chrome security

Google and Microsoft disclosed CVE-2026-7903 on May 6, 2026, an integer-overflow flaw in Chromium’s ANGLE graphics layer affecting Google Chrome on Windows and macOS before version 148.0.7778.96 and tracked by Microsoft because Edge inherits Chromium security fixes. That makes this a browser bug...

Google and Microsoft disclosed CVE-2026-7907 on May 6, 2026, describing a high-severity use-after-free flaw in Chromium’s DOM implementation that affects Google Chrome before 148.0.7778.96 and can be triggered by a crafted HTML page. The short version for WindowsForum readers is simple: this is...

Google Chrome on Windows before version 148.0.7778.96 is affected by CVE-2026-7925, a high-severity use-after-free flaw in Chromoting that could let a local attacker escalate to operating-system privileges through a malicious file. The dry wording hides the important part: this is not another...

CVE-2026-7935 is a medium-severity Chromium flaw disclosed on May 6, 2026, in Google Chrome before version 148.0.7778.96, where an inappropriate implementation in the browser’s Speech component could let a remote attacker spoof user-interface elements through a crafted HTML page. The bug is not...

Google assigned CVE-2026-7939 on May 6, 2026, to a medium-severity Chrome flaw in the SanitizerAPI that, before version 148.0.7778.96, could let a remote attacker inject arbitrary scripts or HTML through a crafted web page. That dry sentence is the kind of advisory language admins skim every...

Google and Microsoft disclosed CVE-2026-7945 on May 6, 2026, describing a medium-severity Chromium flaw in Cross-Origin-Opener-Policy handling that affected Chrome before 148.0.7778.96 and could let an attacker who already compromised the renderer bypass site isolation with crafted HTML. That...

Google disclosed CVE-2026-7956 on May 6, 2026, as a medium-severity use-after-free flaw in Chrome’s Navigation component, fixed in Chrome 148.0.7778.96 for Linux and 148.0.7778.96/97 for Windows and macOS, with potential sandbox escape after renderer compromise. That one-line description sounds...

Google disclosed CVE-2026-7976 on May 6, 2026, as a medium-severity use-after-free flaw in Chrome’s Views component, fixed in Chrome 148.0.7778.96, where a malicious extension could achieve arbitrary code execution after persuading a user to install it. That is the dry entry in the vulnerability...

Google and Microsoft disclosed CVE-2026-7977 on May 6, 2026, as a medium-severity Chrome Canvas flaw fixed in Chrome 148.0.7778.96 for Linux and 148.0.7778.96/97 for Windows and macOS, allowing a crafted HTML page to bypass the browser’s same-origin policy. That is the plain answer; the more...

Google disclosed CVE-2026-7987 on May 6, 2026, as a WebRTC use-after-free flaw in Chrome before version 148.0.7778.96 that can let a remote attacker run code inside the browser sandbox through a crafted HTML page. That sounds narrow, almost boring, until you notice where the bug lives: WebRTC...

Google and Microsoft disclosed CVE-2026-7995 on May 6–7, 2026, an out-of-bounds read in Chromium’s AdFilter component affecting Chrome before 148.0.7778.96 and Edge builds consuming the vulnerable Chromium code, with exploitation possible through a crafted HTML page inside the browser sandbox...

Chrome’s CVE-2026-8001, disclosed May 6, 2026 and fixed in Chrome 148.0.7778.96 for Linux and 148.0.7778.96/97 for Windows and Mac, is a printing-component use-after-free flaw that could help a renderer-compromising attacker escape the browser sandbox on Linux, macOS, and ChromeOS. That is the...

Google and Microsoft moved CVE-2026-8003 into the public vulnerability pipeline this week after Chrome 148.0.7778.96 fixed an input-validation flaw in TabGroups that could let a remote attacker spoof browser UI through malicious network traffic. The bug is rated low by Chromium but medium by...

Google and Microsoft disclosed CVE-2026-8007 on May 6, 2026, describing a Cast component input-validation flaw in Chromium-based browsers before Chrome 148.0.7778.96 that could let an attacker escalate privileges after first compromising the renderer process with a crafted web page. The dry...

CVE-2026-8011 is a low-severity Chromium vulnerability disclosed on May 6, 2026, affecting Google Chrome before version 148.0.7778.96, where insufficient policy enforcement in Search could let a remote attacker leak cross-origin data through a crafted HTML page. The bug is not the sort of...

Google and Microsoft disclosed CVE-2026-8015 on May 6, 2026, after fixing a low-severity Chromium Media flaw in Chrome versions before 148.0.7778.96 that could let a remote attacker spoof browser UI through a crafted HTML page. The bug is not the sort of memory-corruption monster that dominates...

On April 28, 2026, Google shipped Chrome 147.0.7727.137/138 for Windows and Mac and 147.0.7727.137 for Linux, fixing CVE-2026-7341, a high-severity use-after-free flaw in WebRTC that could let a remote attacker run code inside Chrome’s sandbox through a crafted HTML page. The bug is not the...

CVE-2026-7337 is a high-severity type confusion flaw in Chrome’s V8 JavaScript engine, disclosed April 28, 2026, affecting Google Chrome before 147.0.7727.138 and patched in the April 28 Stable Channel desktop update for Windows, macOS, and Linux. The bug is not a garden-variety browser...

Google disclosed CVE-2026-7345 on April 28, 2026, as a high-severity Chrome vulnerability in the browser’s Feedback component, fixed in Chrome 147.0.7727.138 after allowing a renderer-compromising attacker to potentially escape the sandbox through a crafted HTML page. That sounds narrow, almost...

Google and Microsoft disclosed CVE-2026-7335 on April 28, 2026, after Chrome’s stable desktop update to 147.0.7727.137/138 fixed a high-severity use-after-free flaw in Chromium’s media component that could let a remote attacker run code inside the browser sandbox through a crafted HTML page. The...