chrome 148 update

Google and Microsoft disclosed CVE-2026-7928 on May 6, 2026, as a high-severity use-after-free flaw in Chromium’s WebRTC implementation affecting Google Chrome on Windows before version 148.0.7778.96, where a crafted HTML page could allow remote code execution inside the browser sandbox. The bug...

Google and Microsoft disclosed CVE-2026-7934 in early May 2026 as a medium-severity Chromium Popup Blocker input-validation flaw fixed in Chrome 148.0.7778.96 and later, with Microsoft Edge receiving protection through its Chromium-based update stream on May 7, 2026. The bug is not the sort of...

CVE-2026-7938 is a use-after-free flaw in Chromium’s CSS handling, disclosed on May 6, 2026, fixed in Google Chrome 148.0.7778.96 or later, and inherited by Chromium-based browsers including Microsoft Edge as part of the May desktop security update cycle. The bug is rated only “Medium” by...

Google and Microsoft patched CVE-2026-7951 in early May 2026 after Chrome versions before 148.0.7778.96 were found vulnerable to an out-of-bounds write in WebRTC that could let a remote attacker run code inside Chrome’s sandbox through a crafted HTML page. The bug is not the loudest flaw in...

Google and Microsoft’s security pipelines treated CVE-2026-7952 as a medium-severity Chromium extension-policy flaw on May 6, 2026, affecting Chrome before 148.0.7778.96 and downstream Chromium-based browsers where the vulnerable code was still present. The bug is not the sort of browser...

CVE-2026-7953 is a newly published Chromium vulnerability in Chrome’s Omnibox, disclosed on May 6, 2026, fixed in Chrome 148.0.7778.96 for Linux and 148.0.7778.96/97 for Windows and macOS, and tracked by Microsoft because Chromium-based Edge inherits the same upstream security exposure. The...

Google and Microsoft disclosed CVE-2026-7986 on May 6–7, 2026, as a medium-severity Chromium Autofill flaw fixed in Chrome 148.0.7778.96 or later and Microsoft Edge 148.0.7778.xxx, with Windows, macOS, and Linux Chrome configurations now represented in NVD data. The short answer is that the...

Google disclosed CVE-2026-8013 on May 6, 2026, as a low-severity Chrome FedCM input-validation flaw fixed before version 148.0.7778.96, where a crafted HTML page could let a remote attacker leak cross-origin data after user interaction. That sounds like a small browser bug, and in isolation it...

Google’s CVE-2026-8014 is a low-severity Chromium vulnerability in Chrome’s Preload implementation, disclosed May 6, 2026, fixed before Chrome 148.0.7778.96, and capable of letting a remote attacker leak cross-origin data through a crafted HTML page if the user visits it. The short version is...