Google Chrome CVE-2026-13959 is a medium-severity Blink vulnerability, published by the National Vulnerability Database on June 30, 2026, that affected Chrome versions before 150.0.7871.47 and could let a remote attacker bypass the same-origin policy through a crafted HTML page. The bug is not...
Google fixed CVE-2026-13958 in the June 30, 2026 Chrome 150 stable update for Windows, where versions before 150.0.7871.47 could leak potentially sensitive process memory through a crafted HTML page that exercised Chrome’s codecs component. The bug is rated Medium by Chromium and 6.5 Medium by...
Google Chrome versions before 150.0.7871.47 are affected by CVE-2026-13938, an integer overflow in the browser’s font-handling code that can let a remote attacker trigger an out-of-bounds memory write when a user opens a crafted HTML page. The flaw landed in the National Vulnerability Database...
Google Chrome 150.0.7871.47, released to the stable desktop channel on June 30, 2026, fixes CVE-2026-13911, a medium-severity Chromium Spellcheck flaw that could let an attacker with a compromised renderer process read potentially sensitive process memory through a crafted HTML page. The bug is...
Google Chrome before version 150.0.7871.47 contains CVE-2026-13898, a use-after-free flaw in the browser’s Cast Receiver component that can let a remote attacker run code inside Chrome’s sandbox through a crafted HTML page. That is the dry registry wording; the practical story is messier and...
Google fixed CVE-2026-13890 in Chrome 150.0.7871.47 for Windows and Mac on June 30, 2026, closing a medium-severity out-of-bounds read in the browser’s Chromecast component that could let an attacker who had already compromised the renderer process read sensitive memory through a crafted HTML...
Google Chrome users running builds earlier than 150.0.7871.47 should treat CVE-2026-13881 as patched but not yet fully explained: the flaw was published June 30, 2026, affects Chrome’s WebAppInstalls component, and can let a crafted HTML page bypass the browser’s same-origin policy. That is the...
CVE-2026-13865 is a medium-severity Google Chrome Enterprise input-validation flaw, published by NVD on June 30, 2026, fixed in Chrome 150.0.7871.47 for Windows and Mac, and exploitable by a remote attacker using a crafted HTML page to spoof browser UI. The bug is not a remote-code-execution...
Google Chrome before version 150.0.7871.47 contains CVE-2026-13845, a high-severity use-after-free flaw in the browser’s DOM code that could let a remote attacker execute code inside Chrome’s sandbox after a user opens a crafted HTML page. The bug arrived in the National Vulnerability Database...
Google assigned CVE-2026-13834 to a high-severity Chromium flaw in ANGLE, fixed in Chrome 150.0.7871.47 after disclosure on June 30, 2026, because a crafted HTML page could let an attacker who had already compromised Chrome’s renderer attempt a sandbox escape. The bug is not a classic “visit a...
Google Chrome before version 150.0.7871.47 contains CVE-2026-13793, a high-severity Chromium SVG policy-enforcement flaw disclosed on June 30, 2026, that can let a remote attacker leak cross-origin data through a crafted HTML page. That is the plain answer, but it is not the full story. The more...
Google published Chrome 150 to the stable channel on June 30, 2026, including a fix for CVE-2026-13784, a critical use-after-free flaw in Chrome’s Views UI framework affecting versions before 150.0.7871.47. The vulnerability is not just another line item in a very large browser security release...
Google fixed CVE-2026-13783, a critical use-after-free flaw in Chrome’s Views component, in the June 30, 2026 Stable Channel release that promoted Chrome 150 to desktop users on Windows, macOS, and Linux. The immediate security answer is simple: Chrome should be updated to 150.0.7871.47 or later...
Google’s June 30 Chrome 150 desktop release fixed CVE-2026-13782, a critical use-after-free flaw in the browser process that could let an attacker escape Chrome’s sandbox after compromising the renderer, with patched desktop builds shipping as Chrome 150.0.7871.46 for Linux and 150.0.7871.46/.47...
Microsoft has listed CVE-2026-56645 as a Microsoft Edge, Chromium-based, remote code execution vulnerability in its Security Update Guide, while Edge security release notes show the browser received Stable channel security updates on July 2, 2026, with CVE identifiers still pending publication...
Anthropic’s Claude Mythos Preview, introduced in April 2026 through Project Glasswing, is a restricted AI cybersecurity model that reportedly helped vetted partners find thousands of serious software vulnerabilities, including old flaws in major operating systems, browsers, and open-source...
Google disclosed CVE-2026-13029 on June 24, 2026, as a high-severity use-after-free vulnerability in Chrome’s Web Authentication component affecting desktop versions before 149.0.7827.197, with exploitation requiring a user to install a malicious Chrome extension that could trigger heap...
CVE-2026-13034 is a high-severity Google Chrome vulnerability disclosed on June 24, 2026, affecting Chrome versions before 149.0.7827.197, where an attacker who had already compromised the renderer process could use a crafted HTML page to bypass site isolation. The short version is simple: this...
Google Chrome before 149.0.7827.197 contains CVE-2026-13022, a high-severity Chromium Autofill flaw disclosed June 24, 2026, that can let a remote attacker who has already compromised the renderer process leak cross-origin data through a crafted HTML page. The bug is not a stand-alone “visit a...
Google Chrome before 149.0.7827.197 contained CVE-2026-13024, a high-severity Chromium navigation flaw disclosed on June 24, 2026, that could let an attacker who had already compromised Chrome’s renderer process bypass site isolation with a crafted HTML page. That narrow precondition is the...