windows endpoint security

Google and Microsoft documented CVE-2026-7906 on May 6, 2026, as a high-severity use-after-free flaw in Chromium’s SVG handling that affects Google Chrome before 148.0.7778.96 and can let a remote attacker run code inside the browser sandbox via crafted HTML. That phrasing sounds narrow, almost...

CVE-2026-7927 is a high-severity Chromium type-confusion vulnerability in Chrome’s Runtime component, disclosed on May 6–7, 2026, fixed in Google Chrome 148.0.7778.96 or later and documented by Microsoft because Edge inherits the same Chromium code. The short version is simple: patch Chrome and...

Google Chrome on Windows before version 148.0.7778.96 is affected by CVE-2026-7925, a high-severity use-after-free flaw in Chromoting that could let a local attacker escalate to operating-system privileges through a malicious file. The dry wording hides the important part: this is not another...

Google and Microsoft disclosed CVE-2026-7959 on May 6, 2026, after Chrome 148 reached the stable desktop channel, fixing a medium-severity Chromium Navigation flaw that could let an attacker who had already compromised Chrome’s renderer bypass site isolation with a crafted HTML page. That...

CVE-2026-7348 is a high-severity use-after-free flaw in Chromium’s Codecs component, disclosed April 28, 2026, fixed in Google Chrome 147.0.7727.138 for desktop, and tracked by Microsoft because Chromium-based Edge inherits the underlying browser engine risk. That dry sentence is the whole...