chromium vulnerability

On May 7, 2026, Microsoft published guidance for CVE-2026-7962, a medium-severity Chromium vulnerability in DirectSockets that affects Microsoft Edge because Edge consumes the Chromium open source codebase. The flaw was fixed in Chromium before Chrome 148.0.7778.96 and is addressed in Edge...

CVE-2026-7969 is a newly published Chromium vulnerability, released through the Chrome and Microsoft security ecosystems on May 6–7, 2026, affecting Google Chrome before 148.0.7778.96 and Microsoft Edge after Chromium ingestion until its corresponding 148.0.7778.xxx security update. It is not...

CVE-2026-7992 is a newly published Chromium vulnerability disclosed on May 6, 2026, affecting Google Chrome on Linux and ChromeOS before version 148.0.7778.96, where insufficient validation of untrusted UI input could let a remote attacker execute code after tricking a user into specific...

A high‑severity use‑after‑free bug in the WebMIDI implementation — tracked as CVE‑2026‑3923 and published in mid‑March 2026 — was fixed upstream in Chromium/Chrome and is now being tracked in Microsoft's Security Update Guide to tell Edge administrators when their downstream browser builds have...

Chromium’s CVE‑2026‑2317 is a medium‑severity cross‑origin data‑leak bug rooted in the browser’s Animation implementation; Google patched it in Chrome 145.0.7632.45 and — because Microsoft Edge (Chromium‑based) consumes Chromium upstream — Microsoft’s Security Update Guide (SUG) lists the CVE to...

Microsoft has quietly pushed another maintenance update to Edge’s Stable channel — build 144.0.3719.104 — bringing a mix of security fixes, routine bug corrections, and a practical administration enhancement: cross‑platform policy support in the Edge management service for Edge for Business. The...

Microsoft’s Security Response Center has recorded CVE-2025-62224 as a spoofing vulnerability affecting Microsoft Edge (Chromium-based) for Android, a user‑interface integrity issue that can allow a malicious page to misrepresent browser trust signals and provenance on mobile devices — increasing...

Google’s Chromium project patched a high‑risk graphics vulnerability — tracked as CVE‑2025‑14174 — that allowed an out‑of‑bounds memory access in the ANGLE graphics translation layer and was added to CISA’s Known Exploited Vulnerabilities (KEV) catalog, creating an urgent, operational...

Chromium CVE-2025-14373 affects an “inappropriate implementation in Toolbar” and appears in the Microsoft Security Update Guide because Microsoft Edge (Chromium‑based) consumes the upstream Chromium open‑source project — the entry announces that the latest Edge builds have ingested the Chromium...

Chromium‑assigned vulnerabilities like CVE‑2025‑12036 show up in Microsoft’s Security Update Guide because Microsoft Edge (Chromium‑based) consumes upstream Chromium code — the Security Update Guide is Microsoft’s way of telling Edge users which Edge builds have ingested the Chromium fix and are...

Chromium vulnerabilities show up in Microsoft’s Security Update Guide because Microsoft Edge (the Chromium‑based browser) consumes Chromium’s open‑source components—so the guide records upstream CVEs to tell Edge customers whether their Edge build is still exposed or has already ingested the...

Microsoft Edge 139.0.3405.111: What’s new, why it matters, and how to roll it out Release snapshot Channel and version: Stable, 139.0.3405.111 Release date: August 21, 2025 What it is: A security and servicing update with bug fixes, performance improvements, and one notable user-facing...

A fresh security vulnerability has come to light within the core of today’s most popular browsers. Tracked as CVE-2025-8577, this flaw concerns the Chromium engine’s Picture-in-Picture (PiP) feature—a component found in Google Chrome, Microsoft Edge, and a string of leading browsers. Patching...

A critical security vulnerability has surfaced in Chromium, identified as CVE-2025-8576, raising urgent alarms for users of all Chromium-based browsers, including Microsoft Edge. This flaw, classified as a "use after free" in Extensions, exposes millions of users to potential cyberattacks...

A critical security vulnerability, identified as CVE-2025-6554, has been discovered in Google's V8 JavaScript engine, which is integral to the Chromium project. This flaw, classified as a type confusion error, allows remote attackers to perform arbitrary read and write operations via specially...

In June 2025, a security vulnerability identified as CVE-2025-6556 was disclosed, affecting Google Chrome's Loader component. This flaw, stemming from insufficient policy enforcement, allowed remote attackers to bypass content security policies via crafted HTML pages. While Google Chrome...

A critical security flaw tracked as CVE-2025-5068 has recently garnered significant attention among cybersecurity professionals, browser developers, and enterprise IT administrators alike. Identified within the Chromium project, this vulnerability relates to a "use after free" issue in Blink...

The Background Fetch API in Chromium-based browsers has been a focal point for security vulnerabilities, with multiple instances of inappropriate implementations leading to cross-origin data leaks. The most recent of these is identified as CVE-2025-5064, which underscores the ongoing challenges...

In recent advisories, a critical vulnerability has come to light affecting the Chromium browser engine: CVE-2025-5063, classified as a use-after-free issue in the compositing component. This vulnerability has direct implications for both Google Chrome and Microsoft Edge (the latter being based...

Security vulnerabilities in web browsers are nothing new, but the threats posed by flaws in Chromium’s V8 JavaScript engine tend to capture particular attention in the security community. The recently disclosed CVE-2025-5280, described as an “out of bounds write” vulnerability in V8, has...