cve-2026-7982

CVE-2026-7982 is a medium-severity information disclosure vulnerability in Chromium's WebCodecs component, disclosed by Google and Microsoft on May 6, 2026. The flaw allows a remote attacker to expose sensitive process memory via a crafted HTML page. It was fixed in Google Chrome version 148.0.7778.96 and later. Because Chromium is the foundation for many browsers, this vulnerability also affects Microsoft Edge, Brave, Vivaldi, Opera, and enterprise Chromium builds on Windows. While not a code-execution zero-day, the bug turns a simple page visit into a potential information-leak event. Windows users should update their browsers promptly to mitigate the risk.