svg security

  1. Update Chrome for CVE-2026-14013 UI Spoofing (SVG) Threat

    Google Chrome before version 150.0.7871.47 contains CVE-2026-14013, a medium-severity SVG implementation flaw disclosed on June 30, 2026, that can allow a remote attacker to spoof user-interface information through a crafted HTML page. The narrow technical description makes this sound like...
  2. Chrome 150 Patches CVE-2026-14016 SVG Policy Flaw for Windows and macOS

    Google patched CVE-2026-14016 in Chrome 150.0.7871.47 for Windows and Mac after disclosing that a medium-severity SVG policy-enforcement flaw could let a remote attacker leak cross-origin data through a crafted HTML page in vulnerable desktop builds. The bug is not a headline-grabbing zero-day...