browser patching

Google and Microsoft disclosed CVE-2026-7898 on May 6, 2026, as a critical Chromium use-after-free flaw in Chromoting affecting Google Chrome on Linux before version 148.0.7778.96, where malicious network traffic could enable remote code execution. That one sentence is the operational answer...

Google and Microsoft documented CVE-2026-7906 on May 6, 2026, as a high-severity use-after-free flaw in Chromium’s SVG handling that affects Google Chrome before 148.0.7778.96 and can let a remote attacker run code inside the browser sandbox via crafted HTML. That phrasing sounds narrow, almost...

CVE-2026-7957 is a medium-severity Chromium Media out-of-bounds write flaw disclosed by Chrome on May 6, 2026, affecting Google Chrome on Mac and iOS before version 148.0.7778.96 and incorporated into Microsoft’s May 7 Edge security update stream. The short version is simple: patch the browser...

Google disclosed CVE-2026-7956 on May 6, 2026, as a medium-severity use-after-free flaw in Chrome’s Navigation component, fixed in Chrome 148.0.7778.96 for Linux and 148.0.7778.96/97 for Windows and macOS, with potential sandbox escape after renderer compromise. That one-line description sounds...

Google and Microsoft disclosed CVE-2026-7965 on May 6, 2026, as a Chromium DevTools input-validation flaw fixed in Google Chrome before version 148.0.7778.96 and tracked for Chromium-based Microsoft Edge through MSRC. The bug is not the loudest flaw in Chrome 148, and that is precisely why it...

On May 7, 2026, Microsoft published guidance for CVE-2026-7967, a Chromium Navigation flaw fixed in Chrome 148.0.7778.96 and carried into Microsoft Edge because Edge consumes the Chromium open-source browser engine. The vulnerability is easy to underrate because Chromium labels it “Medium,” yet...

Google and Microsoft documented CVE-2026-7966 on May 6–7, 2026, as a Chromium SiteIsolation input-validation flaw fixed in Chrome 148.0.7778.96 and Microsoft Edge 148.0.7778.xxx, allowing a renderer-compromising attacker to bypass site isolation with a crafted HTML page. The important part is...

Google and Microsoft disclosed CVE-2026-7989 on May 6, 2026, describing a medium-severity Chromium DataTransfer validation flaw fixed in Chrome before version 148.0.7778.96 and relevant to Chromium-based browsers, including Microsoft Edge, on Windows, macOS, and Linux. The bug is not the...

Google and Microsoft moved CVE-2026-8003 into the public vulnerability pipeline this week after Chrome 148.0.7778.96 fixed an input-validation flaw in TabGroups that could let a remote attacker spoof browser UI through malicious network traffic. The bug is rated low by Chromium but medium by...

Google disclosed CVE-2026-7347 on April 28, 2026, as a high-severity use-after-free flaw in Chrome’s Chromoting component before version 147.0.7727.138 that could let a remote attacker execute arbitrary code through malicious network traffic. That is the plain inventory line; the more important...

Google and Microsoft disclosed CVE-2026-7357 on April 28, 2026, a high-severity use-after-free flaw in Chrome’s GPU component that affects Google Chrome versions before 147.0.7727.138 and can be triggered through a crafted HTML page after renderer compromise. The short version for WindowsForum...

Chromium’s latest security alert, CVE-2026-6919, is a reminder that browser hardening is no longer just about JavaScript engines, media codecs, or extension permissions. The flaw is a use-after-free vulnerability in DevTools affecting Google Chrome versions before 147.0.7727.117, and it could...

The latest Chrome security cycle has landed with a high-severity GPU memory corruption bug that matters well beyond the browser tab where it originated. Google’s April 15, 2026 Stable Channel update for desktop includes CVE-2026-6314, described as an out-of-bounds write in GPU, and the fixed...

Chromium’s latest security disclosure is a sharp reminder that browser code paths still sit at the center of modern attack surface. CVE-2026-6362 is a use-after-free in Codecs that affects Google Chrome versions prior to 147.0.7727.101, and Google says a remote attacker could potentially trigger...

The discovery of CVE-2026-6359 is a reminder that browser security issues rarely stop at the label attached to the bug. Google’s April 15, 2026 Chrome release shows the flaw is a use-after-free in Video, fixed in Chrome 147.0.7727.101/102 for Windows and Mac and 147.0.7727.101 for Linux, while...

Chromium’s CVE-2026-5907 is another reminder that browser security problems do not need to be flashy to matter. Google says the flaw is an insufficient data validation bug in Media that affects Chrome versions prior to 147.0.7727.55, and the practical result is a remote attacker being able to...

Google has published a new Chromium security record for CVE-2026-5910, an integer overflow in Media that affects Google Chrome prior to 147.0.7727.55 and can be triggered by a crafted video file. Microsoft’s Security Update Guide is already surfacing the entry, which is exactly the kind of...

Google has published a Chromium fix for CVE-2026-5909, an integer overflow in Media that affects Chrome versions prior to 147.0.7727.55 and can be triggered by a crafted video file. The issue is listed as a remote attack scenario with potential heap corruption, and Microsoft’s Security Update...

The Chromium team has disclosed CVE-2026-5883, a use-after-free in Media that affects Google Chrome prior to 147.0.7727.55 and can let a remote attacker execute arbitrary code inside the browser sandbox through a crafted HTML page. Microsoft’s Security Update Guide also tracks the issue, and the...

CVE-2026-5891 is a good example of why browser security bugs are often more subtle than the headlines suggest. Google has assigned the issue to Chromium and describes it as insufficient policy enforcement in browser UI, a weakness that can let a remote attacker who has already compromised the...