You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
chrome security update
About this tag
Chrome security update threads on WindowsForum cover recent high-severity and critical vulnerabilities patched in Google Chrome, including CVE-2026-11685, CVE-2026-11675, CVE-2026-11633, CVE-2026-11628, CVE-2026-7919, CVE-2026-7923, and CVE-2026-7943. These flaws involve use-after-free, out-of-bounds read/write, and sandbox escape issues in components like Skia, Aura, Ozone, ANGLE, and Bluetooth handling. Discussions emphasize the importance of patching Chrome and Chromium-based browsers on Windows, macOS, and Linux, with CERT-In warnings and Microsoft tracking. Recurring themes include browser security as frontline defense, the browser as an operating system inside the OS, and the need for enterprise patch management.
Google Chrome before 150.0.7871.47 is affected by CVE-2026-14017, a Navigation implementation flaw disclosed on June 30, 2026, that could let an attacker who already compromised Chrome’s renderer potentially escape the sandbox through a crafted HTML page. The short answer to the CPE question is...
Google patched CVE-2026-14060 in Chrome 150.0.7871.47 for Windows on June 30, 2026, closing an insufficient-input-validation flaw in Chromoting that could let a local attacker escalate privileges by convincing a user to interact with a malicious file. The bug is officially tagged “Low” by...
Google disclosed CVE-2026-13985 on June 30, 2026, as a medium-severity Chrome MediaCapture flaw fixed before version 150.0.7871.47 that could let a remote attacker spoof browser UI after already compromising the renderer process. The National Vulnerability Database enriched the entry on July 2...
Google Chrome CVE-2026-13988 is a medium-severity UI spoofing flaw in Chrome’s Paint component, fixed for desktop users in version 150.0.7871.47 after disclosure on June 30, 2026, and later enriched by NIST and CISA on July 1. The bug is not the scariest item in Chrome’s enormous late-June...
Google’s June 30, 2026 Chrome desktop update fixed CVE-2026-14069, a low-severity Chromium WebNN integer-overflow flaw affecting Chrome before 150.0.7871.47 that could let a remote attacker read potentially sensitive process memory through a crafted HTML page. The bug is not the scariest item in...
Google fixed CVE-2026-14072 in Chrome 150.0.7871.47 for Windows and Mac on June 30, 2026, after documenting a low-severity SplitView flaw that could let a remote attacker spoof browser security UI through a crafted HTML page when user interaction occurs. That sounds modest, and by the arithmetic...
Google published CVE-2026-14076 on June 30, 2026, documenting a low-severity Chromium Network policy-enforcement flaw fixed in Chrome 150.0.7871.47 that could let a remote attacker bypass Content Security Policy through a crafted HTML page. The bug is not a headline-grabbing zero-day, and...
Google Chrome before version 150.0.7871.47 on Windows and Mac is listed by NVD as affected by CVE-2026-14104, a WebAppInstalls input-validation flaw published June 30, 2026, that could let a remote attacker run arbitrary code inside Chrome’s sandbox through a crafted HTML page. The unsettling...
Google assigned CVE-2026-13834 to a high-severity Chromium flaw in ANGLE, fixed in Chrome 150.0.7871.47 after disclosure on June 30, 2026, because a crafted HTML page could let an attacker who had already compromised Chrome’s renderer attempt a sandbox escape. The bug is not a classic “visit a...
CVE-2026-11685 is a high-severity Chromium MediaCapture vulnerability affecting Google Chrome on macOS before version 149.0.7827.103, disclosed on June 8, 2026, that could let a remote attacker leak cross-origin data through a crafted HTML page. The bug is not the loudest flaw in Google’s June...
CVE-2026-11675 is a high-severity Google Chrome vulnerability disclosed in June 2026 that affects Chrome versions before 149.0.7827.103 and stems from an out-of-bounds read in Skia, allowing a renderer-compromising attacker to leak cross-origin data through a crafted HTML page. That description...
Google’s June 2026 Chrome security update fixed CVE-2026-11633, a critical use-after-free flaw in Chrome’s Bluetooth handling on macOS before version 149.0.7827.103 that could let a remote attacker execute code through a malicious peripheral. The bug is narrow in platform but broad in...
Google fixed CVE-2026-11628 on June 8, 2026, in Chrome’s Stable desktop channel, closing a critical use-after-free flaw in the Ozone platform layer affecting Chrome versions before 149.0.7827.103 on Windows, macOS, and Linux where physical device access could enable heap corruption. The oddity...
India’s Computer Emergency Response Team has warned Google Chrome users to install the latest browser update after flagging multiple high-severity vulnerabilities that could let a remote attacker compromise systems through a specially crafted web request on Windows, macOS, and Linux. The warning...
CVE-2026-7919 is a high-severity use-after-free vulnerability in Chrome’s Aura user-interface framework, fixed in Google Chrome 148.0.7778.96 for Linux and 148.0.7778.96/97 for Windows and macOS after disclosure on May 6, 2026, with Microsoft also tracking it in MSRC. The short version for...
Google’s Chrome 148 desktop update, released May 5, 2026 for Windows, macOS, and Linux, fixes CVE-2026-7923, a high-severity out-of-bounds write in Skia that could let an attacker who already compromised Chrome’s renderer attempt a sandbox escape through a crafted HTML page. That sentence is dry...
Google and Microsoft addressed CVE-2026-7943 in early May 2026 after Chrome 148.0.7778.96 fixed an ANGLE input-validation flaw that could let an attacker with a compromised renderer process perform arbitrary read and write operations through a crafted HTML page. The important part is not that...
CVE-2026-7960 is a medium-severity Chromium vulnerability disclosed on May 6, 2026, affecting Google Chrome before version 148.0.7778.96, where a race condition in the browser’s Speech component could let a remote attacker with renderer compromise read sensitive process memory through crafted...
CVE-2026-7981 is a Chromium codecs vulnerability disclosed on May 6, 2026, affecting Google Chrome before 148.0.7778.96 and tracked by Microsoft for Chromium-based Edge because a malicious file could trigger an out-of-bounds memory read. The bug is not the scariest entry in Chrome 148’s security...
Google and Microsoft disclosed CVE-2026-7999 on May 6, 2026, as a V8 information-disclosure flaw affecting Google Chrome before 148.0.7778.96 and Chromium-based browsers that consume the same engine fixes, including Microsoft Edge once its corresponding security update is applied. The bug is not...