chrome security update

CVE-2026-7919 is a high-severity use-after-free vulnerability in Chrome’s Aura user-interface framework, fixed in Google Chrome 148.0.7778.96 for Linux and 148.0.7778.96/97 for Windows and macOS after disclosure on May 6, 2026, with Microsoft also tracking it in MSRC. The short version for...

Google’s Chrome 148 desktop update, released May 5, 2026 for Windows, macOS, and Linux, fixes CVE-2026-7923, a high-severity out-of-bounds write in Skia that could let an attacker who already compromised Chrome’s renderer attempt a sandbox escape through a crafted HTML page. That sentence is dry...

Google and Microsoft addressed CVE-2026-7943 in early May 2026 after Chrome 148.0.7778.96 fixed an ANGLE input-validation flaw that could let an attacker with a compromised renderer process perform arbitrary read and write operations through a crafted HTML page. The important part is not that...

CVE-2026-7960 is a medium-severity Chromium vulnerability disclosed on May 6, 2026, affecting Google Chrome before version 148.0.7778.96, where a race condition in the browser’s Speech component could let a remote attacker with renderer compromise read sensitive process memory through crafted...

Google and Microsoft disclosed CVE-2026-7999 on May 6, 2026, as a V8 information-disclosure flaw affecting Google Chrome before 148.0.7778.96 and Chromium-based browsers that consume the same engine fixes, including Microsoft Edge once its corresponding security update is applied. The bug is not...

Google Chrome before 148.0.7778.96 contains CVE-2026-8004, a low-severity Chromium DevTools policy-enforcement flaw disclosed on May 6, 2026, that can let a malicious Chrome extension leak cross-origin data after convincing a user to install it. The bug is not a drive-by browser apocalypse, and...

Chromium’s CVE-2026-6298 is a Critical heap buffer overflow in Skia that Google patched in Chrome 147.0.7727.101/102 on April 15, 2026, and Microsoft is now surfacing the same issue in its Security Update Guide for downstream visibility. The public description says a remote attacker could...

Chromium’s CVE-2026-6304 is the kind of browser bug that looks narrow in a bulletin and much bigger in a real enterprise fleet. Google says the issue is a use-after-free in Graphite, fixed in Chrome 147.0.7727.101, and Microsoft’s Security Update Guide is already tracking the same vulnerability...

By all appearances, CVE-2026-6307 is another reminder that Chrome’s security story is increasingly being written in the small, brittle corners of its JavaScript and rendering stack. Google says the flaw is a type confusion in Turbofan, the optimizing compiler inside V8, and that a crafted HTML...

The latest Chrome security update closes a high-severity Chromium flaw, CVE-2026-6311, that lives in the browser’s accessibility code path and can be used as a sandbox escape on Windows if an attacker has already compromised the renderer process. Google’s April 15, 2026 Stable Channel release...

Google has patched a Skia out-of-bounds read in Chrome that maps to CVE-2026-6364, and the fix matters more than the severity label might suggest. The vulnerable builds are Google Chrome prior to 147.0.7727.101, and Google says a crafted file could let a remote attacker extract potentially...

Microsoft has now published guidance for CVE-2026-5858, a critical heap buffer overflow in WebML affecting Google Chrome before version 147.0.7727.55. The flaw can be triggered by a crafted HTML page, which means a remote attacker could potentially achieve arbitrary code execution through...

Google’s April 2026 security disclosure for CVE-2026-5875 is a reminder that browser bugs do not need to be memory corruptions to be dangerous. The flaw is described as a policy bypass in Blink that allowed a remote attacker to carry out UI spoofing through a crafted HTML page, and Google has...

Google has identified a serious browser memory-corruption bug in Chromium’s GPU stack, tracked as CVE-2026-5272, and the fix landed in Chrome before version 146.0.7680.178. Microsoft’s Security Update Guide mirrors the issue for downstream visibility, describing it as a heap buffer overflow in...

The March 2026 Chrome security cycle has produced another reminder that browser graphics code remains a prime target, and CVE-2026-5277 sits squarely in that category. Microsoft’s Security Update Guide records the issue as an integer overflow in ANGLE affecting Google Chrome on Windows prior to...

Google’s latest Chrome security update closes CVE-2026-4445, a use-after-free vulnerability in WebRTC that affected Chrome builds prior to 146.0.7680.153 and could let a remote attacker trigger heap corruption with a crafted HTML page. The defect has been classified as High severity, which...

Google’s latest security advisory for CVE-2026-4460 is a reminder that even mature browser engines can still be tripped up by a single memory-safety flaw. The issue is an out-of-bounds read in Skia, the graphics library used by Chrome, and Google says it affected Chrome versions prior to...