chrome 148 security

CVE-2026-7899 is a high-severity V8 memory-safety flaw fixed in Google Chrome 148.0.7778.96 for Linux and 148.0.7778.96/97 for Windows and macOS, released on May 5, 2026, after Google determined that crafted HTML could trigger sandboxed arbitrary code execution. The bug is not the kind of...

Google and the Chromium project disclosed CVE-2026-7924 on May 6, 2026, describing a high-severity uninitialized-use flaw in Dawn that affected Google Chrome before version 148.0.7778.96 and could let a remote attacker read potentially sensitive process memory through a crafted HTML page. The...

Google and downstream vendors disclosed CVE-2026-7926 on May 6, 2026, as a high-severity use-after-free flaw in Chrome’s PresentationAPI, fixed in Chrome 148.0.7778.96 for Linux and 148.0.7778.96/97 for Windows and macOS. The short version for administrators is brutally familiar: a crafted web...

Google and Microsoft disclosed CVE-2026-7944 on May 6, 2026, as a Chromium flaw in Persistent Cache fixed in Google Chrome before version 148.0.7778.96 and tracked for Microsoft Edge because Edge inherits the Chromium codebase. The bug is not the loudest item in Chrome 148, but it is one of the...

Google and Microsoft disclosed CVE-2026-7959 on May 6, 2026, after Chrome 148 reached the stable desktop channel, fixing a medium-severity Chromium Navigation flaw that could let an attacker who had already compromised Chrome’s renderer bypass site isolation with a crafted HTML page. That...

CVE-2026-7961 is a medium-severity Chromium Permissions flaw fixed in Google Chrome 148.0.7778.96 for Linux and 148.0.7778.96/97 for Windows and Mac, published May 6, 2026, that could let a local-network attacker leak cross-origin data using malicious network traffic. It is not the kind of bug...

Google and Microsoft disclosed CVE-2026-7970 on May 6, 2026, as a use-after-free flaw in Chromium’s TopChrome component affecting Google Chrome before version 148.0.7778.96 and Chromium-based Microsoft Edge builds that consume the same upstream fix. The bug is not the loudest vulnerability in...

Google and Microsoft disclosed CVE-2026-7971 on May 6, 2026, after Chrome 148.0.7778.96/97 began rolling out for Windows, macOS, and Linux, fixing a medium-severity Chromium flaw in Opaque Response Blocking that could let a crafted HTML page bypass Site Isolation. The bug is not the loudest item...

Google disclosed CVE-2026-7972 on May 6, 2026, as a medium-severity Chromium GPU vulnerability fixed in Chrome 148.0.7778.96 for Linux and 148.0.7778.96/97 for Windows and macOS, with Microsoft tracking the same Chromium flaw through its Security Update Guide. The bug is not the...

Google and Microsoft documented CVE-2026-7974 on May 6–7, 2026, as a use-after-free flaw in Chromium’s Blink engine affecting Google Chrome before 148.0.7778.96 and Microsoft Edge’s Chromium-based builds before the corresponding 148.0.7778.xxx security update. The bug is not the loudest item in...

Google and Microsoft disclosed CVE-2026-7979 on May 6, 2026, as a medium-severity Chromium Media flaw fixed in Chrome 148.0.7778.96 and relevant to Chromium-based browsers on Windows, macOS, and Linux. The bug is not the sort of browser vulnerability that typically produces panic headlines, but...

Google Chrome before 148.0.7778.96 on Linux and 148.0.7778.96/97 on Windows and macOS is affected by CVE-2026-7998, a low-severity Chromium Dialog flaw disclosed on May 6, 2026, that can enable UI spoofing after an attacker has already compromised the renderer process. The bug is not the kind of...

Google and Microsoft disclosed CVE-2026-8002 on May 6 and May 7, 2026, describing a use-after-free flaw in Chrome’s Audio component on macOS before version 148.0.7778.96 that could let a remote attacker execute code inside Chrome’s sandbox through a crafted HTML page. The oddity is not that...

CVE-2026-8006 is a newly published Chromium vulnerability, disclosed May 6, 2026, affecting Google Chrome before version 148.0.7778.96, where insufficient DevTools policy enforcement could let a malicious extension spoof browser UI after persuading a user to install it. The flaw is not the...

Google and Microsoft disclosed CVE-2026-8012 on May 6–7, 2026, as a Chromium MHTML vulnerability fixed in Chrome before version 148.0.7778.96 that could let an attacker with renderer compromise inject arbitrary scripts or HTML through a crafted page. The bug is rated low by Chromium but scored...

Google and Microsoft disclosed CVE-2026-8019 this week as a Chromium WebApp policy-enforcement flaw fixed in Google Chrome 148.0.7778.96, allowing a remote attacker to perform user-interface spoofing through a crafted HTML page. That sounds minor beside the critical memory-safety bugs in the...