CVE-2025-46299
Google Big Sleep discovered that processing maliciously crafted
web content may disclose internal states of the app.
CVE-2026-20643
Thomas Espach discovered that processing maliciously crafted web
content may bypass Same Origin Policy.
CVE-2026-20664
Daniel Rhea, Soehnke Benedikt Fischedick, Emrovsky & Switch, and
Yevhen Pervushyn discovered that processing maliciously crafted
web content may lead to an unexpected process crash
CVE-2026-20665
webb discovered that processing maliciously crafted web content
may prevent Content Security Policy from being enforced.
CVE-2026-20691
Gongyu Ma discovered that a maliciously crafted webpage may be
able to fingerprint the user.
CVE-2026-28857
Narcis Oliveras Fontas, Soehnke Benedikt Fischedick, Daniel Rhea,
and Nathaniel Oh discovered that processing maliciously crafted
web content may lead to an unexpected process crash.
CVE-2026-28859
