You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve-2026-7977
About this tag
CVE-2026-7977 is a medium-severity vulnerability in Google Chrome's Canvas implementation that allows a crafted HTML page to bypass the browser's same-origin policy. Disclosed on May 6, 2026, the flaw was fixed in Chrome 148.0.7778.96 for Linux and 148.0.7778.96/97 for Windows and macOS. For Windows administrators, this CVE highlights how Chromium has become a critical part of the operating environment, even though it is not part of Windows itself. The vulnerability resides in the Canvas API, where web graphics and privacy boundaries intersect, making it a notable concern for enterprise security. Admins should ensure Chrome is updated to the patched version to mitigate the risk of same-origin policy bypass.
Google and Microsoft disclosed CVE-2026-7977 on May 6, 2026, as a medium-severity Chrome Canvas flaw fixed in Chrome 148.0.7778.96 for Linux and 148.0.7778.96/97 for Windows and macOS, allowing a crafted HTML page to bypass the browser’s same-origin policy. That is the plain answer; the more...