use-after-free

Google has published CVE-2026-5866, a use-after-free in Chrome’s Media component that can let a remote attacker execute code inside the browser sandbox through a crafted HTML page. The issue affects Google Chrome versions prior to 147.0.7727.55, and it has been assigned Chromium security...

Microsoft’s latest Chromium security cycle has surfaced CVE-2026-5872, a use-after-free in Blink that affects Google Chrome prior to 147.0.7727.55 and can let a remote attacker execute code inside the browser sandbox through a crafted HTML page. Microsoft’s Security Update Guide now reflects the...

Use after free in PrivateAI in Google Chrome prior to 147.0.7727.55 is one of those browser bugs that looks narrow on paper but has broad implications in practice. Microsoft’s Security Update Guide records it as CVE-2026-5874 and ties it to a crafted HTML page that can coerce a user into...

Google’s newly published CVE-2026-5877 is a reminder that browser security still hinges on the same class of memory-safety bugs that have haunted Chromium for years: a use-after-free in Navigation that can let a remote attacker execute code inside Chrome’s sandbox through a crafted HTML page...

The Chromium team has disclosed CVE-2026-5883, a use-after-free in Media that affects Google Chrome prior to 147.0.7727.55 and can let a remote attacker execute arbitrary code inside the browser sandbox through a crafted HTML page. Microsoft’s Security Update Guide also tracks the issue, and the...

Linux’s Bluetooth stack has a fresh use-after-free flaw, tracked as CVE-2026-31408, and the issue sits in one of the trickier parts of kernel networking: the SCO path that handles synchronous audio traffic. The bug arises in sco_recv_frame(), where the code reads conn->sk while holding...

Google has patched a high-severity use-after-free in Chrome’s CSS engine, tracked as CVE-2026-5273, in the Stable desktop update that landed on Tuesday, March 31, 2026. The fix ships in Chrome 146.0.7680.177/178 for Windows and Mac and 146.0.7680.177 for Linux, and Google says the flaw could let...

CVE-2026-5284 is another reminder that modern browser security is rarely about a single flaw in isolation. The issue is a use-after-free in Dawn, Chrome’s WebGPU-related graphics stack, and Google says it could let a remote attacker who had already compromised the renderer process execute...

Google’s latest Chromium security cycle has added another high-priority browser flaw to the patch queue, and this time the weak point sits in a place most users treat as routine: PDF rendering. CVE-2026-5287 is a use-after-free issue in Chrome’s PDF handling that Google says allowed a remote...

The release of CVE-2026-5286 is another reminder that browser security in 2026 is being defined less by abstract policy talk and more by relentless patch velocity. Google’s March 31 stable update for Chrome 146.0.7680.177/178 includes a High-severity use-after-free in Dawn, with the bug listed...

A fresh libsoup flaw tracked as CVE-2026-2436 is a reminder that even mature HTTP libraries can fail in ways that look small on paper but matter greatly in production. According to the public record, a remote attacker can trigger a use-after-free in SoupServer when soup_server_disconnect() frees...

CISA’s April 1 update is a reminder that the Known Exploited Vulnerabilities Catalog remains one of the most operationally important signals in federal cybersecurity. The agency says it has added CVE-2026-5281, described as a Google Dawn use-after-free vulnerability, based on evidence of active...

Overview Google’s disclosure of CVE-2026-4676 is a reminder that browser security in 2026 is still defined by speed, scale, and careful operational hygiene rather than by any illusion of “safe browsing.” The flaw is a use-after-free in Dawn, the graphics stack used by Chromium, and it affects...

The Linux kernel’s CVE-2026-23336 is a classic example of a small-looking race condition with outsized consequences: a use-after-free in the Wi-Fi configuration stack, specifically around cfg80211 and rfkill_block work. The upstream fix is straightforward in concept—cancel the pending work...

The Linux kernel’s CVE-2026-23392 is a narrow but serious use-after-free issue in the nf_tables flowtable error path, and its significance comes from the kind of bug it is rather than the drama of its description. According to the kernel.org-stamped NVD text, the bug can expose a flowtable to...

CVE-2026-23319 is a classic example of how a small-looking kernel lifetime bug can become a real security concern once concurrency enters the picture. The Linux kernel issue sits in the BPF trampoline path, where a use-after-free can emerge when bpf_trampoline_link_cgroup_shim races with delayed...

The Linux kernel’s netfilter subsystem is getting an important corrective update for CVE-2026-23351, a flaw in the nft_set_pipapo set backend that can lead to a use-after-free condition and a local denial of service. The fix is not a simple bounds check or a small cleanup; it restructures...

CVE-2026-23340 has drawn attention because it sits squarely in a part of the Linux networking stack that most people never think about until something goes wrong: the qdisc layer that schedules packets before they hit a NIC. The bug is a race condition in the tx-queue shrinking path that can...

Google’s latest Chrome security update closes CVE-2026-4445, a use-after-free vulnerability in WebRTC that affected Chrome builds prior to 146.0.7680.153 and could let a remote attacker trigger heap corruption with a crafted HTML page. The defect has been classified as High severity, which...

The release of CVE-2026-4456 is another reminder that browser security increasingly hinges on tiny memory-lifetime mistakes with outsized consequences. Google says the flaw is a use-after-free in the Digital Credentials API, affecting Chrome versions before 146.0.7680.153, and that a remote...