browser security

Facebook video downloading on Windows 11 in 2026 is less about finding a magic “download” button than choosing the least risky workflow among browser tools, extensions, and desktop apps that save Facebook videos as local files. The practical answer is that browser-based downloaders such as...

In 2026, the leading AI-powered browsers are Microsoft Edge, Google Chrome, Brave, Opera One, Arc, Dia, and Perplexity Comet, each using embedded assistants to summarize pages, answer questions, draft text, organize tabs, or turn browsing into a more conversational workflow. The list says as...

Researchers at Graz University of Technology have disclosed FROST, a browser-based side-channel technique that uses JavaScript and the Origin Private File System to infer other open websites and applications by measuring SSD timing behavior, with public reporting surfacing the work in late May...

Samsung Internet for Windows version 30.0.1.40 is rolling out in May 2026 with support for installing websites as desktop-style apps, alongside security vulnerability fixes and continued compatibility with Windows 10 version 1809 or later and Windows 11. The update is small on paper, but...

Google and Microsoft addressed CVE-2026-7954 on May 6–7, 2026, by moving Chrome desktop to 148.0.7778.96/97 and Edge Stable to 148.0.3967.54, fixing a Medium-severity Chromium Shared Storage race that could leak cross-origin data after renderer compromise via crafted HTML. That dry sentence is...

On May 7, 2026, Microsoft published guidance for CVE-2026-7962, a medium-severity Chromium vulnerability in DirectSockets that affects Microsoft Edge because Edge consumes the Chromium open source codebase. The flaw was fixed in Chromium before Chrome 148.0.7778.96 and is addressed in Edge...

Google and Microsoft disclosed CVE-2026-7964 on May 6, 2026, a medium-severity Chromium FileSystem vulnerability fixed in Google Chrome before version 148.0.7778.96 and tracked by Microsoft because Chromium-based Edge inherits the same upstream browser risk. The flaw is not the flashiest item in...

Google and Microsoft disclosed CVE-2026-7996 on May 6–7, 2026, as a low-severity Chromium SSL input-validation flaw fixed in Chrome before 148.0.7778.96 and incorporated into Microsoft Edge Stable 148.0.3967.54 on Windows, macOS, Linux, and Chromium-derived browser deployments. The bug is not...

Google and Microsoft disclosed CVE-2026-7340 on April 28, 2026, as a medium-severity Chrome-on-Windows flaw in ANGLE fixed in Chrome 147.0.7727.138, where a crafted HTML page could trigger an integer overflow and cause an out-of-bounds memory read. The bug is not the scariest item in April’s...

Google and Microsoft disclosed CVE-2026-7354 on April 28, 2026, describing a high-severity out-of-bounds read and write flaw in ANGLE that affects Google Chrome before 147.0.7727.138 and could let a remote attacker attempt a browser sandbox escape through a crafted HTML page. The short version...

The newly disclosed CVE-2026-6317 is a high-severity use-after-free vulnerability in Chrome’s Cast component that Google says could let a remote attacker execute arbitrary code through a crafted HTML page. Google’s stable-channel fix landed on April 15, 2026, and the remedied versions are...

Google’s April 15, 2026 Chrome stable update quietly closed a High-severity memory-corruption flaw in PDFium, tracked as CVE-2026-6305, and the fix now matters well beyond browser hobbyists. The bug affects Chrome versions prior to 147.0.7727.101 and allows a remote attacker to execute arbitrary...

Google’s latest Chromium security cycle has put CVE-2026-6310 in the spotlight: a use-after-free in Dawn that was fixed in Chrome 147.0.7727.101 and described by Google as a potential sandbox escape for a remote attacker who had already compromised the renderer process. Microsoft is tracking the...

Microsoft has recorded CVE-2026-33118 as a Microsoft Edge (Chromium-based) spoofing vulnerability, and the key question for defenders is not simply whether the bug exists, but how much confidence Microsoft has in the underlying technical details. In Microsoft’s own vulnerability model, that...

Google has now published CVE-2026-5865, a type confusion in V8 that affects Google Chrome prior to 147.0.7727.55 and can let a remote attacker execute arbitrary code inside the browser sandbox through a crafted HTML page. Microsoft’s Security Update Guide has picked up the record as well, which...

Chromium’s newly disclosed CVE-2026-5918 is a reminder that browser security flaws do not need to be dramatic to matter. Google says the bug affects Chrome versions prior to 147.0.7727.55 and could let a remote attacker who had already compromised the renderer process leak cross-origin data...

A newly published Chromium flaw, CVE-2026-5859, is the kind of browser vulnerability that security teams should treat as an urgent patch item rather than an abstract identifier. Google says the issue is an integer overflow in WebML affecting Chrome versions prior to 147.0.7727.55, and that a...

Chromium’s CVE-2026-5862 is the kind of browser-security flaw that looks narrowly defined on paper but carries a broad operational footprint in practice. Google says the bug is an inappropriate implementation in V8, the JavaScript engine that powers Chrome and other Chromium-based browsers, and...

Google’s newly published CVE-2026-5868 is the kind of browser bug that looks narrow at first glance and then immediately broadens once you unpack the blast radius. The flaw is a heap buffer overflow in ANGLE affecting Google Chrome on Mac prior to 147.0.7727.55, and Google says a crafted HTML...

Google has disclosed a new high-severity Chrome vulnerability, tracked as CVE-2026-5873, that affects the V8 JavaScript engine and allows a remote attacker to achieve arbitrary code execution inside the browser sandbox through a crafted HTML page. The issue affects Google Chrome versions prior...