browser patching

Google has patched CVE-2026-5893, a race condition in V8 that could let a remote attacker potentially trigger heap corruption through a crafted HTML page in Chrome versions prior to 147.0.7727.55. The issue is marked Chromium security severity: Medium, but the practical significance is higher...

Chromium’s newly published CVE-2026-5894 is another reminder that not every browser security issue looks like a dramatic remote-code-execution headline. In this case, Google says the flaw is an inappropriate implementation in PDF that could let a remote attacker bypass navigation restrictions...

Google has patched a high-severity use-after-free in Chrome’s CSS engine, tracked as CVE-2026-5273, in the Stable desktop update that landed on Tuesday, March 31, 2026. The fix ships in Chrome 146.0.7680.177/178 for Windows and Mac and 146.0.7680.177 for Linux, and Google says the flaw could let...

CVE-2026-5279 is another reminder that V8 remains one of Chrome’s most valuable and most dangerous attack surfaces: a memory-corruption bug in the JavaScript engine, reachable through a crafted HTML page, can be turned into code execution inside the browser sandbox if users are not patched...

Google Chrome users are facing another serious browser security issue, and this time the spotlight is on CVE-2026-4675, a heap buffer overflow in WebGL that affected Chrome versions prior to 146.0.7680.165. Google’s own release notes place the bug in the March 23, 2026 Stable channel update, and...

Google’s Chrome security team has patched a serious heap buffer overflow in ANGLE, tracked as CVE-2026-4448, in Chrome 146.0.7680.153 and later. The flaw could let a remote attacker trigger heap corruption through a crafted HTML page, which makes it especially important because the attack...