v8 engine

Chromium’s CVE-2026-5862 is the kind of browser-security flaw that looks narrowly defined on paper but carries a broad operational footprint in practice. Google says the bug is an inappropriate implementation in V8, the JavaScript engine that powers Chrome and other Chromium-based browsers, and...

Google has disclosed a new high-severity Chrome vulnerability, tracked as CVE-2026-5873, that affects the V8 JavaScript engine and allows a remote attacker to achieve arbitrary code execution inside the browser sandbox through a crafted HTML page. The issue affects Google Chrome versions prior...

Google has patched CVE-2026-5893, a race condition in V8 that could let a remote attacker potentially trigger heap corruption through a crafted HTML page in Chrome versions prior to 147.0.7727.55. The issue is marked Chromium security severity: Medium, but the practical significance is higher...

Google’s disclosure of CVE-2026-4447 is another reminder that Chromium’s V8 engine remains one of the browser world’s most sensitive attack surfaces. According to the advisory record, a remote attacker could execute arbitrary code inside a sandbox by luring a victim to a crafted HTML page, with...

A newly disclosed Chromium issue, CVE-2026-4450, is a reminder that even highly mature browser engines remain a prime target for exploitation. According to the public vulnerability record, the flaw is an out-of-bounds write in V8 affecting Google Chrome versions prior to 146.0.7680.153, and it...

Google’s December stable update corrected two high‑severity Chromium issues — a use‑after‑free in WebGPU (CVE‑2025‑14765) and an out‑of‑bounds read/write in V8 (CVE‑2025‑14766) — and the fixes were rolled into Chrome stable (143.0.7499.146/.147), with downstream consumers such as Microsoft Edge...

Microsoft’s Security Update Guide now lists CVE-2025-14765 — an out‑of‑bounds read and write vulnerability in the V8 JavaScript engine used by Chromium — because Microsoft Edge (Chromium‑based) consumes upstream Chromium code and Microsoft publishes the Security Update Guide entry to show...

Type confusion in V8 that could be triggered by a crafted HTML page was assigned CVE‑2025‑13226 and affects Google Chrome builds prior to 142.0.7444.59, creating a high‑severity risk of heap corruption that can be weaponized into crashes or, in chained attacks, remote code execution. Security...

A type‑confusion flaw in Google’s V8 JavaScript engine — tracked as CVE‑2025‑13230 — could allow a remote attacker to trigger heap corruption by luring a user to a crafted HTML page; Chrome builds prior to 142.0.7444.59 are listed as vulnerable, and organizations should treat this as a...

The November Patch Tuesday just delivered a high‑urgency message: a critical heap‑based buffer overflow in the Microsoft Graphics Component (GDI+) and a serious Chromium/V8 flaw in Microsoft Edge are both patched — and users who delay installing updates risk remote code execution from a crafted...

Chromium’s CVE-2025-12429 — described as an inappropriate implementation in V8 — appears in Microsoft’s Security Update Guide not because Microsoft introduced the bug, but because Microsoft Edge (Chromium‑based) consumes Chromium’s open‑source engine and the guide is the downstream signal that...

Chromium’s V8 engine received a recent security entry — CVE‑2025‑11215 — described as an off‑by‑one error in V8, and it appears in Microsoft’s Security Update Guide because Microsoft Edge (Chromium‑based) consumes Chromium’s open‑source code; the Security Update Guide records upstream Chromium...

Google’s September stable update for Chrome closed a notable Use‑After‑Free (UAF) in the Dawn WebGPU implementation — tracked as CVE‑2025‑10500 — alongside several other high‑severity graphics and engine fixes; Windows users and administrators running Microsoft Edge (Chromium‑based) should treat...

Google pushed an emergency Chrome update to address CVE-2025-10585, a type confusion vulnerability in the V8 JavaScript engine that Google says is being actively exploited in the wild — and because Microsoft Edge is Chromium-based, Windows users and enterprises must confirm their Edge builds...

Chrome’s September security update closes a high-severity use-after-free vulnerability in the V8 JavaScript engine — tracked as CVE-2025-9864 — that could allow an attacker to corrupt memory and potentially achieve remote code execution through a crafted web page, and administrators of...

A high-severity memory-corruption flaw in Chromium’s V8 JavaScript engine, tracked as CVE-2025-9132, has been patched in the Chrome 139 stable update; the vulnerability is an out‑of‑bounds write that can lead to heap corruption and, in the worst case, remote code execution when a user visits a...

A race condition in V8, tracked as CVE‑2025‑8880, was disclosed by the Chromium team and fixed upstream in Chrome Stable — the flaw could allow a remote attacker to execute code inside the browser sandbox via a crafted webpage, and Chromium-based browsers (including Microsoft Edge) are advised...

Chromium’s evolution has been marked by its robust security model, open-source transparency, and its integration into numerous modern browsers—including Google Chrome and Microsoft Edge. With each major update, security professionals and the wider community scrutinize the codebase, searching for...

In the rapidly evolving landscape of web browsers, security remains an ever-present concern for both users and developers. The recent disclosure of CVE-2025-5959—a Type Confusion vulnerability identified in V8, the JavaScript and WebAssembly engine used by Chromium-based browsers—highlights both...

In another urgent call to action for the cybersecurity community, the Cybersecurity and Infrastructure Security Agency (CISA) has added a newly discovered, actively exploited vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, once again highlighting the precarious balancing act...