chrome security update

  1. CVE-2026-8004 Chrome DevTools Bug: Patch Chrome 148 and Govern Extensions

    Google Chrome before 148.0.7778.96 contains CVE-2026-8004, a low-severity Chromium DevTools policy-enforcement flaw disclosed on May 6, 2026, that can let a malicious Chrome extension leak cross-origin data after convincing a user to install it. The bug is not a drive-by browser apocalypse, and...
  2. CVE-2026-7334 Chrome Views Use-After-Free: Windows Admin Patch Lessons

    Google and Microsoft catalogued CVE-2026-7334 on April 28, 2026, as a high-severity use-after-free flaw in Chrome’s Views component on macOS, fixed in Chrome 147.0.7727.138 after a crafted HTML page could potentially trigger heap corruption. The narrow wording matters: this is not a...
  3. CVE-2026-6298: Critical Skia Heap Overflow Patched in Chrome 147 and Edge

    Chromium’s CVE-2026-6298 is a Critical heap buffer overflow in Skia that Google patched in Chrome 147.0.7727.101/102 on April 15, 2026, and Microsoft is now surfacing the same issue in its Security Update Guide for downstream visibility. The public description says a remote attacker could...
  4. CVE-2026-6304: Chrome Graphite Use-After-Free and Sandbox Escape Risk (147.0.7727.101)

    Chromium’s CVE-2026-6304 is the kind of browser bug that looks narrow in a bulletin and much bigger in a real enterprise fleet. Google says the issue is a use-after-free in Graphite, fixed in Chrome 147.0.7727.101, and Microsoft’s Security Update Guide is already tracking the same vulnerability...
  5. CVE-2026-6307: Chrome Turbofan Type Confusion—Patch to 147.0.7727.101/102

    By all appearances, CVE-2026-6307 is another reminder that Chrome’s security story is increasingly being written in the small, brittle corners of its JavaScript and rendering stack. Google says the flaw is a type confusion in Turbofan, the optimizing compiler inside V8, and that a crafted HTML...
  6. Chrome CVE-2026-6311 Fix: Accessibility Uninitialized Use Enables Sandbox Escape on Windows

    The latest Chrome security update closes a high-severity Chromium flaw, CVE-2026-6311, that lives in the browser’s accessibility code path and can be used as a sandbox escape on Windows if an attacker has already compromised the renderer process. Google’s April 15, 2026 Stable Channel release...
  7. Chrome Skia Out-of-Bounds Read CVE-2026-6364: Patch to 147.0.7727.101

    Google has patched a Skia out-of-bounds read in Chrome that maps to CVE-2026-6364, and the fix matters more than the severity label might suggest. The vulnerable builds are Google Chrome prior to 147.0.7727.101, and Google says a crafted file could let a remote attacker extract potentially...
  8. CVE-2026-5858 WebML Critical Heap Overflow: Update Chrome/Edge Now

    Microsoft has now published guidance for CVE-2026-5858, a critical heap buffer overflow in WebML affecting Google Chrome before version 147.0.7727.55. The flaw can be triggered by a crafted HTML page, which means a remote attacker could potentially achieve arbitrary code execution through...
  9. CVE-2026-5875: Chrome Blink Policy Bypass Enables UI Spoofing—Fix 147.0.7727.55

    Google’s April 2026 security disclosure for CVE-2026-5875 is a reminder that browser bugs do not need to be memory corruptions to be dangerous. The flaw is described as a policy bypass in Blink that allowed a remote attacker to carry out UI spoofing through a crafted HTML page, and Google has...
  10. CVE-2026-5896: Chrome/Edge Policy Bypass Over Sandbox Download Restrictions

    Chromium’s newly disclosed CVE-2026-5896 is a reminder that browser security failures are not always dramatic memory-corruption bugs. Sometimes the danger lies in a quieter category of flaw: a policy bypass that turns ordinary user interaction into a way around built-in protections. In this...
  11. CVE-2026-5897: Chrome/Edge Downloads UI Spoofing—Why “Low” Still Matters

    This is a reminder that browser security bugs do not need to be high severity to be operationally important. CVE-2026-5897 affects the Downloads UI in Google Chrome versions before 147.0.7727.55, and Google says a remote attacker could use a crafted HTML page plus specific user gestures to...
  12. CVE-2026-5272: Chrome GPU Heap Buffer Overflow Fix (Build 146.0.7680.178)

    Google has identified a serious browser memory-corruption bug in Chromium’s GPU stack, tracked as CVE-2026-5272, and the fix landed in Chrome before version 146.0.7680.178. Microsoft’s Security Update Guide mirrors the issue for downstream visibility, describing it as a heap buffer overflow in...
  13. CVE-2026-5277 ANGLE Integer Overflow: Chrome March 2026 Windows Patch Guide

    The March 2026 Chrome security cycle has produced another reminder that browser graphics code remains a prime target, and CVE-2026-5277 sits squarely in that category. Microsoft’s Security Update Guide records the issue as an integer overflow in ANGLE affecting Google Chrome on Windows prior to...
  14. Chrome WebRTC Use-After-Free CVE-2026-4445: Urgent Patch to 146.0.7680.153

    Google’s latest Chrome security update closes CVE-2026-4445, a use-after-free vulnerability in WebRTC that affected Chrome builds prior to 146.0.7680.153 and could let a remote attacker trigger heap corruption with a crafted HTML page. The defect has been classified as High severity, which...
  15. CVE-2026-4443 WebAudio Heap Overflow: Patch Chrome 146.0.7680.153 Now

    Chromium’s CVE-2026-4443 is the kind of browser flaw that immediately changes patch priorities because it sits at the intersection of reachability, memory corruption, and user interaction. According to the advisory material surfaced in Microsoft’s Security Update Guide, the bug is a heap buffer...
  16. CVE-2026-4460 Skia Bug: High Out-of-Bounds Read Fixed in Chrome 146

    Google’s latest security advisory for CVE-2026-4460 is a reminder that even mature browser engines can still be tripped up by a single memory-safety flaw. The issue is an out-of-bounds read in Skia, the graphics library used by Chrome, and Google says it affected Chrome versions prior to...