You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
serviceworker security
About this tag
The serviceworker security tag covers vulnerabilities and patch guidance related to the ServiceWorker API in Chromium-based browsers on Windows. Recent discussions focus on CVE-2026-11694, a high-severity use-after-free flaw in Chrome's ServiceWorker code that could allow code execution within the browser sandbox after renderer compromise, and CVE-2026-7963, a medium-severity sandbox escape issue. Both require disciplined browser patching for Windows administrators, emphasizing inventory management and prompt updates to Chrome and Edge. The tag highlights how ServiceWorker weaknesses can be exploited in attack chains, making it relevant for enterprise IT security and browser hardening.
Google disclosed CVE-2026-11694 on June 8, 2026, as a high-severity use-after-free flaw in Chrome’s ServiceWorker code before version 149.0.7827.103 that could let a remote attacker, after compromising the renderer process, execute code inside Chrome’s sandbox using a crafted HTML page. The...
CVE-2026-7963 is a medium-severity Chromium ServiceWorker flaw fixed in Google Chrome 148.0.7778.96 for Linux and 148.0.7778.96/97 for Windows and macOS after disclosure on May 6, 2026, with Microsoft tracking the same issue for Chromium-based Edge through MSRC. The dry wording hides the more...