cve 2026 7936

CVE-2026-7936 is a medium-severity vulnerability in Chromium's V8 JavaScript engine affecting Google Chrome before version 148.0.7778.96. Disclosed on May 6, 2026, by Google and Microsoft, this object lifecycle flaw allows a remote attacker to trigger an out-of-bounds memory read via a crafted HTML page. While not a critical zero-day, it poses a significant risk to Windows users because it is web-delivered, memory-related, and exploits the core engine processing modern web content. The primary mitigation is updating Chrome and any Chromium-based browsers that incorporate the vulnerable V8 code. Windows administrators should prioritize patching to prevent potential information disclosure or further exploitation.