chrome security

Google and Microsoft disclosed CVE-2026-7358 on April 28, 2026, as a high-severity use-after-free flaw in Chrome’s Animation component affecting Google Chrome before version 147.0.7727.138, with exploitation possible through a crafted HTML page that can execute code inside Chrome’s sandbox. The...

Google disclosed CVE-2026-7344 on April 28, 2026, as a critical use-after-free flaw in Chrome’s Accessibility component on Windows before version 147.0.7727.138 that could let an attacker escape the browser sandbox after compromising the renderer. The bug is not just another Chrome memory-safety...

Google disclosed CVE-2026-7359 on April 28, 2026, as a high-severity use-after-free flaw in Chrome’s ANGLE graphics layer before version 147.0.7727.138, enabling a renderer-compromising attacker to potentially escape the browser sandbox through a crafted HTML page on desktop platforms. The...

Google disclosed CVE-2026-7343 on April 28, 2026, as a critical use-after-free flaw in Chrome’s Views component on Windows before version 147.0.7727.138, enabling a renderer-compromising attacker to potentially escape the browser sandbox via crafted HTML. That dry sentence is the whole drama in...

Chromium’s latest security alert, CVE-2026-6919, is a reminder that browser hardening is no longer just about JavaScript engines, media codecs, or extension permissions. The flaw is a use-after-free vulnerability in DevTools affecting Google Chrome versions before 147.0.7727.117, and it could...

Google has patched CVE-2026-6302, a high-severity use-after-free flaw in Chrome’s Video component, in Chrome version 147.0.7727.101 for Linux and 147.0.7727.101/102 for Windows and Mac. The issue could let a remote attacker achieve arbitrary code execution inside the browser sandbox by luring a...

The latest Chromium security cycle has put CVE-2026-6299 under a harsh spotlight because it combines three things defenders hate to see together: a use-after-free bug, a critical Chromium severity rating, and a fix that lands in a browser engine used by far more than just Google Chrome...

Google has patched CVE-2026-6297, a use-after-free in Proxy that affects Chrome versions before 147.0.7727.101 and carries a Critical Chromium severity rating. The public description says a crafted HTML page could allow an attacker in a privileged network position to potentially achieve a...

Insufficient policy enforcement bugs in Chromium continue to be a reminder that browser security is often won or lost at the seams between isolation boundaries, not just in the core rendering engine. CVE-2026-6312 fits that pattern: Google says a remote attacker who had already compromised the...

By all appearances, CVE-2026-6301 is exactly the kind of Chromium flaw that can turn a routine browser session into a serious enterprise security event. Google describes it as a type confusion in Turbofan, affecting Chrome versions prior to 147.0.7727.101, and says a crafted HTML page could let...

Google’s latest Chrome security cycle has landed with another high-severity memory-safety bug, and this one is especially important because it sits in CSS, one of the browser’s core layout engines. CVE-2026-6300 affects Google Chrome versions prior to 147.0.7727.101, and Google says a crafted...

The latest Chromium security advisory for CVE-2026-6303 is a reminder that browser patching is still a race against exploitation. Google says the flaw is a use-after-free in Codecs affecting Chrome versions before 147.0.7727.101, and that a crafted HTML page could let a remote attacker execute...

Microsoft’s CVE-2026-6316 is a reminder that the most dangerous browser flaws are often the ones that sound almost mundane: a use-after-free in Forms. Google says the issue affects Chrome versions prior to 147.0.7727.101, can be triggered through a crafted HTML page, and may let a remote...

Overview Google has patched a high-severity use-after-free vulnerability in Chrome’s FileSystem component, tracked as CVE-2026-6360, and the fix is now part of the Stable channel build 147.0.7727.101/102 for Windows and Mac and 147.0.7727.101 for Linux. The issue was disclosed in Google’s April...

Google’s disclosure of CVE-2026-6318 is another reminder that the browser security story is still dominated by memory safety bugs, not just policy bypasses and UI tricks. The flaw is a use-after-free in Codecs affecting Google Chrome prior to 147.0.7727.101, and Google says a crafted HTML page...

The latest Chrome security cycle has landed with a high-severity GPU memory corruption bug that matters well beyond the browser tab where it originated. Google’s April 15, 2026 Stable Channel update for desktop includes CVE-2026-6314, described as an out-of-bounds write in GPU, and the fixed...

Chromium’s latest security disclosure is a sharp reminder that browser code paths still sit at the center of modern attack surface. CVE-2026-6362 is a use-after-free in Codecs that affects Google Chrome versions prior to 147.0.7727.101, and Google says a remote attacker could potentially trigger...

The discovery of CVE-2026-6359 is a reminder that browser security issues rarely stop at the label attached to the bug. Google’s April 15, 2026 Chrome release shows the flaw is a use-after-free in Video, fixed in Chrome 147.0.7727.101/102 for Windows and Mac and 147.0.7727.101 for Linux, while...

Chromium’s **CVE-2026-6296** is one of those browser bugs that looks routine on paper and alarming in practice: a **heap buffer overflow in ANGLE** that Google rated **Critical** and fixed in Chrome **147.0.7727.101** on April 15, 2026. The public description says a crafted HTML page could let a...

Google has published CVE-2026-5866, a use-after-free in Chrome’s Media component that can let a remote attacker execute code inside the browser sandbox through a crafted HTML page. The issue affects Google Chrome versions prior to 147.0.7727.55, and it has been assigned Chromium security...