windows patching

  1. Chrome 149 DevTools CVE-2026-13025: Patch Sandbox Escape Risk Fast (June 23, 2026)

    Google published Chrome 149.0.7827.196/197 for desktop on June 23, 2026, fixing CVE-2026-13025, a high-severity DevTools validation flaw that could help a renderer-compromise attacker escape Chrome’s sandbox through a crafted HTML page. The bug is not the loudest item in this Chrome drop, but it...
  2. CVE-2026-1965: Upgrade curl/libcurl to 8.19.0 for Negotiate identity-safe reuse

    If your application uses curl or libcurl with HTTP Negotiate/SPNEGO authentication against the same host using multiple credentials or long-lived reusable connections, upgrade to curl/libcurl 8.19.0 now; CVE-2026-1965 was disclosed on March 11, 2026, and affects versions 7.10.6 through 8.18.0...
  3. Stability IT’s Staged VSA 9 to Datto RMM Migration: Patch, Remote, Backup Proof

    Stability IT moved from Kaseya’s VSA 9 to Datto RMM in a staged migration across its managed client environments in North Wales, using VSA scripts to deploy the new agent client-by-client while technicians temporarily worked in both platforms without disrupting support operations. The case is...
  4. CVE-2026-11694 Chrome Use-After-Free: Patch Guidance for Windows Admins

    Google disclosed CVE-2026-11694 on June 8, 2026, as a high-severity use-after-free flaw in Chrome’s ServiceWorker code before version 149.0.7827.103 that could let a remote attacker, after compromising the renderer process, execute code inside Chrome’s sandbox using a crafted HTML page. The...
  5. CVE-2026-11693: Chrome Site Isolation Bypass After Renderer Compromise (Fixed in 149)

    CVE-2026-11693 is a high-severity Google Chrome vulnerability, published by NVD on June 8, 2026 and fixed in Chrome 149.0.7827.103, that allowed a renderer-compromise attacker to bypass Site Isolation through a crafted HTML page on desktop platforms. The short version for WindowsForum readers is...
  6. CVE-2026-11692: Chrome Read Anything Use-After-Free and Sandbox Escape Risk

    Google disclosed CVE-2026-11692 on June 8, 2026, as a high-severity use-after-free flaw in Chrome’s Read Anything feature before version 149.0.7827.103, where a crafted HTML page could help an attacker who had already compromised the renderer process attempt a sandbox escape. That phrasing is...
  7. CVE-2026-11689 Chrome Passwords: Site Isolation Bypass After Renderer Compromise

    Google Chrome prior to 149.0.7827.103 contains CVE-2026-11689, a high-severity Passwords component flaw published June 8, 2026, in which a remote attacker who already compromised the renderer could use a crafted HTML page to bypass site isolation on desktop platforms. The short version is that...
  8. CVE-2026-11674: High-Severity Chrome Use-After-Free Fix in Guest View

    CVE-2026-11674 is a high-severity Google Chrome vulnerability, published by NVD on June 8, 2026 and modified June 9, affecting Chrome versions before 149.0.7827.103, where a use-after-free flaw in Guest View could let a remote attacker run code inside Chrome’s sandbox through crafted HTML. That...
  9. CVE-2026-11666 Chrome UI Spoofing Fix (Update to 149.0.7827.103)

    Google assigned CVE-2026-11666 to a high-severity Chrome flaw fixed on June 8, 2026, in desktop builds before 149.0.7827.103, where insufficient validation of untrusted input in the browser’s Input component could let a remote attacker spoof UI through a crafted HTML page. The narrow description...
  10. CVE-2026-11661 Chrome for Windows: Patch Sandbox Escape Use-After-Free

    Google disclosed CVE-2026-11661 on June 8, 2026, as a high-severity Windows-only Chrome use-after-free flaw in the browser’s Views component, fixed before version 149.0.7827.103 and capable of helping an attacker escape the renderer sandbox after a separate renderer compromise. That last...
  11. CVE-2026-11658 Chrome Extensions Bug: Patch Windows, Secure Extension Policies

    Google Chrome’s CVE-2026-11658, published June 8, 2026 and last modified by NVD on June 10, describes an Extensions input-validation flaw in Chrome before 149.0.7827.103 that could let an attacker with a compromised renderer bypass site isolation using a crafted HTML page. The bug is not the...
  12. Chrome CVE-2026-11646 Fix: Patch ViewTransitions Use-After-Free (June 8, 2026)

    Google patched CVE-2026-11646, a high-severity use-after-free flaw in Chrome’s ViewTransitions component, in the June 8, 2026 Stable Channel desktop update, affecting Chrome versions before 149.0.7827.103 and exposing users to possible sandboxed code execution through a crafted HTML page. The...
  13. CVE-2026-11643 Chrome Proxy Use-After-Free: Patch Guide for Windows Admins

    Google disclosed CVE-2026-11643 on June 8, 2026, as a critical use-after-free vulnerability in Chrome’s Proxy component affecting versions before 149.0.7827.103, with NVD later listing affected Chrome builds on Windows, macOS, and Linux. The uncomfortable part is not merely that Chrome had...
  14. CVE-2026-11642: Critical Chromium Web Apps Sandbox Escape Fixed in Chrome 149

    Google disclosed CVE-2026-11642 on June 8, 2026, as a critical Chromium Web Apps use-after-free flaw fixed in Chrome before version 149.0.7827.103, affecting desktop Chrome on Windows, macOS, and Linux where a crafted HTML page could help escape the browser sandbox. That is the dry database...
  15. Chrome 149 Patch CVE-2026-11638 Printing Bug: Windows Sandbox Escape Risk

    Google patched CVE-2026-11638 on June 8, 2026, in Chrome 149.0.7827.102/.103 for desktop platforms after documenting a critical use-after-free flaw in Chrome’s Printing component that could let a remote attacker potentially escape the browser sandbox through a crafted HTML page. The bug is not...
  16. Chrome CVE-2026-11636 Autofill Use-After-Free on Windows: Patch Before It Risks

    Google Chrome CVE-2026-11636 was published by NVD on June 8, 2026, after Google disclosed a critical Windows-specific Autofill use-after-free flaw fixed in Chrome versions before 149.0.7827.103. The bug is not the loudest Chrome issue of the week, and that is precisely why it deserves attention...
  17. Chrome CVE-2026-11630 File Input Use-After-Free: Urgent Windows Patch Guidance

    Google Chrome before 149.0.7827.103 contains CVE-2026-11630, a critical use-after-free flaw in the browser’s File Input handling that was disclosed on June 8, 2026, and can let a remote attacker potentially trigger heap corruption through a crafted HTML page. That phrasing sounds like another...
  18. CVE-2026-12011: Chrome WebMIDI Use-After-Free Windows Sandbox Escape Risk

    CVE-2026-12011 is a critical use-after-free flaw in Chrome’s WebMIDI implementation on Windows, disclosed on June 11, 2026, and fixed for desktop users in Chrome 149.0.7827.115 after Google said crafted HTML could help a compromised renderer attempt a sandbox escape. The interesting part is not...
  19. CVE-2026-12014 Chrome Cast Use-After-Free: Patch, CPE Mismatch, LAN Risk

    Google Chrome CVE-2026-12014 was published by NVD on June 11, 2026, describing a high-severity use-after-free flaw in Chrome’s Cast component before version 149.0.7827.115 that could let a local-network attacker potentially escape the browser sandbox with malicious network traffic. The awkward...
  20. CVE-2026-12017 Chrome Extensions Bypass Site Isolation: Urgent Update Guide

    Google disclosed CVE-2026-12017 on June 11, 2026, as a high-severity Chrome Extensions flaw fixed in Chrome 149.0.7827.114/.115 for desktop, where a compromised renderer could use a crafted HTML page to bypass site isolation. The dry wording makes it sound like just another browser bulletin, but...