chromium security

Google and Microsoft disclosed CVE-2026-7896 on May 6, 2026, after Chrome versions before 148.0.7778.96 were found vulnerable to a critical Blink integer-overflow flaw that could let a remote attacker trigger heap corruption through a crafted HTML page. That is the plain version; the operational...

Google and Microsoft disclosed CVE-2026-7898 on May 6, 2026, as a critical Chromium use-after-free flaw in Chromoting affecting Google Chrome on Linux before version 148.0.7778.96, where malicious network traffic could enable remote code execution. That one sentence is the operational answer...

On May 6, 2026, CVE-2026-7901 entered the vulnerability databases as a high-severity use-after-free flaw in ANGLE affecting Google Chrome on macOS before version 148.0.7778.96, allowing remote code execution inside Chrome’s sandbox through a crafted HTML page. The dry wording hides the more...

Microsoft published CVE-2026-7904 for Microsoft Edge on May 7, 2026, after Google fixed a high-severity Chromium font-processing flaw in Chrome 148.0.7778.96 and later, a bug that could let a remote attacker read memory through a crafted HTML page. The short version for Windows users is simple...

Google and Microsoft documented CVE-2026-7906 on May 6, 2026, as a high-severity use-after-free flaw in Chromium’s SVG handling that affects Google Chrome before 148.0.7778.96 and can let a remote attacker run code inside the browser sandbox via crafted HTML. That phrasing sounds narrow, almost...

CVE-2026-7908 is a high-severity Chromium vulnerability disclosed on May 6, 2026, affecting Google Chrome before version 148.0.7778.96, where a use-after-free bug in the Fullscreen component could let a remote attacker attempt a sandbox escape through a crafted HTML page. That sentence sounds...

Google disclosed CVE-2026-7909 on May 6, 2026, as a high-severity Chromium flaw in ServiceWorker handling that affects Chrome before 148.0.7778.96 and could let an attacker who already compromised the renderer bypass site isolation with a crafted HTML page. That phrasing sounds narrow, almost...

CVE-2026-7910 is a high-severity Chromium use-after-free flaw in the Views component, fixed in Google Chrome 148.0.7778.96/97 on May 5, 2026, and NVD’s current enrichment already includes the Google Chrome CPE, with Windows, Linux, and macOS modeled as underlying platforms. That means the...

Google and Microsoft published CVE-2026-7917 on May 6, 2026, describing a high-severity use-after-free flaw in Chromium’s Fullscreen component on Windows before Chrome 148.0.7778.96 that could help a renderer-compromise chain escape the browser sandbox. The important phrase is not “Fullscreen,”...

Google and Microsoft disclosed CVE-2026-7916 in early May 2026, a high-severity Chromium vulnerability in the InterestGroups component that affected Google Chrome before 148.0.7778.96 and Microsoft Edge builds before the corresponding Chromium 148 update. The bug is not the loudest flaw in the...

On May 6, 2026, CVE-2026-7920 was published as a high-severity Chromium vulnerability in Skia affecting Google Chrome before version 148.0.7778.96, with Microsoft tracking it for Edge because Edge inherits Chromium’s security debt. The bug is not a garden-variety browser crash. It is a...

CVE-2026-7921 is a high-severity use-after-free flaw in Chrome’s Passwords component, disclosed on May 6, 2026, affecting Google Chrome before 148.0.7778.96 on Windows, macOS, and Linux desktops and tracked by Microsoft because Chromium-based Edge inherits the same upstream browser security...

Google and Microsoft disclosed CVE-2026-7922 on May 6, 2026, as a high-severity use-after-free flaw in Chrome’s ServiceWorker implementation affecting Google Chrome before 148.0.7778.96, where a remote attacker could potentially escape the browser sandbox through a crafted HTML page. That is the...

CVE-2026-7927 is a high-severity Chromium type-confusion vulnerability in Chrome’s Runtime component, disclosed on May 6–7, 2026, fixed in Google Chrome 148.0.7778.96 or later and documented by Microsoft because Edge inherits the same Chromium code. The short version is simple: patch Chrome and...

Google and Microsoft disclosed CVE-2026-7929 on May 6, 2026, a high-severity use-after-free flaw in Chromium’s MediaRecording component fixed in Google Chrome 148.0.7778.96 for Linux and 148.0.7778.96/97 for Windows and macOS. The vulnerability matters because it sits in the browser’s media...

Google and Microsoft disclosed CVE-2026-7934 in early May 2026 as a medium-severity Chromium Popup Blocker input-validation flaw fixed in Chrome 148.0.7778.96 and later, with Microsoft Edge receiving protection through its Chromium-based update stream on May 7, 2026. The bug is not the sort of...

CVE-2026-7938 is a use-after-free flaw in Chromium’s CSS handling, disclosed on May 6, 2026, fixed in Google Chrome 148.0.7778.96 or later, and inherited by Chromium-based browsers including Microsoft Edge as part of the May desktop security update cycle. The bug is rated only “Medium” by...

Google and Microsoft disclosed CVE-2026-7940 on May 6, 2026, a medium-severity Chromium vulnerability in V8 that affects Google Chrome before 148.0.7778.96 and can let a malicious Chrome extension execute arbitrary code inside the browser sandbox. The short version is reassuring only if your...

CVE-2026-7947 is a medium-severity Chromium Network flaw disclosed on May 6, 2026, affecting Google Chrome before 148.0.7778.96 and allowing renderer-compromising attackers to spoof browser UI through a crafted HTML page on Windows, macOS, and Linux. That phrasing is dry, but the story is not...

Google and Microsoft disclosed CVE-2026-7949 on May 6, 2026, as a medium-severity Chromium flaw in Skia that affects Google Chrome before version 148.0.7778.96 and can let an attacker with renderer compromise leak cross-origin data through a crafted Chrome extension. That is a narrow bug...