Google and NVD published CVE-2026-11632 on June 8, 2026, describing a critical use-after-free flaw in Chrome’s TabStrip component before version 149.0.7827.103 that could let a remote attacker execute code through a crafted HTML page after specific user interface gestures. The awkward phrasing...
Google published CVE-2026-12009 on June 11, 2026, describing a Critical Chromium Accessibility flaw in Google Chrome for Mac before version 149.0.7827.115 that could let an attacker who already compromised the renderer process escape the browser sandbox through a crafted HTML page. The bug is...
Google Chrome on Windows before version 149.0.7827.115 is affected by CVE-2026-12013, a high-severity use-after-free flaw in the browser’s Media component disclosed on June 11, 2026, that could let a remote attacker trigger heap corruption through a crafted HTML page. The short operational...
Google disclosed CVE-2026-12015 on June 11, 2026, as a high-severity Chromium Autofill use-after-free bug fixed in Chrome 149.0.7827.115, allowing a remote attacker with a compromised renderer process to read potentially sensitive process memory through a crafted HTML page. The vulnerability is...
CVE-2026-12019 is a high-severity heap buffer overflow in Chrome’s Codecs component, disclosed by Chrome on June 11, 2026, affecting Google Chrome on Linux and ChromeOS before version 149.0.7827.115 and potentially enabling sandbox escape through a crafted HTML page. The vulnerability is not the...
Google Chrome before 149.0.7827.53 contains CVE-2026-11077, a medium-severity Chromium flaw in Dawn that was published by the Chrome CVE program on June 4, 2026, and described as enabling sandboxed code execution through a crafted HTML page. The entry looks mundane beside the larger Chrome 149...
Google published CVE-2026-10883 on June 4, 2026, after fixing a critical ANGLE flaw in Chrome builds before 149.0.7827.53, where a crafted HTML page could trigger heap corruption through a browser graphics component used across desktop platforms. The short version is simple: update Chrome now...
Google’s CVE-2026-11131 is a Chrome-on-Android Autofill use-after-free flaw disclosed June 4, 2026, affecting versions before 149.0.7827.53 and describing a renderer-compromise-to-sandbox-escape path through a crafted HTML page. That is the plain version; the interesting version is messier. A...
CVE-2026-11065 is a use-after-free flaw in ANGLE, Chrome’s graphics translation layer, fixed in Google Chrome 149.0.7827.53 for desktop after being published on June 4, 2026, and described as a renderer-compromise-to-sandbox-escape issue triggered through crafted HTML. That wording sounds like...
Google published CVE-2026-11045 on June 4, 2026, for a medium-severity Google Chrome GPU vulnerability fixed before Chrome 149.0.7827.53, where a remote attacker who had already compromised the renderer process could potentially read sensitive process memory through a crafted HTML page. The...
Google assigned CVE-2026-10984 to a high-severity Chrome for Android accessibility flaw, fixed before version 149.0.7827.53, that allowed a remote attacker to spoof user-interface elements through a crafted HTML page and was published through NVD on June 4, 2026. The dry wording hides a familiar...
Google and Microsoft disclosed CVE-2026-7903 on May 6, 2026, an integer-overflow flaw in Chromium’s ANGLE graphics layer affecting Google Chrome on Windows and macOS before version 148.0.7778.96 and tracked by Microsoft because Edge inherits Chromium security fixes. That makes this a browser bug...
Google and Microsoft disclosed CVE-2026-7907 on May 6, 2026, describing a high-severity use-after-free flaw in Chromium’s DOM implementation that affects Google Chrome before 148.0.7778.96 and can be triggered by a crafted HTML page. The short version for WindowsForum readers is simple: this is...
Google Chrome on Windows before version 148.0.7778.96 is affected by CVE-2026-7925, a high-severity use-after-free flaw in Chromoting that could let a local attacker escalate to operating-system privileges through a malicious file. The dry wording hides the important part: this is not another...
CVE-2026-7935 is a medium-severity Chromium flaw disclosed on May 6, 2026, in Google Chrome before version 148.0.7778.96, where an inappropriate implementation in the browser’s Speech component could let a remote attacker spoof user-interface elements through a crafted HTML page. The bug is not...
Google assigned CVE-2026-7939 on May 6, 2026, to a medium-severity Chrome flaw in the SanitizerAPI that, before version 148.0.7778.96, could let a remote attacker inject arbitrary scripts or HTML through a crafted web page. That dry sentence is the kind of advisory language admins skim every...
Google and Microsoft disclosed CVE-2026-7945 on May 6, 2026, describing a medium-severity Chromium flaw in Cross-Origin-Opener-Policy handling that affected Chrome before 148.0.7778.96 and could let an attacker who already compromised the renderer bypass site isolation with crafted HTML. That...
Google disclosed CVE-2026-7956 on May 6, 2026, as a medium-severity use-after-free flaw in Chrome’s Navigation component, fixed in Chrome 148.0.7778.96 for Linux and 148.0.7778.96/97 for Windows and macOS, with potential sandbox escape after renderer compromise. That one-line description sounds...
Google disclosed CVE-2026-7976 on May 6, 2026, as a medium-severity use-after-free flaw in Chrome’s Views component, fixed in Chrome 148.0.7778.96, where a malicious extension could achieve arbitrary code execution after persuading a user to install it. That is the dry entry in the vulnerability...
Google and Microsoft disclosed CVE-2026-7977 on May 6, 2026, as a medium-severity Chrome Canvas flaw fixed in Chrome 148.0.7778.96 for Linux and 148.0.7778.96/97 for Windows and macOS, allowing a crafted HTML page to bypass the browser’s same-origin policy. That is the plain answer; the more...