sandbox escape

Google has patched CVE-2026-6297, a use-after-free in Proxy that affects Chrome versions before 147.0.7727.101 and carries a Critical Chromium severity rating. The public description says a crafted HTML page could allow an attacker in a privileged network position to potentially achieve a...

The latest Chrome security update closes a high-severity Chromium flaw, CVE-2026-6311, that lives in the browser’s accessibility code path and can be used as a sandbox escape on Windows if an attacker has already compromised the renderer process. Google’s April 15, 2026 Stable Channel release...

Insufficient validation of untrusted input in ANGLE has become the latest reminder that browser security is still a moving target, even when the bug is rated only Medium by Chromium’s own severity scale. CVE-2026-5879 affects Google Chrome on Mac prior to 147.0.7727.55, and Google’s description...

Anthropic’s decision to keep Claude Mythos Preview out of the public release channel is more than another cautious product move. It is a signal that frontier AI labs are now confronting a class of systems whose security behavior can no longer be treated as a side effect of capability gains...

Chromium’s CVE-2026-5289 is a high-severity use-after-free in Navigation that matters less as a standalone browser crash and more as a potential sandbox-escape primitive for a remote attacker who has already compromised the renderer process. Google’s own description says the flaw affected Chrome...

Google’s latest Chrome stable-channel security update is drawing attention not because of another routine patch, but because of a vulnerability that can turn a renderer compromise into something far more serious: a possible sandbox escape. The issue, tracked as CVE-2026-4451, affects Google...

A newly disclosed vulnerability, designated CVE-2025-8010, has once again placed the spotlight on Chromium’s V8 JavaScript engine—the beating heart of countless modern web experiences, including those provided by Google Chrome and Microsoft Edge. This particular CVE, formally documented by the...

In the constantly evolving landscape of web security, even the most advanced browsers are not immune to vulnerabilities. Recent developments surrounding CVE-2025-4609—a critical security issue affecting Chromium and, by extension, Chromium-based browsers such as Microsoft Edge—highlight the...

When the doors opened on the first day of Pwn2Own Berlin 2025, few could have predicted just how quickly and decisively some of the world’s most widely used enterprise operating systems would fall to the creative might of leading security researchers. Within hours, Windows 11 and Red Hat...

A critical security flaw in macOS, identified as CVE-2025-31191, was publicly detailed by Microsoft in May 2025, highlighting the ongoing contest between sophisticated attackers and platform defenders in securing endpoint computing. This vulnerability enables attackers to bypass the macOS App...

The Cybersecurity and Infrastructure Security Agency (CISA) has made a significant update to its Known Exploited Vulnerabilities (KEV) Catalog, highlighting yet again the perpetual cat-and-mouse game between attackers and defenders in the world of cybersecurity. The latest...

In an era where cyber threats are evolving at breakneck speed, maintaining vigilance over exploited vulnerabilities is paramount for both public and private organizations. The Cybersecurity and Infrastructure Security Agency (CISA) recently added a new exploit to its Known Exploited...

I am excited to announce significant expansions to the Link Removed. We are evolving the 'Online Services Bug Bounty, launching a new bounty for Project Spartan, and updating the Mitigation Bypass Bounty. This continued evolution includes additions to the Link Removed: Link Removed Azure...