microsoft edge patching

Google disclosed CVE-2026-7902 on May 6, 2026, as a high-severity V8 out-of-bounds memory access flaw fixed in Chrome 148.0.7778.96 for Linux and 148.0.7778.96/97 for Windows and macOS, where a crafted HTML page could enable remote code execution inside Chrome’s sandbox. The immediate lesson is...

Google and Microsoft disclosed CVE-2026-7907 on May 6, 2026, describing a high-severity use-after-free flaw in Chromium’s DOM implementation that affects Google Chrome before 148.0.7778.96 and can be triggered by a crafted HTML page. The short version for WindowsForum readers is simple: this is...

Google and Microsoft disclosed CVE-2026-7934 in early May 2026 as a medium-severity Chromium Popup Blocker input-validation flaw fixed in Chrome 148.0.7778.96 and later, with Microsoft Edge receiving protection through its Chromium-based update stream on May 7, 2026. The bug is not the sort of...

Google and Microsoft disclosed CVE-2026-7937 on May 6, 2026, a medium-severity Chromium flaw in Chrome’s DevTools policy enforcement that, before Chrome 148.0.7778.96, let a malicious extension bypass navigation restrictions after persuading a user to install it on Windows, macOS, or Linux...

Google and Microsoft’s security pipelines treated CVE-2026-7952 as a medium-severity Chromium extension-policy flaw on May 6, 2026, affecting Chrome before 148.0.7778.96 and downstream Chromium-based browsers where the vulnerable code was still present. The bug is not the sort of browser...

Google and Microsoft disclosed CVE-2026-7979 on May 6, 2026, as a medium-severity Chromium Media flaw fixed in Chrome 148.0.7778.96 and relevant to Chromium-based browsers on Windows, macOS, and Linux. The bug is not the sort of browser vulnerability that typically produces panic headlines, but...

CVE-2026-7981 is a Chromium codecs vulnerability disclosed on May 6, 2026, affecting Google Chrome before 148.0.7778.96 and tracked by Microsoft for Chromium-based Edge because a malicious file could trigger an out-of-bounds memory read. The bug is not the scariest entry in Chrome 148’s security...

Google and Microsoft disclosed CVE-2026-7986 on May 6–7, 2026, as a medium-severity Chromium Autofill flaw fixed in Chrome 148.0.7778.96 or later and Microsoft Edge 148.0.7778.xxx, with Windows, macOS, and Linux Chrome configurations now represented in NVD data. The short answer is that the...

CVE-2026-8005 is a newly published Chromium vulnerability in Chrome’s Cast component, fixed in Google Chrome 148.0.7778.96 and later and documented by Microsoft on May 7, 2026, because Microsoft Edge inherits the Chromium code that contained the flaw. The bug is not a remote-code-execution...

CVE-2026-6308 is another stark reminder that Chrome’s most dangerous bugs are often not flashy logic failures but low-level memory-safety issues hiding in the browser’s media stack. Google says an out-of-bounds read in Media affected Chrome versions before 147.0.7727.101, and that a remote...

Chromium’s CVE-2026-6306 is exactly the kind of browser vulnerability that looks narrow at first glance but carries broad real-world risk: a heap buffer overflow in PDFium affecting Google Chrome prior to 147.0.7727.101. Google’s April 15, 2026 stable update says the flaw was fixed in Chrome...

Chromium’s newly published CVE-2026-5881 is the kind of browser issue that rarely makes headlines outside security circles, yet it matters because it strikes at a subtle layer of trust: navigation restrictions inside LocalNetworkAccess. Microsoft’s Security Update Guide records the flaw as a...

Chromium’s CVE-2026-5290 is another reminder that modern browser security is often won or lost in the rendering pipeline, not just the obvious surface areas like tabs, downloads, or extensions. The issue is described as a use-after-free in Compositing that affects Google Chrome prior to...

Chromium’s CVE-2026-5280 is another reminder that browser security is still dominated by memory-safety failures in code paths most users never think about. The flaw is a use-after-free in WebCodecs affecting Google Chrome prior to 146.0.7680.178, and Google says a remote attacker could exploit...

Chromium’s CVE-2026-4443 is the kind of browser flaw that immediately changes patch priorities because it sits at the intersection of reachability, memory corruption, and user interaction. According to the advisory material surfaced in Microsoft’s Security Update Guide, the bug is a heap buffer...

Google has identified CVE-2026-4449 as a use-after-free in Blink affecting Chrome prior to 146.0.7680.153, and the bug can let a remote attacker potentially trigger heap corruption through a crafted HTML page. Microsoft’s Security Update Guide records the same issue for downstream visibility...

Chromium: CVE-2026-3918 Use after free in WebMCP is the latest reminder that browser security is no longer just about classic sandbox escapes or renderer bugs. In Chrome’s March 2026 stable update, Google assigned CVE-2026-3918 as a high-severity use-after-free flaw in WebMCP, with a bounty of...