windows patch management

Microsoft disclosed CVE-2026-40419 on May 12, 2026, as an Important-rated Microsoft Office Click-To-Run elevation-of-privilege vulnerability that stems from a use-after-free flaw and can allow a locally authorized attacker to gain SYSTEM privileges after applying a successful exploit. The...

Microsoft disclosed CVE-2026-33840 on May 12, 2026 as an Important Win32k elevation-of-privilege flaw in Windows 11 and Windows Server 2025 that lets a locally authorized attacker exploit a use-after-free bug and gain SYSTEM privileges. The uncomfortable part is not the label “Important,” which...

Google and Microsoft disclosed CVE-2026-7896 on May 6, 2026, after Chrome versions before 148.0.7778.96 were found vulnerable to a critical Blink integer-overflow flaw that could let a remote attacker trigger heap corruption through a crafted HTML page. That is the plain version; the operational...

CVE-2026-7899 is a high-severity V8 memory-safety flaw fixed in Google Chrome 148.0.7778.96 for Linux and 148.0.7778.96/97 for Windows and macOS, released on May 5, 2026, after Google determined that crafted HTML could trigger sandboxed arbitrary code execution. The bug is not the kind of...

Google and Microsoft disclosed CVE-2026-7916 in early May 2026, a high-severity Chromium vulnerability in the InterestGroups component that affected Google Chrome before 148.0.7778.96 and Microsoft Edge builds before the corresponding Chromium 148 update. The bug is not the loudest flaw in the...

Google and Microsoft documented CVE-2026-7918 on May 6–7, 2026, as a high-severity Chromium GPU use-after-free fixed in Chrome 148.0.7778.96 and addressed in Microsoft Edge’s Chromium-based 148.0.7778.xxx security update for supported desktop platforms. The short answer to the CPE question is...

On May 6, 2026, CVE-2026-7920 was published as a high-severity Chromium vulnerability in Skia affecting Google Chrome before version 148.0.7778.96, with Microsoft tracking it for Edge because Edge inherits Chromium’s security debt. The bug is not a garden-variety browser crash. It is a...

Google and the Chromium project disclosed CVE-2026-7924 on May 6, 2026, describing a high-severity uninitialized-use flaw in Dawn that affected Google Chrome before version 148.0.7778.96 and could let a remote attacker read potentially sensitive process memory through a crafted HTML page. The...

Google and Microsoft disclosed CVE-2026-7922 on May 6, 2026, as a high-severity use-after-free flaw in Chrome’s ServiceWorker implementation affecting Google Chrome before 148.0.7778.96, where a remote attacker could potentially escape the browser sandbox through a crafted HTML page. That is the...

Google and downstream vendors disclosed CVE-2026-7926 on May 6, 2026, as a high-severity use-after-free flaw in Chrome’s PresentationAPI, fixed in Chrome 148.0.7778.96 for Linux and 148.0.7778.96/97 for Windows and macOS. The short version for administrators is brutally familiar: a crafted web...

CVE-2026-7930 is a newly disclosed Chromium cookie-handling vulnerability, published by Chrome and surfaced by Microsoft on May 7, 2026, that affects Google Chrome before 148.0.7778.96 and Microsoft Edge because Edge consumes the Chromium codebase. The bug is not the flashiest entry in Chrome...

Google and Microsoft documented CVE-2026-7932 in early May 2026 as a medium-severity Chromium Downloads flaw fixed in Chrome before 148.0.7778.96 and in Microsoft Edge’s Chromium-based 148.0.7778.xxx line. The bug allowed a local attacker, with user interaction, to bypass navigation restrictions...

CVE-2026-7938 is a use-after-free flaw in Chromium’s CSS handling, disclosed on May 6, 2026, fixed in Google Chrome 148.0.7778.96 or later, and inherited by Chromium-based browsers including Microsoft Edge as part of the May desktop security update cycle. The bug is rated only “Medium” by...

Google and Microsoft addressed CVE-2026-7943 in early May 2026 after Chrome 148.0.7778.96 fixed an ANGLE input-validation flaw that could let an attacker with a compromised renderer process perform arbitrary read and write operations through a crafted HTML page. The important part is not that...

Google and Microsoft listed CVE-2026-7946 on May 6, 2026, as a medium-severity Chromium flaw in Chrome before 148.0.7778.96 that could let a remote attacker who had already compromised the renderer bypass site isolation through a crafted HTML page. The phrase “medium severity” is doing a lot of...

Google and Microsoft disclosed CVE-2026-7949 on May 6, 2026, as a medium-severity Chromium flaw in Skia that affects Google Chrome before version 148.0.7778.96 and can let an attacker with renderer compromise leak cross-origin data through a crafted Chrome extension. That is a narrow bug...

Google and Microsoft disclosed CVE-2026-7950 on May 6 and May 7, 2026, respectively, as a medium-severity Chromium graphics flaw fixed in Chrome 148.0.7778.96 and covered for Microsoft Edge through its Chromium-based update channel. The bug is not the headline-grabbing sort of browser emergency...

Google and Microsoft addressed CVE-2026-7954 on May 6–7, 2026, by moving Chrome desktop to 148.0.7778.96/97 and Edge Stable to 148.0.3967.54, fixing a Medium-severity Chromium Shared Storage race that could leak cross-origin data after renderer compromise via crafted HTML. That dry sentence is...

Google and Microsoft disclosed CVE-2026-7955 on May 6, 2026, a medium-severity Chromium GPU flaw fixed in Google Chrome before version 148.0.7778.96 and tracked by Microsoft because Edge inherits the same Chromium codebase. The bug is not the headline-grabbing remote-code-execution monster that...

CVE-2026-7960 is a medium-severity Chromium vulnerability disclosed on May 6, 2026, affecting Google Chrome before version 148.0.7778.96, where a race condition in the browser’s Speech component could let a remote attacker with renderer compromise read sensitive process memory through crafted...