microsoft edge updates

Google and Microsoft disclosed CVE-2026-7900 in early May 2026 as a high-severity Chromium flaw in ANGLE, fixed in Google Chrome before version 148.0.7778.96 and covered in Microsoft Edge because Edge consumes Chromium code. The bug is not another routine browser crash; it is a reminder that the...

On May 6, 2026, CVE-2026-7901 entered the vulnerability databases as a high-severity use-after-free flaw in ANGLE affecting Google Chrome on macOS before version 148.0.7778.96, allowing remote code execution inside Chrome’s sandbox through a crafted HTML page. The dry wording hides the more...

Google and Microsoft documented CVE-2026-7932 in early May 2026 as a medium-severity Chromium Downloads flaw fixed in Chrome before 148.0.7778.96 and in Microsoft Edge’s Chromium-based 148.0.7778.xxx line. The bug allowed a local attacker, with user interaction, to bypass navigation restrictions...

Google and Microsoft documented CVE-2026-7974 on May 6–7, 2026, as a use-after-free flaw in Chromium’s Blink engine affecting Google Chrome before 148.0.7778.96 and Microsoft Edge’s Chromium-based builds before the corresponding 148.0.7778.xxx security update. The bug is not the loudest item in...

Google and Microsoft documented CVE-2026-7983 on May 6–7, 2026, as a medium-severity Chromium vulnerability in Dawn that affected Google Chrome before 148.0.7778.96 and Microsoft Edge through its Chromium codebase, allowing cross-origin data leakage through a crafted HTML page. The bug is not...

Google Chrome before 148.0.7778.96 on Linux and 148.0.7778.96/97 on Windows and macOS is affected by CVE-2026-7998, a low-severity Chromium Dialog flaw disclosed on May 6, 2026, that can enable UI spoofing after an attacker has already compromised the renderer process. The bug is not the kind of...

CVE-2026-8022 is a low-severity Chromium vulnerability disclosed May 6, 2026, affecting Google Chrome before 148.0.7778.96 and Microsoft Edge through its Chromium codebase, where a crafted MHTML page could leak cross-origin data after specific user interface gestures. That sentence sounds almost...

Google disclosed CVE-2026-7356 on April 28, 2026, as a high-severity use-after-free flaw in Chrome’s Navigation component, fixed in Chrome 147.0.7727.138 and later, with Microsoft tracking the Chromium issue for Edge through its Security Update Guide. The bug is not the loudest entry in the...

Google’s disclosure of CVE-2026-6318 is another reminder that the browser security story is still dominated by memory safety bugs, not just policy bypasses and UI tricks. The flaw is a use-after-free in Codecs affecting Google Chrome prior to 147.0.7727.101, and Google says a crafted HTML page...

Chromium’s newly disclosed CVE-2026-6363 is a reminder that the browser’s most sensitive attack surface still lives in V8, the JavaScript engine that powers Chrome’s page execution model. Google says the bug is a type confusion issue that could let a remote attacker trigger out-of-bounds memory...

Chromium’s CVE-2026-5863 is the kind of browser flaw that looks narrow in a bulletin but broad in operational impact. Google says the issue is an inappropriate implementation in V8, and that Chrome versions prior to 147.0.7727.55 were vulnerable to a crafted HTML page that could let a remote...

The latest Chromium security alert to land in Microsoft’s Security Update Guide is CVE-2026-5871, a type confusion in V8 that Google says could let a remote attacker execute arbitrary code inside the browser’s sandbox through a crafted HTML page. Google’s own release cadence shows this is part...

Chromium’s newly published CVE-2026-5894 is another reminder that not every browser security issue looks like a dramatic remote-code-execution headline. In this case, Google says the flaw is an inappropriate implementation in PDF that could let a remote attacker bypass navigation restrictions...

Chromium’s CVE-2026-5276 is a reminder that browser security bugs are not always dramatic crashes or remote-code-execution flaws. In this case, Google says insufficient policy enforcement in WebUSB let a remote attacker use a crafted HTML page to pull potentially sensitive data from process...

In Google Chrome’s latest security cycle, CVE-2026-5283 stands out less because of its exploit mechanics than because of what it says about the browser’s attack surface in 2026: a crafted HTML page can still be enough to pry loose cross-origin data from a widely deployed Chromium stack. Google’s...

Chromium’s CVE-2026-4457 is another reminder that the browser’s most dangerous flaws are often the ones buried deepest in its engine: V8, the JavaScript and WebAssembly runtime that underpins modern web execution. The public description says the bug is a type confusion issue that could let a...