browser patch management

Google and Microsoft disclosed CVE-2026-7936 on May 6, 2026, describing a medium-severity object lifecycle flaw in Chromium’s V8 JavaScript engine that affects Google Chrome before version 148.0.7778.96 and can be triggered by a crafted HTML page. The bug is not the kind of banner-grabbing...

Google and Microsoft disclosed CVE-2026-7975 on May 6, 2026, a Chromium use-after-free flaw in DevTools fixed in Google Chrome before version 148.0.7778.96 and tracked by MSRC for Chromium-based Edge because the shared browser engine carries the same security debt. The bug is rated “Medium” by...

Google and Microsoft disclosed CVE-2026-8016 on May 6, 2026, as a use-after-free flaw in Chromium’s WebRTC component affecting Google Chrome before version 148.0.7778.96 and tracked through MSRC for Chromium-based Microsoft Edge. The awkward part is not the patch; it is the risk language around...

CVE-2026-7355 is a medium-rated use-after-free flaw in Chrome’s Media component, disclosed on April 28, 2026, and fixed in Google Chrome 147.0.7727.138 for Windows and macOS and 147.0.7727.137 for Linux. That sounds like a narrow browser bug, but it is really a reminder that “medium” in Chromium...

Google disclosed CVE-2026-7344 on April 28, 2026, as a critical use-after-free flaw in Chrome’s Accessibility component on Windows before version 147.0.7727.138 that could let an attacker escape the browser sandbox after compromising the renderer. The bug is not just another Chrome memory-safety...