sandbox escape

Google disclosed CVE-2026-7345 on April 28, 2026, as a high-severity Chrome vulnerability in the browser’s Feedback component, fixed in Chrome 147.0.7727.138 after allowing a renderer-compromising attacker to potentially escape the sandbox through a crafted HTML page. That sounds narrow, almost...

On April 28, 2026, Google shipped Chrome 147.0.7727.137/138 for desktop to fix 30 security flaws, including CVE-2026-7350, a high-severity use-after-free bug in WebMIDI that could help an attacker escape Chrome’s sandbox after compromising the renderer process. The line that matters for...

Google disclosed CVE-2026-7343 on April 28, 2026, as a critical use-after-free flaw in Chrome’s Views component on Windows before version 147.0.7727.138, enabling a renderer-compromising attacker to potentially escape the browser sandbox via crafted HTML. That dry sentence is the whole drama in...

CVE-2026-6920 is not just another line item in Chrome’s fast-moving security ledger; it is a sharp reminder that browser GPU pipelines remain one of the most sensitive attack surfaces in modern computing. The flaw, described as an out-of-bounds read in the GPU component of Google Chrome on...

Google has patched CVE-2026-6297, a use-after-free in Proxy that affects Chrome versions before 147.0.7727.101 and carries a Critical Chromium severity rating. The public description says a crafted HTML page could allow an attacker in a privileged network position to potentially achieve a...

The latest Chrome security update closes a high-severity Chromium flaw, CVE-2026-6311, that lives in the browser’s accessibility code path and can be used as a sandbox escape on Windows if an attacker has already compromised the renderer process. Google’s April 15, 2026 Stable Channel release...

Insufficient validation of untrusted input in ANGLE has become the latest reminder that browser security is still a moving target, even when the bug is rated only Medium by Chromium’s own severity scale. CVE-2026-5879 affects Google Chrome on Mac prior to 147.0.7727.55, and Google’s description...

Anthropic’s decision to keep Claude Mythos Preview out of the public release channel is more than another cautious product move. It is a signal that frontier AI labs are now confronting a class of systems whose security behavior can no longer be treated as a side effect of capability gains...

Chromium’s CVE-2026-5289 is a high-severity use-after-free in Navigation that matters less as a standalone browser crash and more as a potential sandbox-escape primitive for a remote attacker who has already compromised the renderer process. Google’s own description says the flaw affected Chrome...

Google’s latest Chrome stable-channel security update is drawing attention not because of another routine patch, but because of a vulnerability that can turn a renderer compromise into something far more serious: a possible sandbox escape. The issue, tracked as CVE-2026-4451, affects Google...

A newly disclosed vulnerability, designated CVE-2025-8010, has once again placed the spotlight on Chromium’s V8 JavaScript engine—the beating heart of countless modern web experiences, including those provided by Google Chrome and Microsoft Edge. This particular CVE, formally documented by the...

In the constantly evolving landscape of web security, even the most advanced browsers are not immune to vulnerabilities. Recent developments surrounding CVE-2025-4609—a critical security issue affecting Chromium and, by extension, Chromium-based browsers such as Microsoft Edge—highlight the...

When the doors opened on the first day of Pwn2Own Berlin 2025, few could have predicted just how quickly and decisively some of the world’s most widely used enterprise operating systems would fall to the creative might of leading security researchers. Within hours, Windows 11 and Red Hat...

A critical security flaw in macOS, identified as CVE-2025-31191, was publicly detailed by Microsoft in May 2025, highlighting the ongoing contest between sophisticated attackers and platform defenders in securing endpoint computing. This vulnerability enables attackers to bypass the macOS App...

The Cybersecurity and Infrastructure Security Agency (CISA) has made a significant update to its Known Exploited Vulnerabilities (KEV) Catalog, highlighting yet again the perpetual cat-and-mouse game between attackers and defenders in the world of cybersecurity. The latest...

In an era where cyber threats are evolving at breakneck speed, maintaining vigilance over exploited vulnerabilities is paramount for both public and private organizations. The Cybersecurity and Infrastructure Security Agency (CISA) recently added a new exploit to its Known Exploited...

I am excited to announce significant expansions to the Link Removed. We are evolving the 'Online Services Bug Bounty, launching a new bounty for Project Spartan, and updating the Mitigation Bypass Bounty. This continued evolution includes additions to the Link Removed: Link Removed Azure...