You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
webrtc vulnerability
About this tag
WebRTC vulnerabilities in Chromium-based browsers like Chrome and Edge pose a recurring security risk on Windows. Recent CVEs include use-after-free, type confusion, integer overflow, and heap buffer overflow flaws, often triggered by crafted HTML pages. Severity ratings vary between Chromium's internal labels and CISA's CVSS scores, with some bugs rated Low by Chromium but High by CISA. These vulnerabilities can allow remote code execution within the browser sandbox, making them critical for IT teams to patch promptly. The WebRTC component, which handles real-time communications, remains a high-value attack surface. Windows users and administrators should prioritize browser updates as part of infrastructure maintenance.
Microsoft’s Security Update Guide lists CVE-2026-12466 because the vulnerable WebRTC code lives in Chromium, the open-source browser engine Microsoft Edge consumes, and Microsoft documented the entry on June 17, 2026 to tell Edge users that current Chromium-based Edge builds are no longer...
Microsoft documented CVE-2026-12461 in the Security Update Guide on June 17, 2026, because the flaw is in Chromium’s WebRTC code and Microsoft Edge is built on Chromium, meaning Edge inherited the risk until Microsoft shipped an updated browser build. The short answer is that this is not a...
Google disclosed CVE-2026-7987 on May 6, 2026, as a WebRTC use-after-free flaw in Chrome before version 148.0.7778.96 that can let a remote attacker run code inside the browser sandbox through a crafted HTML page. That sounds narrow, almost boring, until you notice where the bug lives: WebRTC...
Google and Microsoft documented CVE-2026-7988 on May 6–7, 2026, as a WebRTC type-confusion flaw in Chromium that affected Google Chrome before 148.0.7778.96 and Microsoft Edge before its corresponding 148.0.7778.xxx security update. The vulnerability is not the loudest bug in the Chrome 148...
Google and Microsoft disclosed CVE-2026-8016 on May 6, 2026, as a use-after-free flaw in Chromium’s WebRTC component affecting Google Chrome before version 148.0.7778.96 and tracked through MSRC for Chromium-based Microsoft Edge. The awkward part is not the patch; it is the risk language around...
On April 28, 2026, Google shipped Chrome 147.0.7727.137/138 for Windows and Mac and 147.0.7727.137 for Linux, fixing CVE-2026-7341, a high-severity use-after-free flaw in WebRTC that could let a remote attacker run code inside Chrome’s sandbox through a crafted HTML page. The bug is not the...
Overview
Google’s newly published CVE-2026-5912 is a reminder that browser security remains a moving target, even in a product as mature and heavily instrumented as Chrome. The flaw is described as an integer overflow in WebRTC that could let a remote attacker trigger an out-of-bounds memory...
Google’s latest Chrome security update closes CVE-2026-4445, a use-after-free vulnerability in WebRTC that affected Chrome builds prior to 146.0.7680.153 and could let a remote attacker trigger heap corruption with a crafted HTML page. The defect has been classified as High severity, which...
The Chrome security ecosystem is once again dealing with a memory-corruption flaw that matters far beyond a single browser tab. CVE-2026-4463, a heap buffer overflow in WebRTC, affects Google Chrome versions prior to 146.0.7680.153 and can be triggered by a crafted HTML page that induces heap...