You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
google chrome security
About this tag
The google chrome security tag covers discussions about vulnerabilities and patches affecting Google Chrome and its Chromium base, with a focus on Windows users and administrators. Recent threads detail high-severity flaws such as CVE-2026-11674, a use-after-free in Guest View, CVE-2026-7991, a use-after-free in the browser UI, and CVE-2026-4462, an out-of-bounds read in Blink. These bugs allow remote code execution or information disclosure via crafted HTML pages, often within Chrome's sandbox. The tag emphasizes the importance of updating Chrome promptly, verifying version numbers, and understanding how these vulnerabilities impact managed environments, including Microsoft Edge. It also highlights the ongoing challenge of memory-safety bugs in browser code.
CVE-2026-14403: Update Chrome to 150.0.7871.46 or Later and Relaunch
CVE-2026-14403 is a use-after-free vulnerability in Google Chrome’s V8 engine affecting versions earlier than 150.0.7871.46. The Chrome-originated description says a remote attacker could use a crafted HTML page to execute...
Google fixed CVE-2026-14397 in Chrome 150.0.7871.46 after identifying a Mac-specific out-of-bounds write in ANGLE that could let a remote attacker use a crafted HTML page to potentially escape the browser sandbox. The published affected range covers Google Chrome versions below 150.0.7871.46 on...
Google Chrome before version 150.0.7871.47 contains CVE-2026-14057, a FedCM implementation flaw published by NVD on June 30, 2026, that could let a remote attacker bypass same-origin policy with a crafted HTML page after user interaction. The short answer to the CPE question is: for Chrome...
Google Chrome before 150.0.7871.47 contains CVE-2026-14086, an insufficient policy enforcement flaw in the browser’s HID handling that NVD says could let a remote attacker execute arbitrary code through a crafted HTML page. That sentence is both alarming and strangely understated, because...
CVE-2026-14082 is a low-severity Chromium Storage race condition fixed in Google Chrome 150.0.7871.47 for Windows and Mac and 150.0.7871.46 for Linux, disclosed June 30, 2026, that could let a remote attacker leak cross-origin data through a crafted HTML page. The headline looks modest; the...
CVE-2026-13027 is a high-severity use-after-free flaw in Google Chrome’s FileSystem component, disclosed June 24, 2026, fixed before Chrome 149.0.7827.197, and exploitable by a remote attacker through a crafted HTML page if a user visits it in a vulnerable browser. The short version for...
CVE-2026-11674 is a high-severity Google Chrome vulnerability, published by NVD on June 8, 2026 and modified June 9, affecting Chrome versions before 149.0.7827.103, where a use-after-free flaw in Guest View could let a remote attacker run code inside Chrome’s sandbox through crafted HTML. That...
Google Chrome before 148.0.7778.96 contains CVE-2026-7991, a use-after-free flaw in the browser UI that could let a remote attacker with a compromised renderer process execute code inside Chrome’s sandbox through a crafted HTML page. The vulnerability landed in public tracking on May 6, 2026...
Google has disclosed a new high-severity Chromium flaw, CVE-2026-4462, affecting Blink in Google Chrome versions prior to 146.0.7680.153. The bug is described as an out-of-bounds read that a remote attacker could trigger through a crafted HTML page, which means the vulnerable path is reachable...