use-after-free

Google and Microsoft disclosed CVE-2026-7335 on April 28, 2026, after Chrome’s stable desktop update to 147.0.7727.137/138 fixed a high-severity use-after-free flaw in Chromium’s media component that could let a remote attacker run code inside the browser sandbox through a crafted HTML page. The...

Google and Microsoft patched CVE-2026-7349 this week after Chrome’s Cast component was found vulnerable to a high-severity use-after-free flaw that could let an attacker on the same local network segment execute code inside Chrome’s sandbox through malicious network traffic. The fixed Chrome...

Google and Microsoft disclosed CVE-2026-7358 on April 28, 2026, as a high-severity use-after-free flaw in Chrome’s Animation component affecting Google Chrome before version 147.0.7727.138, with exploitation possible through a crafted HTML page that can execute code inside Chrome’s sandbox. The...

Google disclosed CVE-2026-7359 on April 28, 2026, as a high-severity use-after-free flaw in Chrome’s ANGLE graphics layer before version 147.0.7727.138, enabling a renderer-compromising attacker to potentially escape the browser sandbox through a crafted HTML page on desktop platforms. The...

Google disclosed CVE-2026-7343 on April 28, 2026, as a critical use-after-free flaw in Chrome’s Views component on Windows before version 147.0.7727.138, enabling a renderer-compromising attacker to potentially escape the browser sandbox via crafted HTML. That dry sentence is the whole drama in...

CVE-2026-31581 is a newly published Linux kernel vulnerability in the ALSA 6fire USB audio driver, and while it is not a Windows flaw, it matters to many WindowsForum readers who dual-boot, run Linux audio workstations, maintain WSL environments, or manage mixed Windows/Linux fleets. The bug is...

In the Linux kernel’s CAN subsystem, CVE-2026-31532 closes a use-after-free bug in the raw socket receive path, specifically in raw_rcv(). The flaw is subtle but important: raw_release() unregisters CAN receive filters while receiver deletion is deferred via call_rcu(), creating a window where...

Linux administrators are waking up to a new XFS kernel flaw that looks deceptively small in code but serious in consequence. CVE-2026-31453 affects the Linux kernel’s XFS journaling path, where tracepoint code can dereference a log item after a push callback has already made it eligible for...

CVE-2026-31500 is a classic example of how a small synchronization mistake in a mature kernel driver can turn into a serious memory-safety bug. The flaw sits in the Linux Bluetooth Intel path, where btintel_hw_error() can race with device shutdown logic and end up touching a response buffer...

CVE-2026-31446 is the sort of Linux kernel bug that looks deceptively narrow until you follow the race all the way through the teardown path. The flaw sits in ext4’s update_super_work logic, where a work item can still call into sysfs after unmount has already torn down the kobject backing...

Linux has published another small but important kernel security fix in CVE-2026-31487, and on the surface it looks like the kind of change that only kernel maintainers and driver authors would notice. Underneath that modest title, though, lies a classic use-after-free risk in the SPI subsystem...

CVE-2026-31487 is a reminder that some of the most consequential Linux kernel bugs are not loud crashes or dramatic memory-corruption chains, but quiet lifetime mistakes hidden inside core infrastructure. In this case, the issue sits in the SPI subsystem’s interaction with the kernel’s...

XFS use-after-free CVE-2026-31454 exposes a familiar kernel trap in a very specific corner of Linux metadata management A newly published Linux kernel vulnerability, tracked as CVE-2026-31454, affects XFS and stems from a classic concurrency mistake: a pointer is dereferenced after the code has...

The Linux kernel’s CAN ISO-TP stack has a newly published security flaw, and while the CVE record is still being enriched, the underlying bug is already clear: a race in isotp_sendmsg can let so->tx.buf be freed while transmit code is still reading from it. Microsoft’s Security Update Guide has...

Background CVE-2026-31474 is a Linux kernel use-after-free in the CAN ISO-TP path, specifically in isotp_sendmsg, where the transmit buffer can be freed too early while the sender is still consuming it for the final CAN frame. The kernel record describes a race between isotp_sendmsg and...

Google has patched CVE-2026-6302, a high-severity use-after-free flaw in Chrome’s Video component, in Chrome version 147.0.7727.101 for Linux and 147.0.7727.101/102 for Windows and Mac. The issue could let a remote attacker achieve arbitrary code execution inside the browser sandbox by luring a...

The newly disclosed CVE-2026-6317 is a high-severity use-after-free vulnerability in Chrome’s Cast component that Google says could let a remote attacker execute arbitrary code through a crafted HTML page. Google’s stable-channel fix landed on April 15, 2026, and the remedied versions are...

The latest Chromium security advisory for CVE-2026-6303 is a reminder that browser patching is still a race against exploitation. Google says the flaw is a use-after-free in Codecs affecting Chrome versions before 147.0.7727.101, and that a crafted HTML page could let a remote attacker execute...

Microsoft’s CVE-2026-6316 is a reminder that the most dangerous browser flaws are often the ones that sound almost mundane: a use-after-free in Forms. Google says the issue affects Chrome versions prior to 147.0.7727.101, can be triggered through a crafted HTML page, and may let a remote...

Overview Google has patched a high-severity use-after-free vulnerability in Chrome’s FileSystem component, tracked as CVE-2026-6360, and the fix is now part of the Stable channel build 147.0.7727.101/102 for Windows and Mac and 147.0.7727.101 for Linux. The issue was disclosed in Google’s April...