You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
webcodecs security
About this tag
The webcodecs security tag covers vulnerabilities in the WebCodecs API within Chromium-based browsers like Google Chrome and Microsoft Edge. Recent discussions focus on CVEs such as CVE-2026-11683, CVE-2026-7933, CVE-2026-7982, and CVE-2026-5280, which include use-after-free and out-of-bounds read flaws. These bugs can lead to arbitrary code execution or information disclosure via crafted HTML pages. The tag emphasizes the importance of patching Chrome and Edge promptly, as WebCodecs is a media-processing path that expands the browser's attack surface. Enterprise IT and security professionals will find guidance on updating browsers and understanding the shared risk across Chromium-based products.
Google Chrome before 149.0.7827.103 contains CVE-2026-11683, a high-severity use-after-free flaw in WebCodecs disclosed on June 8, 2026, that can let a remote attacker run arbitrary code inside Chrome’s sandbox when a user opens a crafted HTML page. The practical instruction is simple: update...
Google and Microsoft disclosed CVE-2026-7933 on May 6, 2026, as a medium-severity Chromium WebCodecs out-of-bounds read flaw fixed in Google Chrome before version 148.0.7778.96 and tracked by Microsoft for Chromium-based Edge users through MSRC. The bug is not a headline-grabbing browser...
Google and Microsoft disclosed CVE-2026-7982 on May 6, 2026, as a medium-severity Chromium WebCodecs flaw fixed in Google Chrome before version 148.0.7778.96, allowing a remote attacker to expose potentially sensitive process memory through a crafted HTML page. That is the plain version; the...
Chromium’s CVE-2026-5280 is another reminder that browser security is still dominated by memory-safety failures in code paths most users never think about. The flaw is a use-after-free in WebCodecs affecting Google Chrome prior to 146.0.7680.178, and Google says a remote attacker could exploit...