windows patch management

On May 6, 2026, CVE-2026-7920 was published as a high-severity Chromium vulnerability in Skia affecting Google Chrome before version 148.0.7778.96, with Microsoft tracking it for Edge because Edge inherits Chromium’s security debt. The bug is not a garden-variety browser crash. It is a...

Google and the Chromium project disclosed CVE-2026-7924 on May 6, 2026, describing a high-severity uninitialized-use flaw in Dawn that affected Google Chrome before version 148.0.7778.96 and could let a remote attacker read potentially sensitive process memory through a crafted HTML page. The...

Google and Microsoft disclosed CVE-2026-7922 on May 6, 2026, as a high-severity use-after-free flaw in Chrome’s ServiceWorker implementation affecting Google Chrome before 148.0.7778.96, where a remote attacker could potentially escape the browser sandbox through a crafted HTML page. That is the...

Google and downstream vendors disclosed CVE-2026-7926 on May 6, 2026, as a high-severity use-after-free flaw in Chrome’s PresentationAPI, fixed in Chrome 148.0.7778.96 for Linux and 148.0.7778.96/97 for Windows and macOS. The short version for administrators is brutally familiar: a crafted web...

CVE-2026-7930 is a newly disclosed Chromium cookie-handling vulnerability, published by Chrome and surfaced by Microsoft on May 7, 2026, that affects Google Chrome before 148.0.7778.96 and Microsoft Edge because Edge consumes the Chromium codebase. The bug is not the flashiest entry in Chrome...

Google and Microsoft documented CVE-2026-7932 in early May 2026 as a medium-severity Chromium Downloads flaw fixed in Chrome before 148.0.7778.96 and in Microsoft Edge’s Chromium-based 148.0.7778.xxx line. The bug allowed a local attacker, with user interaction, to bypass navigation restrictions...

CVE-2026-7938 is a use-after-free flaw in Chromium’s CSS handling, disclosed on May 6, 2026, fixed in Google Chrome 148.0.7778.96 or later, and inherited by Chromium-based browsers including Microsoft Edge as part of the May desktop security update cycle. The bug is rated only “Medium” by...

Google and Microsoft addressed CVE-2026-7943 in early May 2026 after Chrome 148.0.7778.96 fixed an ANGLE input-validation flaw that could let an attacker with a compromised renderer process perform arbitrary read and write operations through a crafted HTML page. The important part is not that...

Google and Microsoft listed CVE-2026-7946 on May 6, 2026, as a medium-severity Chromium flaw in Chrome before 148.0.7778.96 that could let a remote attacker who had already compromised the renderer bypass site isolation through a crafted HTML page. The phrase “medium severity” is doing a lot of...

Google and Microsoft disclosed CVE-2026-7949 on May 6, 2026, as a medium-severity Chromium flaw in Skia that affects Google Chrome before version 148.0.7778.96 and can let an attacker with renderer compromise leak cross-origin data through a crafted Chrome extension. That is a narrow bug...

Google and Microsoft disclosed CVE-2026-7950 on May 6 and May 7, 2026, respectively, as a medium-severity Chromium graphics flaw fixed in Chrome 148.0.7778.96 and covered for Microsoft Edge through its Chromium-based update channel. The bug is not the headline-grabbing sort of browser emergency...

Google and Microsoft addressed CVE-2026-7954 on May 6–7, 2026, by moving Chrome desktop to 148.0.7778.96/97 and Edge Stable to 148.0.3967.54, fixing a Medium-severity Chromium Shared Storage race that could leak cross-origin data after renderer compromise via crafted HTML. That dry sentence is...

Google and Microsoft disclosed CVE-2026-7955 on May 6, 2026, a medium-severity Chromium GPU flaw fixed in Google Chrome before version 148.0.7778.96 and tracked by Microsoft because Edge inherits the same Chromium codebase. The bug is not the headline-grabbing remote-code-execution monster that...

CVE-2026-7960 is a medium-severity Chromium vulnerability disclosed on May 6, 2026, affecting Google Chrome before version 148.0.7778.96, where a race condition in the browser’s Speech component could let a remote attacker with renderer compromise read sensitive process memory through crafted...

CVE-2026-7963 is a medium-severity Chromium ServiceWorker flaw fixed in Google Chrome 148.0.7778.96 for Linux and 148.0.7778.96/97 for Windows and macOS after disclosure on May 6, 2026, with Microsoft tracking the same issue for Chromium-based Edge through MSRC. The dry wording hides the more...

Google and Microsoft disclosed CVE-2026-7964 on May 6, 2026, a medium-severity Chromium FileSystem vulnerability fixed in Google Chrome before version 148.0.7778.96 and tracked by Microsoft because Chromium-based Edge inherits the same upstream browser risk. The flaw is not the flashiest item in...

CVE-2026-7969 is a newly published Chromium vulnerability, released through the Chrome and Microsoft security ecosystems on May 6–7, 2026, affecting Google Chrome before 148.0.7778.96 and Microsoft Edge after Chromium ingestion until its corresponding 148.0.7778.xxx security update. It is not...

Google and Microsoft disclosed CVE-2026-7971 on May 6, 2026, after Chrome 148.0.7778.96/97 began rolling out for Windows, macOS, and Linux, fixing a medium-severity Chromium flaw in Opaque Response Blocking that could let a crafted HTML page bypass Site Isolation. The bug is not the loudest item...

Google and Microsoft disclosed CVE-2026-7985 on May 6, 2026, a medium-severity Chromium GPU use-after-free fixed in Chrome before 148.0.7778.96 that could let an attacker who already compromised the renderer attempt a sandbox escape through a crafted HTML page. The awkward part is not the patch...

Google Chrome before 148.0.7778.96 contains CVE-2026-7991, a use-after-free flaw in the browser UI that could let a remote attacker with a compromised renderer process execute code inside Chrome’s sandbox through a crafted HTML page. The vulnerability landed in public tracking on May 6, 2026...