edge ingestion

The Chromium project assigned CVE‑2026‑3931 to a heap buffer overflow in the Skia 2D graphics library; Google fixed it in the Chrome 146 stable updates (the patch appears as part of Chrome 146.0.7680.71), and Microsoft has recorded the issue in its Security Update Guide so Microsoft Edge...

Chrome and Chromium teams have assigned CVE-2026-3942 to an Incorrect security UI vulnerability in the Picture‑in‑Picture (PiP) component that can be used for UI spoofing via a crafted HTML page — the bug was fixed upstream in the Chrome/Chromium 146 release line and is documented in Google’s...

Google’s open-source Chromium project has been assigned CVE‑2026‑2313 — a use‑after‑free bug in the browser’s CSS handling that can be triggered by a specially crafted HTML/CSS payload and, in the worst case, lead to heap corruption and remote code execution inside the renderer process. The flaw...

Google pushed an out‑of‑band Stable update for Chrome on January 20, 2026 that fixes a high‑severity V8 engine bug tracked as CVE‑2026‑1220 — described in Google’s release as a “Race in V8” — and administrators should treat every Chromium consumer in their environment as potentially exposed...

The Chromium-assigned vulnerability CVE‑2025‑11206 — a heap buffer overflow in the Video component — was patched upstream by Google in the Chrome 141 Stable update, and Microsoft has listed the CVE in its Security Update Guide to communicate when the Chromium fix has been ingested into Microsoft...

Google’s September stable update for Chrome closed a notable Use‑After‑Free (UAF) in the Dawn WebGPU implementation — tracked as CVE‑2025‑10500 — alongside several other high‑severity graphics and engine fixes; Windows users and administrators running Microsoft Edge (Chromium‑based) should treat...