952 | 149.10.3.53 |
| CVE-2026-10953 | 149.10.3.53 |
| CVE-2026-10954 | 149.10.3.53 |
| CVE-2026-10955 | 149.10.3.53 |
| CVE-2026-10956 | 149.10.3.53 |
| CVE-2026-10957 | 149.10.3.53 |
| CVE-2026-10958 | 149.10.3.53 |
| CVE-2026-10959 | 149.10.3.53 |
| CVE-2026-10960 | 149.10.3.53 |
| CVE-2026-10961 | 149.10.3.53 |
| CVE-2026-10962 | 149.10.3.53 |
| CVE-2026-10963 | 149.10.3.53 |
| CVE-2026-10964 | 149.10.3.53 |
| CVE-2026-10965 | 149.10.3.53 |
| CVE-2026-10966 | 149.10.3.53 |
| CVE-2026-10967 | 149.10.3.53 |
| CVE-2026-10968 | 149.10.3.53 |
| CVE-2026-10969 | 149.10.3.53 |
| CVE-2026-10970 | 149.10.3.53 |
| CVE-2026-10971 | 149.10.3.53 |
| CVE-2026-10972 | 149.10.3.53 |
| CVE-2026-10973 | 149.10.3.53 |
| CVE-2026-10974 | 149.10.3.53 |
| CVE-2026-10975 | 149.10.3.53 |
| CVE-2026-10976 | 149.10.3.53 |
| CVE-2026-10977 | 149.10.3.53 |
| CVE-2026-10978 | 149.10.3.53 |
| CVE-2026-10979 | 149.10.3.53 |
| CVE-2026-10980 | 149.10.3.53 |
| CVE-2026-10981 | 149.10.3.53 |
| CVE-2026-10982 | 149.10.3.53 |
| CVE-2026-10983 | 149.10.3.53 |
| CVE-2026-10984 | 149.10.3.53 |
| CVE-2026-10985 | 149.10.3.53 |
| CVE-2026-10986 | 149.10.3.53 |
| CVE-2026-10987 | 149.10.3.53 |
| CVE-2026-10988 | 149.10.3.53 |
| CVE-2026-10989 | 149.10.3.53 |
| CVE-2026-10990 | 149.10.3.53 |
| CVE-2026-10991 | 149.10.3.53 |
| CVE-2026-10992 | 149.10.3.53 |
| CVE-2026-10993 | 149.10.3.53 |
| CVE-2026-10994 | 149.10.3.53 |
| CVE-2026-10995 | 149.10.3.53 |
| CVE-2026-10996 | 149.10.3.53 |
| CVE-2026-10997 | 149.10.3.53 |
| CVE-2026-10998 | 149.10.3.53 |
| CVE-2026-10999 | 149.10.3.53 |
| CVE-2026-11000 | 149.10.3.53 |
| CVE-2026-11001 | 149.10.3.53 |
| CVE-2026-11002 | 149.10.3.53 |
| CVE-2026-11003 | 149.10.3.53 |
| CVE-2026-11004 | 149.10.3.53 |
| CVE-2026-11005 | 149.10.3.53 |
| CVE-2026-11006 | 149.10.3.53 |
| CVE-2026-11007 | 149.10.3.53 |
| CVE-2026-11008 | 149.10.3.53 |
| CVE-2026-11009 | 149.10.3.53 |
| CVE-2026-11010 | 149.10.3.53 |
| CVE-2026-11011 | 149.10.3.53 |
| CVE-2026-11012 | 149.10.3.53 |
| CVE-2026-11013 | 149.10.3.53 |
| CVE-2026-11014 | 149.10.3.53 |
| CVE-2026-11015 | 149.10.3.53 |
| CVE-2026-11016 | 149.10.3.53 |
| CVE-2026-11017 | 149.10.3.53 |
| CVE-2026-11018 | 149.10.3.53 |
| CVE-2026-11019 | 149.10.3.53 |
| CVE-2026-11020 | 149.10.3.53 |
| CVE-2026-11021 | 149.10.3.53 |
| CVE-2026-11022 | 149.10.3.53 |
| CVE-2026-11023 | 149.10.3.53 |
| CVE-2026-11024 | 149.10.3.53 |
| CVE-2026-11025 | 149.10.3.53 |
| CVE-2026-11026 | 149.10.3.53 |
| CVE-2026-11027 | 149.10.3.53 |
| CVE-2026-11028 | 149.10.3.53 |
| CVE-2026-11029 | 149.10.3.53 |
| CVE-2026-11030 | 149.10.3.53 |
| CVE-2026-11031 | 149.10.3.53 |
| CVE-2026-11032 | 149.10.3.53 |
| CVE-2026-11033 | 149.10.3.53 |
| CVE-2026-11034 | 149.10.3.53 |
| CVE-2026-11035 | 149.10.3.53 |
| CVE-2026-11036 | 149.10.3.53 |
| CVE-2026-11037 | 149.10.3.53 |
| CVE-2026-11038 | 149.10.3.53 |
| CVE-2026-11039 | 149.10.3.53 |
| CVE-2026-11040 | 149.10.3.53 |
| CVE-2026-11041 | 149.10.3.53 |
| CVE-2026-11042 | 149.10.3.53 |
| CVE-2026-11043 | 149.10.3.53 |
| CVE-2026-11044 | 149.10.3.53 |
| CVE-2026-11045 | 149.10.3.53 |
| CVE-2026-11046 | 149.10.3.53 |
| CVE-2026-11047 | 149.10.3.53 |
| CVE-2026-11048 | 149.10.3.53 |
| CVE-2026-11049 | 149.10.3.53 |
| CVE-2026-11050 | 149.10.3.53 |
| CVE-2026-11051 | 149.10.3.53 |
| CVE-2026-11052 | 149.10.3.53 |
| CVE-2026-11054 | 149.10.3.53 |
| CVE-2026-11055 | 149.10.3.53 |
| CVE-2026-11056 | 149.10.3.53 |
| CVE-2026-11057 | 149.10.3.53 |
| CVE-2026-11058 | 149.10.3.53 |
| CVE-2026-11059 | 149.10.3.53 |
| CVE-2026-11060 | 149.10.3.53 |
| CVE-2026-11061 | 149.10.3.53 |
| CVE-2026-11062 | 149.10.3.53 |
| CVE-2026-11063 | 149.10.3.53 |
| CVE-2026-11064 | 149.10.3.53 |
| CVE-2026-11065 | 149.10.3.53 |
| CVE-2026-11066 | 149.10.3.53 |
| CVE-2026-11067 | 149.10.3.53 |
| CVE-2026-11068 | 149.10.3.53 |
| CVE-2026-11069 | 149.10.3.53 |
| CVE-2026-11070 | 149.10.3.53 |
| CVE-2026-11071 | 149.10.3.53 |
| CVE-2026-11072 | 149.10.3.53 |
| CVE-2026-11073 | 149.10.3.53 |
| CVE-2026-11074 | 149.10.3.53 |
| CVE-2026-11075 | 149.10.3.53 |
| CVE-2026-11076 | 149.10.3.53 |
| CVE-2026-11077 | 149.10.3.53 |
| CVE-2026-11078 | 149.10.3.53 |
| CVE-2026-11079 | 149.10.3.53 |
| CVE-2026-11080 | 149.10.3.53 |
| CVE-2026-11081 | 149.10.3.53 |
| CVE-2026-11082 | 149.10.3.53 |
| CVE-2026-11083 | 149.10.3.53 |
| CVE-2026-11084 | 149.10.3.53 |
| CVE-2026-11085 | 149.10.3.53 |
| CVE-2026-11086 | 149.10.3.53 |
| CVE-2026-11087 | 149.10.3.53 |
| CVE-2026-11088 | 149.10.3.53 |
| CVE-2026-11089 | 149.10.3.53 |
| CVE-2026-11090 | 149.10.3.53 |
| CVE-2026-11091 | 149.10.3.53 |
| CVE-2026-11092 | 149.10.3.53 |
| CVE-2026-11093 | 149.10.3.53 |
| CVE-2026-11094 | 149.10.3.53 |
| CVE-2026-11095 | 149.10.3.53 |
| CVE-2026-11096 | 149.10.3.53 |
| CVE-2026-11097 | 149.10.3.53 |
| CVE-2026-11098 | 149.10.3.53 |
| CVE-2026-11100 | 149.10.3.53 |
| CVE-2026-11101 | 149.10.3.53 |
| CVE-2026-11102 | 149.10.3.53 |
| CVE-2026-11103 | 149.10.3.53 |
| CVE-2026-11104 | 149.10.3.53 |
| CVE-2026-11105 | 149.10.3.53 |
| CVE-2026-11106 | 149.10.3.53 |
| CVE-2026-11107 | 149.10.3.53 |
| CVE-2026-11108 | 149.10.3.53 |
| CVE-2026-11109 | 149.10.3.53 |
| CVE-2026-11110 | 149.10.3.53 |
| CVE-2026-11111 | 149.10.3.53 |
| CVE-2026-11112 | 149.10.3.53 |
| CVE-2026-11113 | 149.10.3.53 |
| CVE-2026-11114 | 149.10.3.53 |
| CVE-2026-11115 | 149.10.3.53 |
| CVE-2026-11116 | 149.10.3.53 |
| CVE-2026-11117 | 149.10.3.53 |
| CVE-2026-11118 | 149.10.3.53 |
| CVE-2026-11119 | 149.10.3.53 |
| CVE-2026-11120 | 149.10.3.53 |
| CVE-2026-11121 | 149.10.3.53 |
| CVE-2026-11122 | 149.10.3.53 |
| CVE-2026-11123 | 149.10.3.53 |
| CVE-2026-11124 | 149.10.3.53 |
| CVE-2026-11125 | 149.10.3.53 |
| CVE-2026-11126 | 149.10.3.53 |
| CVE-2026-11127 | 149.10.3.53 |
| CVE-2026-11128 | 149.10.3.53 |
| CVE-2026-11129 | 149.10.3.53 |
| CVE-2026-11130 | 149.10.3.53 |
| CVE-2026-11131 | 149.10.3.53 |
| CVE-2026-11132 | 149.10.3.53 |
| CVE-2026-11133 | 149.10.3.53 |
| CVE-2026-11134 | 149.10.3.53 |
| CVE-2026-11135 | 149.10.3.53 |
| CVE-2026-11136 | 149.10.3.53 |
| CVE-2026-11137 | 149.10.3.53 |
| CVE-2026-11138 | 149.10.3.53 |
| CVE-2026-11139 | 149.10.3.53 |
| CVE-2026-11140 | 149.10.3.53 |
| CVE-2026-11141 | 149.10.3.53 |
| CVE-2026-11142 | 149.10.3.53 |
| CVE-2026-11143 | 149.10.3.53 |
| CVE-2026-11144 | 149.10.3.53 |
| CVE-2026-11145 | 149.10.3.53 |
| CVE-2026-11146 | 149.10.3.53 |
| CVE-2026-11147 | 149.10.3.53 |
| CVE-2026-11148 | 149.10.3.53 |
| CVE-2026-11149 | 149.10.3.53 |
| CVE-2026-11150 | 149.10.3.53 |
| CVE-2026-11151 | 149.10.3.53 |
| CVE-2026-11152 | 149.10.3.53 |
| CVE-2026-11153 | 149.10.3.53 |
| CVE-2026-11154 | 149.10.3.53 |
| CVE-2026-11155 | 149.10.3.53 |
| CVE-2026-11156 | 149.10.3.53 |
| CVE-2026-11157 | 149.10.3.53 |
| CVE-2026-11158 | 149.10.3.53 |
| CVE-2026-11159 | 149.10.3.53 |
| CVE-2026-11160 | 149.10.3.53 |
| CVE-2026-11161 | 149.10.3.53 |
| CVE-2026-11162 | 149.10.3.53 |
| CVE-2026-11163 | 149.10.3.53 |
| CVE-2026-11164 | 149.10.3.53 |
| CVE-2026-11165 | 149.10.3.53 |
| CVE-2026-11166 | 149.10.3.53 |
| CVE-2026-11167 | 149.10.3.53 |
| CVE-2026-11168 | 149.10.3.53 |
| CVE-2026-11169 | 149.10.3.53 |
| CVE-2026-11170 | 149.10.3.53 |
| CVE-2026-11171 | 149.10.3.53 |
| CVE-2026-11172 | 149.10.3.53 |
| CVE-2026-11173 | 149.10.3.53 |
| CVE-2026-11174 | 149.10.3.53 |
| CVE-2026-11175 | 149.10.3.53 |
| CVE-2026-11176 | 149.10.3.53 |
| CVE-2026-11177 | 149.10.3.53 |
| CVE-2026-11178 | 149.10.3.53 |
| CVE-2026-11179 | 149.10.3.53 |
| CVE-2026-11180 | 149.10.3.53 |
| CVE-2026-11181 | 149.10.3.53 |
| CVE-2026-11182 | 149.10.3.53 |
| CVE-2026-11183 | 149.10.3.53 |
| CVE-2026-11184 | 149.10.3.53 |
| CVE-2026-11185 | 149.10.3.53 |
| CVE-2026-11186 | 149.10.3.53 |
| CVE-2026-11187 | 149.10.3.53 |
| CVE-2026-11188 | 149.10.3.53 |
| CVE-2026-11189 | 149.10.3.53 |
| CVE-2026-11190 | 149.10.3.53 |
| CVE-2026-11191 | 149.10.3.53 |
| CVE-2026-11192 | 149.10.3.53 |
| CVE-2026-11193 | 149.10.3.53 |
| CVE-2026-11194 | 149.10.3.53 |
| CVE-2026-11195 | 149.10.3.53 |
| CVE-2026-11196 | 149.10.3.53 |
| CVE-2026-11197 | 149.10.3.53 |
| CVE-2026-11198 | 149.10.3.53 |
| CVE-2026-11199 | 149.10.3.53 |
| CVE-2026-11200 | 149.10.3.53 |
| CVE-2026-11201 | 149.10.3.53 |
| CVE-2026-11202 | 149.10.3.53 |
| CVE-2026-11203 | 149.10.3.53 |
| CVE-2026-11204 | 149.10.3.53 |
| CVE-2026-11205 | 149.10.3.53 |
| CVE-2026-11206 | 149.10.3.53 |
| CVE-2026-11207 | 149.10.3.53 |
| CVE-2026-11208 | 149.10.3.53 |
| CVE-2026-11209 | 149.10.3.53 |
| CVE-2026-11210 | 149.10.3.53 |
| CVE-2026-11211 | 149.10.3.53 |
| CVE-2026-11212 | 149.10.3.53 |
| CVE-2026-11213 | 149.10.3.53 |
| CVE-2026-11214 | 149.10.3.53 |
| CVE-2026-11215 | 149.10.3.53 |
| CVE-2026-11216 | 149.10.3.53 |
| CVE-2026-11217 | 149.10.3.53 |
| CVE-2026-11218 | 149.10.3.53 |
| CVE-2026-11219 | 149.10.3.53 |
| CVE-2026-11220 | 149.10.3.53 |
| CVE-2026-11221 | 149.10.3.53 |
| CVE-2026-11222 | 149.10.3.53 |
| CVE-2026-11223 | 149.10.3.53 |
| CVE-2026-11224 | 149.10.3.53 |
| CVE-2026-11225 | 149.10.3.53 |
| CVE-2026-11226 | 149.10.3.53 |
| CVE-2026-11227 | 149.10.3.53 |
| CVE-2026-11228 | 149.10.3.53 |
| CVE-2026-11229 | 149.10.3.53 |
| CVE-2026-11230 | 149.10.3.53 |
| CVE-2026-11231 | 149.10.3.53 |
| CVE-2026-11232 | 149.10.3.53 |
| CVE-2026-11233 | 149.10.3.53 |
| CVE-2026-11234 | 149.10.3.53 |
| CVE-2026-11235 | 149.10.3.53 |
| CVE-2026-11236 | 149.10.3.53 |
| CVE-2026-11237 | 149.10.3.53 |
| CVE-2026-11238 | 149.10.3.53 |
| CVE-2026-11239 | 149.10.3.53 |
| CVE-2026-11240 | 149.10.3.53 |
| CVE-2026-11241 | 149.10.3.53 |
| CVE-2026-11242 | 149.10.3.53 |
| CVE-2026-11243 | 149.10.3.53 |
| CVE-2026-11244 | 149.10.3.53 |
| CVE-2026-11245 | 149.10.3.53 |
| CVE-2026-11246 | 149.10.3.53 |
| CVE-2026-11247 | 149.10.3.53 |
| CVE-2026-11248 | 149.10.3.53 |
| CVE-2026-11249 | 149.10.3.53 |
| CVE-2026-11250 | 149.10.3.53 |
| CVE-2026-11251 | 149.10.3.53 |
| CVE-2026-11252 | 149.10.3.53 |
| CVE-2026-11253 | 149.10.3.53 |
| CVE-2026-11254 | 149.10.3.53 |
| CVE-2026-11255 | 149.10.3.53 |
| CVE-2026-11256 | 149.10.3.53 |
| CVE-2026-11257 | 149.10.3.53 |
| CVE-2026-11258 | 149.10.3.53 |
| CVE-2026-11259 | 149.10.3.53 |
| CVE-2026-11260 | 149.10.3.53 |
| CVE-2026-11261 | 149.10.3.53 |
| CVE-2026-11262 | 149.10.3.53 |
| CVE-2026-11263 | 149.10.3.53 |
| CVE-2026-11264 | 149.10.3.53 |
| CVE-2026-11265 | 149.10.3.53 |
| CVE-2026-11266 | 149.10.3.53 |
| CVE-2026-11267 | 149.10.3.53 |
| CVE-2026-11268 | 149.10.3.53 |
| CVE-2026-11269 | 149.10.3.53 |
| CVE-2026-11270 | 149.10.3.53 |
| CVE-2026-11271 | 149.10.3.53 |
| CVE-2026-11272 | 149.10.3.53 |
| CVE-2026-11273 | 149.10.3.53 |
| CVE-2026-11274 | 149.10.3.53 |
| CVE-2026-11275 | 149.10.3.53 |
| CVE-2026-11276 | 149.10.3.53 |
| CVE-2026-11277 | 149.10.3.53 |
| CVE-2026-11278 | 149.10.3.53 |
| CVE-2026-11279 | 149.10.3.53 |
| CVE-2026-11280 | 149.10.3.53 |
| CVE-2026-11281 | 149.10.3.53 |
| CVE-2026-11282 | 149.10.3.53 |
| CVE-2026-11283 | 149.10.3.53 |
| CVE-2026-11284 | 149.10.3.53 |
| CVE-2026-11285 | 149.10.3.53 |
| CVE-2026-11286 | 149.10.3.53 |
| CVE-2026-11287 | 149.10.3.53 |
| CVE-2026-11288 | 149.10.3.53 |
| CVE-2026-11289 | 149.10.3.53 |
| CVE-2026-11290 | 149.10.3.53 |
| CVE-2026-11291 | 149.10.3.53 |
| CVE-2026-11292 | 149.10.3.53 |
| CVE-2026-11293 | 149.10.3.53 |
| CVE-2026-11294 | 149.10.3.53 |
| CVE-2026-11295 | 149.10.3.53 |
| CVE-2026-11296 | 149.10.3.53 |
| CVE-2026-11297 | 149.10.3.53 |
| CVE-2026-11298 | 149.10.3.53 |
| CVE-2026-11299 | 149.10.3.53 |
| CVE-2026-11300 | 149.10.3.53 |
| CVE-2026-11301 | 149.10.3.53 |
| CVE-2026-11302 | 149.10.3.53 |
| CVE-2026-11303 | 149.10.3.53 |
| CVE-2026-11304 | 149.10.3.53 |
| CVE-2026-11305 | 149.10.3.53 |
| CVE-2026-11306 | 149.10.3.53 |
| CVE-2026-11307 | 149.10.3.53 |
| CVE-2026-11308 | 149.10.3.53 |
| CVE-2026-11309 | 149.10.3.53 |
| CVE-2026-11628 | 149.18.3.103 |
| CVE-2026-11629 | 149.18.3.103 |
| CVE-2026-11630 | 149.18.3.103 |
| CVE-2026-11631 | 149.18.3.103 |
| CVE-2026-11632 | 149.18.3.103 |
| CVE-2026-11633 | 149.18.3.103 |
| CVE-2026-11634 | 149.18.3.103 |
| CVE-2026-11635 | 149.18.3.103 |
| CVE-2026-11636 | 149.18.3.103 |
| CVE-2026-11637 | 149.18.3.103 |
| CVE-2026-11638 | 149.18.3.103 |
| CVE-2026-11639 | 149.18.3.103 |
| CVE-2026-11640 | 149.18.3.103 |
| CVE-2026-11641 | 149.18.3.103 |
| CVE-2026-11642 | 149.18.3.103 |
| CVE-2026-11643 | 149.18.3.103 |
| CVE-2026-11644 | 149.18.3.103 |
| CVE-2026-11645 | 149.18.3.103 |
| CVE-2026-11646 | 149.18.3.103 |
| CVE-2026-11647 | 149.18.3.103 |
| CVE-2026-11648 | 149.18.3.103 |
| CVE-2026-11649 | 149.18.3.103 |
| CVE-2026-11650 | 149.18.3.103 |
| CVE-2026-11651 | 149.18.3.103 |
| CVE-2026-11652 | 149.18.3.103 |
| CVE-2026-11653 | 149.18.3.103 |
| CVE-2026-11654 | 149.18.3.103 |
| CVE-2026-11655 | 149.18.3.103 |
| CVE-2026-11656 | 149.18.3.103 |
| CVE-2026-11657 | 149.18.3.103 |
| CVE-2026-11658 | 149.18.3.103 |
| CVE-2026-11659 | 149.18.3.103 |
| CVE-2026-11660 | 149.18.3.103 |
| CVE-2026-11661 | 149.18.3.103 |
| CVE-2026-11662 | 149.18.3.103 |
| CVE-2026-11663 | 149.18.3.103 |
| CVE-2026-11664 | 149.18.3.103 |
| CVE-2026-11665 | 149.18.3.103 |
| CVE-2026-11666 | 149.18.3.103 |
| CVE-2026-11667 | 149.18.3.103 |
| CVE-2026-11668 | 149.18.3.103 |
| CVE-2026-11669 | 149.18.3.103 |
| CVE-2026-11670 | 149.18.3.103 |
| CVE-2026-11671 | 149.18.3.103 |
| CVE-2026-11672 | 149.18.3.103 |
| CVE-2026-11673 | 149.18.3.103 |
| CVE-2026-11674 | 149.18.3.103 |
| CVE-2026-11675 | 149.18.3.103 |
| CVE-2026-11676 | 149.18.3.103 |
| CVE-2026-11677 | 149.18.3.103 |
| CVE-2026-11678 | 149.18.3.103 |
| CVE-2026-11679 | 149.18.3.103 |
| CVE-2026-11680 | 149.18.3.103 |
| CVE-2026-11681 | 149.18.3.103 |
| CVE-2026-11682 | 149.18.3.103 |
| CVE-2026-11683 | 149.18.3.103 |
| CVE-2026-11684 | 149.18.3.103 |
| CVE-2026-11685 | 149.18.3.103 |
| CVE-2026-11686 | 149.18.3.103 |
| CVE-2026-11687 | 149.18.3.103 |
| CVE-2026-11688 | 149.18.3.103 |
| CVE-2026-11689 | 149.18.3.103 |
| CVE-2026-11690 | 149.18.3.103 |
| CVE-2026-11691 | 149.18.3.103 |
| CVE-2026-11692 | 149.18.3.103 |
| CVE-2026-11693 | 149.18.3.103 |
| CVE-2026-11694 | 149.18.3.103 |
| CVE-2026-11695 | 149.18.3.103 |
| CVE-2026-11696 | 149.18.3.103 |
| CVE-2026-11697 | 149.18.3.103 |
| CVE-2026-11698 | 149.18.3.103 |
| CVE-2026-11699 | 149.18.3.103 |
| CVE-2026-11700 | 149.18.3.103 |
| CVE-2026-11701 | 149.18.3.103 |
| CVE-2026-12007 | 149.18.4.115 |
| CVE-2026-12008 | 149.18.4.115 |
| CVE-2026-12009 | 149.18.4.115 |
| CVE-2026-12010 | 149.18.4.115 |
| CVE-2026-12011 | 149.18.4.115 |
| CVE-2026-12012 | 149.18.4.115 |
| CVE-2026-12013 | 149.18.4.115 |
| CVE-2026-12014 | 149.18.4.115 |
| CVE-2026-12015 | 149.18.4.115 |
| CVE-2026-12016 | 149.18.4.115 |
| CVE-2026-12017 | 149.18.4.115 |
| CVE-2026-12018 | 149.18.4.115 |
| CVE-2026-12019 | 149.18.4.115 |
| CVE-2026-12020 | 149.18.4.115 |
| CVE-2026-12022 | 149.18.4.115 |
| CVE-2026-12023 | 149.18.4.115 |
| CVE-2026-12024 | 149.18.4.115 |
| CVE-2026-12025 | 149.18.4.115 |
| CVE-2026-12026 | 149.18.4.115 |
| CVE-2026-12027 | 149.18.4.115 |
| CVE-2026-12028 | 149.18.4.115 |
| CVE-2026-12029 | 149.18.4.115 |
| CVE-2026-12030 | 149.18.4.115 |
| CVE-2026-12031 | 149.18.4.115 |
| CVE-2026-12032 | 149.18.4.115 |
| CVE-2026-12033 | 149.18.4.115 |
| CVE-2026-12034 | 149.18.4.115 |
| CVE-2026-12035 | 149.18.4.115 |
| CVE-2026-0275 | 150.33.2.46 |
Workarounds and Mitigations
No known workarounds exist for this issue.
Acknowledgments
Palo Alto Networks thanks Kun Peeks (@SwayZGl1tZyyy) for discovering and reporting CVE-2026-0275.
CPE Applicability
- cpe:2.3:a:palo_alto_networks:prisma_browser:*:*:*:*:*:*:*:* is vulnerable from (including)149.10.3 and up to (excluding)150.33.2.46
Timeline
Initial Publication