browser sandbox escape

Google and Microsoft disclosed CVE-2026-7333 on April 28, 2026, a high-severity use-after-free flaw in Chromium’s GPU component that affects Google Chrome before version 147.0.7727.138 and can potentially let a remote attacker escape the browser sandbox through a crafted HTML page. The short...

Chromium’s CVE-2026-6309 is a high-severity use-after-free flaw in Viz, and the practical significance is bigger than the label suggests. Google’s April 15, 2026 Stable Channel update says the issue was fixed in Chrome 147.0.7727.101/102 for Windows and Mac and 147.0.7727.101 for Linux, while...

Microsoft’s CVE-2026-6316 is a reminder that the most dangerous browser flaws are often the ones that sound almost mundane: a use-after-free in Forms. Google says the issue affects Chrome versions prior to 147.0.7727.101, can be triggered through a crafted HTML page, and may let a remote...

Chromium’s **CVE-2026-6296** is one of those browser bugs that looks routine on paper and alarming in practice: a **heap buffer overflow in ANGLE** that Google rated **Critical** and fixed in Chrome **147.0.7727.101** on April 15, 2026. The public description says a crafted HTML page could let a...

The release of CVE-2026-4456 is another reminder that browser security increasingly hinges on tiny memory-lifetime mistakes with outsized consequences. Google says the flaw is a use-after-free in the Digital Credentials API, affecting Chrome versions before 146.0.7680.153, and that a remote...