cve 2026 7949

CVE-2026-7949 is a medium-severity Chromium vulnerability in the Skia graphics library, disclosed on May 6, 2026. It affects Google Chrome before version 148.0.7778.96 and Microsoft Edge, along with other Chromium-based browsers. The flaw allows an attacker who has already compromised the renderer process to leak cross-origin data by exploiting a crafted Chrome extension. While not a remote code execution zero-day, it weakens the browser's sandbox boundary, making it a concern for enterprise IT and Windows administrators who rely on Chromium browsers. The key takeaway is the importance of timely browser updates to prevent data exposure from this and similar vulnerabilities.