chromium security

Google and Microsoft’s security pipelines treated CVE-2026-7952 as a medium-severity Chromium extension-policy flaw on May 6, 2026, affecting Chrome before 148.0.7778.96 and downstream Chromium-based browsers where the vulnerable code was still present. The bug is not the sort of browser...

CVE-2026-7957 is a medium-severity Chromium Media out-of-bounds write flaw disclosed by Chrome on May 6, 2026, affecting Google Chrome on Mac and iOS before version 148.0.7778.96 and incorporated into Microsoft’s May 7 Edge security update stream. The short version is simple: patch the browser...

Google and Microsoft disclosed CVE-2026-7965 on May 6, 2026, as a Chromium DevTools input-validation flaw fixed in Google Chrome before version 148.0.7778.96 and tracked for Chromium-based Microsoft Edge through MSRC. The bug is not the loudest flaw in Chrome 148, and that is precisely why it...

Google and Microsoft disclosed CVE-2026-7975 on May 6, 2026, a Chromium use-after-free flaw in DevTools fixed in Google Chrome before version 148.0.7778.96 and tracked by MSRC for Chromium-based Edge because the shared browser engine carries the same security debt. The bug is rated “Medium” by...

Google and Microsoft documented CVE-2026-7980 on May 6–7, 2026, as a Chromium WebAudio use-after-free flaw fixed in Chrome before version 148.0.7778.96 and in current Microsoft Edge builds that ingest the patched Chromium code. The bug is officially “medium” in Chromium’s own severity language...

Google and Microsoft disclosed CVE-2026-7985 on May 6, 2026, a medium-severity Chromium GPU use-after-free fixed in Chrome before 148.0.7778.96 that could let an attacker who already compromised the renderer attempt a sandbox escape through a crafted HTML page. The awkward part is not the patch...

CVE-2026-7984 is a newly published Chromium use-after-free vulnerability in Chrome’s ReadingMode component, fixed in Google Chrome 148.0.7778.96 for Linux and 148.0.7778.96/97 for Windows and macOS after disclosure on May 6, 2026, and tracked by Microsoft because Edge inherits Chromium security...

Google and Microsoft disclosed CVE-2026-7989 on May 6, 2026, describing a medium-severity Chromium DataTransfer validation flaw fixed in Chrome before version 148.0.7778.96 and relevant to Chromium-based browsers, including Microsoft Edge, on Windows, macOS, and Linux. The bug is not the...

CVE-2026-8005 is a newly published Chromium vulnerability in Chrome’s Cast component, fixed in Google Chrome 148.0.7778.96 and later and documented by Microsoft on May 7, 2026, because Microsoft Edge inherits the Chromium code that contained the flaw. The bug is not a remote-code-execution...

Google’s CVE-2026-8014 is a low-severity Chromium vulnerability in Chrome’s Preload implementation, disclosed May 6, 2026, fixed before Chrome 148.0.7778.96, and capable of letting a remote attacker leak cross-origin data through a crafted HTML page if the user visits it. The short version is...

CVE-2026-8017 is a low-severity Chromium media vulnerability disclosed on May 6, 2026, affecting Google Chrome before version 148.0.7778.96 and potentially downstream Chromium browsers, where a crafted HTML page could leak cross-origin data through a side-channel. That plain description...

CVE-2026-8022 is a low-severity Chromium vulnerability disclosed May 6, 2026, affecting Google Chrome before 148.0.7778.96 and Microsoft Edge through its Chromium codebase, where a crafted MHTML page could leak cross-origin data after specific user interface gestures. That sentence sounds almost...

CVE-2026-7348 is a high-severity use-after-free flaw in Chromium’s Codecs component, disclosed April 28, 2026, fixed in Google Chrome 147.0.7727.138 for desktop, and tracked by Microsoft because Chromium-based Edge inherits the underlying browser engine risk. That dry sentence is the whole...

CVE-2026-7351 is a high-severity Chromium vulnerability disclosed on April 28, 2026, affecting Google Chrome before 147.0.7727.138, where a race condition in MHTML could let a malicious Chrome extension leak cross-origin data after persuading a user to install it. The plain-English version is...

Google and Microsoft disclosed CVE-2026-7363 on April 28, 2026, a critical Chromium use-after-free flaw in Canvas affecting Google Chrome on Linux and ChromeOS before 147.0.7727.138 and tracked by Microsoft because Chromium-based Edge inherits the same upstream security surface. The bug is not...

Chromium’s CVE-2026-6309 is a high-severity use-after-free flaw in Viz, and the practical significance is bigger than the label suggests. Google’s April 15, 2026 Stable Channel update says the issue was fixed in Chrome 147.0.7727.101/102 for Windows and Mac and 147.0.7727.101 for Linux, while...

Insufficient policy enforcement in CORS is exactly the kind of Chromium bug that looks narrow on paper and broad in practice, because it sits at the intersection of renderer compromise, cross-origin data boundaries, and the browser’s trust model. Google has assigned CVE-2026-6313 to that issue...

Chromium’s newly disclosed CVE-2026-6363 is a reminder that the browser’s most sensitive attack surface still lives in V8, the JavaScript engine that powers Chrome’s page execution model. Google says the bug is a type confusion issue that could let a remote attacker trigger out-of-bounds memory...

A newly published Chromium flaw, CVE-2026-5903, has quickly become one of those small-looking browser issues that security teams should not dismiss. Google classifies it as a policy bypass in IFrameSandbox, and the vulnerable Chrome builds are anything before 147.0.7727.55. The attack requires a...

Google has published a new Chromium security record for CVE-2026-5910, an integer overflow in Media that affects Google Chrome prior to 147.0.7727.55 and can be triggered by a crafted video file. Microsoft’s Security Update Guide is already surfacing the entry, which is exactly the kind of...