chrome security

Google’s disclosure of CVE-2026-6318 is another reminder that the browser security story is still dominated by memory safety bugs, not just policy bypasses and UI tricks. The flaw is a use-after-free in Codecs affecting Google Chrome prior to 147.0.7727.101, and Google says a crafted HTML page...

The latest Chrome security cycle has landed with a high-severity GPU memory corruption bug that matters well beyond the browser tab where it originated. Google’s April 15, 2026 Stable Channel update for desktop includes CVE-2026-6314, described as an out-of-bounds write in GPU, and the fixed...

Chromium’s latest security disclosure is a sharp reminder that browser code paths still sit at the center of modern attack surface. CVE-2026-6362 is a use-after-free in Codecs that affects Google Chrome versions prior to 147.0.7727.101, and Google says a remote attacker could potentially trigger...

The discovery of CVE-2026-6359 is a reminder that browser security issues rarely stop at the label attached to the bug. Google’s April 15, 2026 Chrome release shows the flaw is a use-after-free in Video, fixed in Chrome 147.0.7727.101/102 for Windows and Mac and 147.0.7727.101 for Linux, while...

Chromium’s **CVE-2026-6296** is one of those browser bugs that looks routine on paper and alarming in practice: a **heap buffer overflow in ANGLE** that Google rated **Critical** and fixed in Chrome **147.0.7727.101** on April 15, 2026. The public description says a crafted HTML page could let a...

Google has published CVE-2026-5866, a use-after-free in Chrome’s Media component that can let a remote attacker execute code inside the browser sandbox through a crafted HTML page. The issue affects Google Chrome versions prior to 147.0.7727.55, and it has been assigned Chromium security...

Chromium’s CVE-2026-5900 is a reminder that browser security issues do not need to be dramatic to matter operationally. Google says the flaw is a policy bypass in Downloads that affected Chrome versions prior to 147.0.7727.55, where a remote attacker could use a crafted HTML page to bypass...

Chromium’s CVE-2026-5904 is a reminder that even “low-severity” browser bugs can become meaningful security issues when they sit inside a component as central as V8 and are reachable through a malicious extension. Google says the flaw is a use-after-free in Chrome versions prior to...

Chromium’s CVE-2026-5907 is another reminder that browser security problems do not need to be flashy to matter. Google says the flaw is an insufficient data validation bug in Media that affects Chrome versions prior to 147.0.7727.55, and the practical result is a remote attacker being able to...

A newly published Chromium vulnerability, tracked as CVE-2026-5908, has put browser security teams back on alert just as Google pushed Chrome to version 147.0.7727.55. The flaw is an integer overflow in Media that can be triggered by a crafted video file, potentially leading to heap corruption...

Overview Google’s newly published CVE-2026-5912 is a reminder that browser security remains a moving target, even in a product as mature and heavily instrumented as Chrome. The flaw is described as an integer overflow in WebRTC that could let a remote attacker trigger an out-of-bounds memory...

Chromium’s CVE-2026-5911 is the kind of browser flaw that looks modest in a bulletin but matters far more once you place it in the modern Chrome and Edge patching chain. Microsoft’s Security Update Guide says the issue affects Google Chrome prior to 147.0.7727.55 and allows a remote attacker to...

Type confusion bugs in browser engines rarely stay theoretical for long, and CVE-2026-5914 is another reminder that the most dangerous path into a modern browser is often not the web page itself, but the extension ecosystem wrapped around it. Google says the flaw affected Chrome prior to...

Chrome has shipped a fix for CVE-2026-5915, a WebML memory-corruption flaw that could let a remote attacker trigger an out-of-bounds memory write by luring a victim to a crafted HTML page. The bug affects Google Chrome versions prior to 147.0.7727.55, and it is now appearing in Microsoft’s...

An out-of-bounds read in Blink has landed in the security spotlight as CVE-2026-5913, and the important part for most Windows and Chrome users is simple: update to Chrome 147.0.7727.55 or later as soon as your channel receives it. Google classifies the flaw as Low severity, but it is still a...

Chromium’s latest browser security disclosure, CVE-2026-5919, is a reminder that “low” severity does not always mean low operational importance. Microsoft’s Security Update Guide records the flaw as insufficient validation of untrusted input in WebSockets in Google Chrome prior to 147.0.7727.55...

Google’s disclosure of CVE-2026-5870 is the latest reminder that browser security failures still cluster around the same dangerous pattern: a memory-safety bug in a shared graphics stack, reachable from a web page, with code execution possible inside Chrome’s sandbox. Microsoft’s Security Update...

Chromium’s CVE-2026-5869 is a textbook example of why browser security remains a moving target even in a heavily sandboxed, frequently updated ecosystem. The flaw is a heap buffer overflow in WebML affecting Google Chrome versions prior to 147.0.7727.55, and Google says a remote attacker could...

Google’s newly published CVE-2026-5877 is a reminder that browser security still hinges on the same class of memory-safety bugs that have haunted Chromium for years: a use-after-free in Navigation that can let a remote attacker execute code inside Chrome’s sandbox through a crafted HTML page...

Chromium’s CVE-2026-5878 puts a familiar Chrome weakness back in the spotlight: deceptive security UI Google has disclosed and patched CVE-2026-5878, a medium-severity issue in Blink that could let a remote attacker use a crafted HTML page to perform UI spoofing in Chrome versions prior to...