Google fixed CVE-2026-14003 in Chrome 150.0.7871.47, released on June 30, 2026, after documenting a medium-severity Extensions flaw that could let a malicious Chrome extension leak cross-origin data if a user installed it. The vulnerability is not a drive-by browser apocalypse, and neither...
Google fixed CVE-2026-14004, a medium-severity Chrome CSS vulnerability, in the June 30, 2026 Stable Channel desktop update that moved Windows and macOS users to Chrome 150.0.7871.46/.47 and blocked a crafted web page from leaking cross-origin data. The bug is not a splashy remote-code-execution...
Google fixed CVE-2026-14009 in the June 30, 2026 Chrome 150 stable desktop update, patching an insufficient data validation flaw in Chrome’s Passwords component that affected versions before 150.0.7871.47 and could allow heap corruption through a crafted HTML page. The short version is simple...
Google fixed CVE-2026-14011, a medium-severity out-of-bounds read in Chrome’s SurfaceCapture component, in the June 30, 2026 Chrome 150 stable desktop update for Windows, macOS, and Linux before version 150.0.7871.47. The bug matters less because it is spectacular and more because it sits in the...
Google disclosed CVE-2026-14012 on June 30, 2026, as a medium-severity Chrome flaw in CSS that could let a remote attacker obtain potentially sensitive process-memory information through a crafted HTML page before Chrome 150.0.7871.47. The fix landed inside the much larger Chrome 150 stable...
Google disclosed CVE-2026-14014 on June 30, 2026, as a medium-severity Chrome vulnerability fixed in desktop Chrome 150.0.7871.47, where an inappropriate implementation in the browser’s Paint component could let a remote attacker spoof user-interface content through a crafted HTML page. The...
Google patched CVE-2026-14019 in Chrome 150.0.7871.47 for Windows and Mac on June 30, 2026, fixing a medium-severity Passwords-component flaw that could let a remote attacker leak cross-origin data through a crafted HTML page if a user visited it. The National Vulnerability Database entry, fed...
Google disclosed CVE-2026-14024 on June 30, 2026, as a medium-severity use-after-free flaw in Chrome’s Linux Ozone layer, fixed for Chrome 150 and described by NVD as affecting Google Chrome on Linux before version 150.0.7871.47. The bug is not a Windows vulnerability in the narrow platform...
Google Chrome before version 150.0.7871.47 contains CVE-2026-14026, a SplitView security-interface flaw disclosed on June 30, 2026, that can let a remote attacker use a crafted HTML page and user gestures to spoof browser UI on Windows, macOS, and Linux. The bug is not a drive-by code execution...
On June 30, 2026, Google disclosed CVE-2026-14037, a Chrome GPU-process policy-enforcement flaw fixed in desktop Chrome 150.0.7871.47 that could let an attacker escape the browser sandbox after first compromising the renderer process with a crafted HTML page. The awkward part is not merely the...
Google fixed CVE-2026-14040 in Chrome 150.0.7871.47, released through the Stable Channel for desktop on June 30, 2026, after documenting a low-severity use-after-free flaw in BrowserTag that required a malicious Chrome extension and user installation to become exploitable. That narrow attack...
Google Chrome before version 150.0.7871.47 on Windows and Mac contains CVE-2026-14056, a Media input-validation flaw disclosed June 30, 2026, that could let an attacker who already compromised Chrome’s renderer process attempt a sandbox escape through a crafted video file. The uncomfortable part...
Google Chrome CVE-2026-14061 is a low-severity Chromium Dawn information-disclosure flaw fixed in Chrome 150.0.7871.47, published by NVD on June 30, 2026, and later enriched by CISA with a medium CVSS 3.1 score tied to crafted HTML and user interaction. The oddity is not the bug itself; it is...
Google Chrome before version 150.0.7871.47 contains CVE-2026-14063, a low-severity Chromium flaw in the Chromecast component that Google says could let a local attacker read potentially sensitive process memory through malicious network traffic under user-interaction conditions. That sounds...
Google’s Chrome team fixed CVE-2026-14070, an information-disclosure flaw in Chrome’s WebNN implementation, in the June 30, 2026 Stable Channel update that moved desktop users to Chrome 150.0.7871.46 or 150.0.7871.47 across Windows, macOS, and Linux, according to NVD and Google’s release notes...
Google published CVE-2026-14084 on June 30, 2026, for an insufficient-input-validation flaw in Chrome’s Chromoting component before version 150.0.7871.47, where malicious network traffic could potentially trigger heap corruption in the browser. The entry looks modest at first because Chromium...
Google fixed CVE-2026-14087 in Chrome 150.0.7871.47 for Windows on June 30, 2026, after documenting a WebNN heap buffer overflow that could be reached through a crafted HTML page once an attacker had already compromised the renderer process. The bug is formally rated Low by Chromium, but CISA’s...
Google Chrome before version 150.0.7871.47 contained CVE-2026-14089, a low-severity Chromium PopupBlocker input-validation flaw disclosed June 30, 2026, that could let an attacker who had already compromised the renderer process spoof browser UI through a crafted HTML page. The National...
Google Chrome fixed CVE-2026-14093 in the June 30, 2026 Chrome 150 stable desktop release for Windows, macOS, and Linux, closing a Cast use-after-free flaw that could let an attacker escape the browser sandbox after first compromising the renderer process. The oddity is not that Chrome had...
Google fixed CVE-2026-14100 in Chrome 150.0.7871.47 after disclosing on June 30, 2026 that insufficient data validation in Chromium’s NetworkCache could let a remote attacker leak cross-origin data through a crafted HTML page. The bug is not a headline-grabbing memory-corruption zero-day, and...