chrome update

Google and Microsoft disclosed CVE-2026-7929 on May 6, 2026, a high-severity use-after-free flaw in Chromium’s MediaRecording component fixed in Google Chrome 148.0.7778.96 for Linux and 148.0.7778.96/97 for Windows and macOS. The vulnerability matters because it sits in the browser’s media...

CVE-2026-7338 is a high-severity use-after-free flaw in Chromium’s Cast component, disclosed on April 28, 2026, and fixed in Google Chrome 147.0.7727.138 after researchers found local-network malicious traffic could potentially trigger heap corruption before the update. The vulnerability is not...

On April 28, 2026, Google shipped Chrome 147.0.7727.137/138 for Windows and macOS and 147.0.7727.137 for Linux, fixing CVE-2026-7336, a high-severity use-after-free flaw in WebRTC that could let a remote attacker run code inside Chrome’s sandbox through a crafted HTML page. The uncomfortable...

Google has patched a high-severity heap buffer overflow in PDFium that affects Chrome on Windows versions before 147.0.7727.101, closing off a path that could let an attacker execute code inside the browser sandbox through a crafted PDF. The fix landed in the April 15, 2026 Stable Channel...

Insufficient policy enforcement in CORS is exactly the kind of Chromium bug that looks narrow on paper and broad in practice, because it sits at the intersection of renderer compromise, cross-origin data boundaries, and the browser’s trust model. Google has assigned CVE-2026-6313 to that issue...

Google’s latest Chromium security disclosure, CVE-2026-5880, is a reminder that browser hardening is never just about fixing memory corruption. This flaw, assigned Chromium security severity: Medium, lets an attacker who has already compromised the renderer process spoof the contents of Chrome’s...

Chromium’s newly disclosed CVE-2026-5886 is a reminder that even a browser component as familiar as WebAudio can become a memory-safety risk with real-world impact. According to the record you provided, the flaw is an out-of-bounds read in Google Chrome on Mac prior to 147.0.7727.55, and a...

Google’s CVE-2026-5291 is another reminder that browser graphics code remains a high-value target, even when the issue is “only” classified as medium severity. Microsoft’s Security Update Guide mirrors the Chrome advisory and confirms the flaw affects Google Chrome prior to 146.0.7680.178, with...

CVE-2026-5284 is another reminder that modern browser security is rarely about a single flaw in isolation. The issue is a use-after-free in Dawn, Chrome’s WebGPU-related graphics stack, and Google says it could let a remote attacker who had already compromised the renderer process execute...

Google Chrome’s March 23, 2026 stable-channel security update closed a high-severity use-after-free in FedCM, tracked as CVE-2026-4680, and the affected builds were Chrome versions prior to 146.0.7680.165 on desktop. Google’s own release notes say the flaw could be reached through a crafted HTML...

Google’s December stable update corrected two high‑severity Chromium issues — a use‑after‑free in WebGPU (CVE‑2025‑14765) and an out‑of‑bounds read/write in V8 (CVE‑2025‑14766) — and the fixes were rolled into Chrome stable (143.0.7499.146/.147), with downstream consumers such as Microsoft Edge...

Google released an emergency Chrome stable update that fixes a use‑after‑free (UAF) vulnerability in the WebRTC component tracked as CVE‑2025‑10501, and Microsoft Edge (Chromium‑based) customers should treat the issue as relevant until Microsoft ships the Chromium ingestion for Edge. Background...

Chromium developers have closed a high‑severity upstream bug — tracked as CVE‑2025‑10201 — that the Chromium project describes as an “inappropriate implementation in Mojo” which could be abused, via a crafted HTML page, to bypass Chrome’s site‑isolation protections on Android, Linux and...

Updating Chrome from the command line with Winget on Windows 11 turns a repetitive, GUI-driven maintenance task into a single, scriptable operation—saving time for power users and administrators while giving clear, auditable control over browser updates. The how-to that follows summarizes the...

A recently disclosed memory-safety flaw in Chromium’s Aura windowing component — tracked as CVE-2025-8882 — allows a remote attacker who can trick a user into specific UI gestures to trigger a use‑after‑free that may lead to heap corruption; the bug was patched upstream in Google Chrome...

A recent security vulnerability, identified as CVE-2025-8583, has been discovered in Google Chrome's permissions implementation. This flaw allows remote attackers to perform user interface (UI) spoofing through specially crafted HTML pages. Google has addressed this issue in Chrome version...

A recent security vulnerability, identified as CVE-2025-8581, has been discovered in Google Chrome's Extensions component. This flaw could potentially allow remote attackers to leak cross-origin data by persuading users to perform specific actions on a crafted HTML page. Google has addressed...

A critical security vulnerability, identified as CVE-2025-8292, has been discovered in Google Chrome's Media Stream component. This "use after free" flaw allows remote attackers to exploit heap corruption through specially crafted HTML pages, potentially leading to arbitrary code execution. The...

In July 2025, Google addressed a critical security vulnerability in its Chrome browser, identified as CVE-2025-6558. This flaw, stemming from improper validation of untrusted input within the ANGLE and GPU components, was actively exploited in the wild, prompting immediate action from both...

July’s arrival signals the halfway mark of the year, and with it, another anticipated round of Microsoft’s Patch Tuesday updates. After a frenetic June—marked by urgent hotfixes, post-release patches, and a barrage of security advisories—the enterprise IT world finds itself yearning for a pause...