cve 2026-7938

CVE-2026-7938 is a use-after-free vulnerability in Chromium's CSS handling, disclosed on May 6, 2026. It is fixed in Google Chrome 148.0.7778.96 or later and affects Chromium-based browsers including Microsoft Edge, which received the fix as part of its May desktop security update cycle. Although rated "Medium" by Chromium, the operational risk is considered higher due to the potential for exploitation via a malicious HTML page with user interaction. This memory-safety bug in the browser's rendering stack should be treated as a patch-now priority by administrators, not deferred to a regular update cycle.