Google patched CVE-2026-11639 on June 8, 2026, in Chrome 149.0.7827.103 for Mac, fixing a critical use-after-free flaw in Chromium’s Compositing component that could let a remote attacker execute code through a crafted HTML page. The bug is narrow in platform labeling but broad in practical...
Google Chrome on Windows before version 149.0.7827.103 is affected by CVE-2026-11634, a critical use-after-free flaw in the browser’s Gamepad component that Google disclosed in June 2026 and that could let a remote attacker attempt a sandbox escape through a crafted HTML page. The practical...
Google and NVD published CVE-2026-11632 on June 8, 2026, describing a critical use-after-free flaw in Chrome’s TabStrip component before version 149.0.7827.103 that could let a remote attacker execute code through a crafted HTML page after specific user interface gestures. The awkward phrasing...
Google disclosed CVE-2026-11631 on June 8, 2026, as a critical Windows-only Chrome vulnerability in Aura that affects versions before 149.0.7827.103 and could let an attacker escape the browser sandbox after first compromising the renderer process. That short description is doing a lot of work...
Google fixed CVE-2026-11628 on June 8, 2026, in Chrome’s Stable desktop channel, closing a critical use-after-free flaw in the Ozone platform layer affecting Chrome versions before 149.0.7827.103 on Windows, macOS, and Linux where physical device access could enable heap corruption. The oddity...
Google Chrome on Windows before version 149.0.7827.115 is affected by CVE-2026-12013, a high-severity use-after-free flaw in the browser’s Media component disclosed on June 11, 2026, that could let a remote attacker trigger heap corruption through a crafted HTML page. The short operational...
CVE-2026-46323 was published by NVD on June 9, 2026, after kernel.org assigned a Linux kernel networking flaw in Generic Receive Offload where zerocopy socket buffers could be merged incorrectly, creating a use-after-free risk in kernel memory handling. The bug is not a Windows vulnerability...
Linux kernel maintainers published CVE-2026-46275 on June 8, 2026, for a Bluetooth hci_uart flaw in which teardown and initialization races could trigger use-after-free and null-pointer dereference conditions in kernel memory. The bug is not a Windows vulnerability, but it matters to...
CVE-2026-43059 is a high-severity Linux kernel Bluetooth management vulnerability, published by NVD on May 5, 2026 and modified on May 22, that can trigger list corruption and use-after-free behavior in affected kernels before patched stable releases. It is not a Windows Bluetooth flaw, but...
CVE-2026-11163 is a Chrome on Android use-after-free flaw in the browser’s Messages component, disclosed June 4, 2026, fixed before version 149.0.7827.53, and described as allowing a remote attacker to potentially escape the sandbox through a crafted HTML page. The oddity is not the memory bug...
CVE-2026-10967 is a high-severity use-after-free vulnerability in Chrome’s SurfaceCapture component on Android, disclosed on June 4, 2026, affecting Google Chrome versions before 149.0.7827.53 and potentially allowing a renderer-compromise attacker to escape the browser sandbox through a crafted...
Google Chrome for Android versions earlier than 149.0.7827.53 are affected by CVE-2026-10959, a high-severity use-after-free flaw in the browser’s Input component disclosed on June 4, 2026, that can let a remote attacker execute code inside Chrome’s sandbox through a crafted HTML page. The bug...
Google disclosed CVE-2026-10953 on June 4, 2026, as a high-severity use-after-free flaw in Chrome’s Core code on Android before version 149.0.7827.53, where a compromised renderer process could use a crafted HTML page to attempt a browser sandbox escape. The short version is simple: this is not...
CVE-2026-10923 is a high-severity Google Chrome for Android vulnerability published by NVD on June 4, 2026, affecting Chrome versions before 149.0.7827.53 and describing a WebAppInstalls use-after-free flaw that could allow arbitrary code execution through a malicious file. The short version is...
Google published CVE-2026-11188 on June 4, 2026, describing a medium-severity use-after-free flaw in Chrome’s USB component on Android before version 149.0.7827.53 that could let a remote attacker attempt a sandbox escape through a crafted HTML page. The interesting part is not that Chrome has...
Google’s CVE-2026-11131 is a Chrome-on-Android Autofill use-after-free flaw disclosed June 4, 2026, affecting versions before 149.0.7827.53 and describing a renderer-compromise-to-sandbox-escape path through a crafted HTML page. That is the plain version; the interesting version is messier. A...
Google assigned CVE-2026-11080 to a medium-severity use-after-free flaw in Android WebView, disclosed June 4, 2026, affecting Google Chrome on Android before version 149.0.7827.53 and potentially allowing remote heap corruption through a crafted HTML page. The vulnerability is not the loudest...
On June 4, 2026, Chrome published CVE-2026-11012, a use-after-free flaw in Chrome for Android’s Serial component fixed before version 149.0.7827.53 that could let an attacker who had already compromised the renderer attempt a sandbox escape through a crafted HTML page. The awkward part is not...
Microsoft disclosed CVE-2026-48583 on June 9, 2026, as a Windows Kernel elevation-of-privilege vulnerability rated Important with a 7.8 CVSS score, allowing an authorized local attacker to raise privileges through a use-after-free flaw in the kernel. That is the plain-English risk: this is not a...
CVE-2026-46187 is a newly published Linux kernel vulnerability, disclosed by kernel.org on May 28, 2026, that fixes a use-after-free race in the RSI Wi-Fi driver when a kernel thread exits itself before external shutdown code tries to stop it. The bug is narrow, driver-specific, and still...