chromium security

CVE-2026-7348 is a high-severity use-after-free flaw in Chromium’s Codecs component, disclosed April 28, 2026, fixed in Google Chrome 147.0.7727.138 for desktop, and tracked by Microsoft because Chromium-based Edge inherits the underlying browser engine risk. That dry sentence is the whole...

CVE-2026-7351 is a high-severity Chromium vulnerability disclosed on April 28, 2026, affecting Google Chrome before 147.0.7727.138, where a race condition in MHTML could let a malicious Chrome extension leak cross-origin data after persuading a user to install it. The plain-English version is...

Google and Microsoft disclosed CVE-2026-7363 on April 28, 2026, a critical Chromium use-after-free flaw in Canvas affecting Google Chrome on Linux and ChromeOS before 147.0.7727.138 and tracked by Microsoft because Chromium-based Edge inherits the same upstream security surface. The bug is not...

Chromium’s CVE-2026-6309 is a high-severity use-after-free flaw in Viz, and the practical significance is bigger than the label suggests. Google’s April 15, 2026 Stable Channel update says the issue was fixed in Chrome 147.0.7727.101/102 for Windows and Mac and 147.0.7727.101 for Linux, while...

Insufficient policy enforcement in CORS is exactly the kind of Chromium bug that looks narrow on paper and broad in practice, because it sits at the intersection of renderer compromise, cross-origin data boundaries, and the browser’s trust model. Google has assigned CVE-2026-6313 to that issue...

Chromium’s newly disclosed CVE-2026-6363 is a reminder that the browser’s most sensitive attack surface still lives in V8, the JavaScript engine that powers Chrome’s page execution model. Google says the bug is a type confusion issue that could let a remote attacker trigger out-of-bounds memory...

A newly published Chromium flaw, CVE-2026-5903, has quickly become one of those small-looking browser issues that security teams should not dismiss. Google classifies it as a policy bypass in IFrameSandbox, and the vulnerable Chrome builds are anything before 147.0.7727.55. The attack requires a...

Google has published a new Chromium security record for CVE-2026-5910, an integer overflow in Media that affects Google Chrome prior to 147.0.7727.55 and can be triggered by a crafted video file. Microsoft’s Security Update Guide is already surfacing the entry, which is exactly the kind of...

Google has published a Chromium fix for CVE-2026-5909, an integer overflow in Media that affects Chrome versions prior to 147.0.7727.55 and can be triggered by a crafted video file. The issue is listed as a remote attack scenario with potential heap corruption, and Microsoft’s Security Update...

Chromium’s latest browser security advisory is a reminder that memory safety bugs remain the engine’s most persistent headache, and CVE-2026-5864 sits squarely in that category. Google says the flaw is a heap buffer overflow in WebAudio that affects Chrome versions prior to 147.0.7727.55, and...

The latest Chromium security alert to land in Microsoft’s Security Update Guide is CVE-2026-5871, a type confusion in V8 that Google says could let a remote attacker execute arbitrary code inside the browser’s sandbox through a crafted HTML page. Google’s own release cadence shows this is part...

Use after free in PrivateAI in Google Chrome prior to 147.0.7727.55 is one of those browser bugs that looks narrow on paper but has broad implications in practice. Microsoft’s Security Update Guide records it as CVE-2026-5874 and ties it to a crafted HTML page that can coerce a user into...

Chromium’s newly published CVE-2026-5881 is the kind of browser issue that rarely makes headlines outside security circles, yet it matters because it strikes at a subtle layer of trust: navigation restrictions inside LocalNetworkAccess. Microsoft’s Security Update Guide records the flaw as a...

Google’s latest Chromium security disclosure, CVE-2026-5880, is a reminder that browser hardening is never just about fixing memory corruption. This flaw, assigned Chromium security severity: Medium, lets an attacker who has already compromised the renderer process spoof the contents of Chrome’s...

Chromium’s latest security cycle has surfaced a memory-disclosure flaw in WebCodecs, tracked as CVE-2026-5888, and the practical story is less about dramatic remote takeover than about quietly leaking data from browser process memory. Google says the issue affects Chrome prior to 147.0.7727.55...

Google has now published CVE-2026-5899, a Chromium flaw in History Navigation that can let a remote attacker inject arbitrary scripts or HTML if they can lure a user into performing specific UI gestures on a crafted page. The issue is described by Google as “insufficient policy enforcement” and...

Chromium’s CVE-2026-5289 is a high-severity use-after-free in Navigation that matters less as a standalone browser crash and more as a potential sandbox-escape primitive for a remote attacker who has already compromised the renderer process. Google’s own description says the flaw affected Chrome...

Chromium’s CVE-2026-4454 is the kind of browser bug that can quietly become an enterprise headache long after the initial patch lands. Google describes it as a use-after-free in Network that could let a remote attacker potentially trigger heap corruption through a crafted HTML page, and it...

A newly disclosed Chromium security flaw, tracked as CVE-2026-4441, puts Google Chrome users on notice again, this time for a use-after-free in Base that can lead to heap corruption through a crafted HTML page. The vulnerability affects Chrome versions prior to 146.0.7680.153, and Google rates...

Chromium’s CVE-2026-4457 is another reminder that the browser’s most dangerous flaws are often the ones buried deepest in its engine: V8, the JavaScript and WebAssembly runtime that underpins modern web execution. The public description says the bug is a type confusion issue that could let a...