chrome security

Google Chrome before 149.0.7827.53 contains CVE-2026-11077, a medium-severity Chromium flaw in Dawn that was published by the Chrome CVE program on June 4, 2026, and described as enabling sandboxed code execution through a crafted HTML page. The entry looks mundane beside the larger Chrome 149...

Google published CVE-2026-10883 on June 4, 2026, after fixing a critical ANGLE flaw in Chrome builds before 149.0.7827.53, where a crafted HTML page could trigger heap corruption through a browser graphics component used across desktop platforms. The short version is simple: update Chrome now...

Google’s CVE-2026-11131 is a Chrome-on-Android Autofill use-after-free flaw disclosed June 4, 2026, affecting versions before 149.0.7827.53 and describing a renderer-compromise-to-sandbox-escape path through a crafted HTML page. That is the plain version; the interesting version is messier. A...

CVE-2026-11065 is a use-after-free flaw in ANGLE, Chrome’s graphics translation layer, fixed in Google Chrome 149.0.7827.53 for desktop after being published on June 4, 2026, and described as a renderer-compromise-to-sandbox-escape issue triggered through crafted HTML. That wording sounds like...

Google published CVE-2026-11045 on June 4, 2026, for a medium-severity Google Chrome GPU vulnerability fixed before Chrome 149.0.7827.53, where a remote attacker who had already compromised the renderer process could potentially read sensitive process memory through a crafted HTML page. The...

Google assigned CVE-2026-10984 to a high-severity Chrome for Android accessibility flaw, fixed before version 149.0.7827.53, that allowed a remote attacker to spoof user-interface elements through a crafted HTML page and was published through NVD on June 4, 2026. The dry wording hides a familiar...

Google and Microsoft disclosed CVE-2026-7903 on May 6, 2026, an integer-overflow flaw in Chromium’s ANGLE graphics layer affecting Google Chrome on Windows and macOS before version 148.0.7778.96 and tracked by Microsoft because Edge inherits Chromium security fixes. That makes this a browser bug...

Google and Microsoft disclosed CVE-2026-7907 on May 6, 2026, describing a high-severity use-after-free flaw in Chromium’s DOM implementation that affects Google Chrome before 148.0.7778.96 and can be triggered by a crafted HTML page. The short version for WindowsForum readers is simple: this is...

Google Chrome on Windows before version 148.0.7778.96 is affected by CVE-2026-7925, a high-severity use-after-free flaw in Chromoting that could let a local attacker escalate to operating-system privileges through a malicious file. The dry wording hides the important part: this is not another...

CVE-2026-7935 is a medium-severity Chromium flaw disclosed on May 6, 2026, in Google Chrome before version 148.0.7778.96, where an inappropriate implementation in the browser’s Speech component could let a remote attacker spoof user-interface elements through a crafted HTML page. The bug is not...

Google assigned CVE-2026-7939 on May 6, 2026, to a medium-severity Chrome flaw in the SanitizerAPI that, before version 148.0.7778.96, could let a remote attacker inject arbitrary scripts or HTML through a crafted web page. That dry sentence is the kind of advisory language admins skim every...

Google and Microsoft disclosed CVE-2026-7945 on May 6, 2026, describing a medium-severity Chromium flaw in Cross-Origin-Opener-Policy handling that affected Chrome before 148.0.7778.96 and could let an attacker who already compromised the renderer bypass site isolation with crafted HTML. That...

Google disclosed CVE-2026-7956 on May 6, 2026, as a medium-severity use-after-free flaw in Chrome’s Navigation component, fixed in Chrome 148.0.7778.96 for Linux and 148.0.7778.96/97 for Windows and macOS, with potential sandbox escape after renderer compromise. That one-line description sounds...

Google disclosed CVE-2026-7976 on May 6, 2026, as a medium-severity use-after-free flaw in Chrome’s Views component, fixed in Chrome 148.0.7778.96, where a malicious extension could achieve arbitrary code execution after persuading a user to install it. That is the dry entry in the vulnerability...

Google and Microsoft disclosed CVE-2026-7977 on May 6, 2026, as a medium-severity Chrome Canvas flaw fixed in Chrome 148.0.7778.96 for Linux and 148.0.7778.96/97 for Windows and macOS, allowing a crafted HTML page to bypass the browser’s same-origin policy. That is the plain answer; the more...

Google disclosed CVE-2026-7987 on May 6, 2026, as a WebRTC use-after-free flaw in Chrome before version 148.0.7778.96 that can let a remote attacker run code inside the browser sandbox through a crafted HTML page. That sounds narrow, almost boring, until you notice where the bug lives: WebRTC...

Google and Microsoft disclosed CVE-2026-7995 on May 6–7, 2026, an out-of-bounds read in Chromium’s AdFilter component affecting Chrome before 148.0.7778.96 and Edge builds consuming the vulnerable Chromium code, with exploitation possible through a crafted HTML page inside the browser sandbox...

Chrome’s CVE-2026-8001, disclosed May 6, 2026 and fixed in Chrome 148.0.7778.96 for Linux and 148.0.7778.96/97 for Windows and Mac, is a printing-component use-after-free flaw that could help a renderer-compromising attacker escape the browser sandbox on Linux, macOS, and ChromeOS. That is the...

Google and Microsoft moved CVE-2026-8003 into the public vulnerability pipeline this week after Chrome 148.0.7778.96 fixed an input-validation flaw in TabGroups that could let a remote attacker spoof browser UI through malicious network traffic. The bug is rated low by Chromium but medium by...

Google and Microsoft disclosed CVE-2026-8007 on May 6, 2026, describing a Cast component input-validation flaw in Chromium-based browsers before Chrome 148.0.7778.96 that could let an attacker escalate privileges after first compromising the renderer process with a crafted web page. The dry...