CVE-2026-5278

CVE-2026-5278: A use-after-free vulnerability in the Web MIDI component of Google Chrome on Android (prior to 146.0.7680.178) could allow remote code execution via a crafted HTML page. Affected product/area: Web MIDI in Chrome for Android; root cause: use-after-free in Web MIDI handling. Impact: ...

CVE-2026-5278

Use after free in Web MIDI in Google Chrome on Android prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

CVE-2026-5278

Use after free in Web MIDI in Google Chrome on Android prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

PT-2026-29466

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 146.0.7680.178 Description A use-after-free issue exists in the WebView component of Google Chrome on Android. A remote attacker who has compromised the renderer process could potentially perform a sandbox escap...

PT-2026-29456

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 146.0.7680.178 Description A use-after-free issue exists in the Web MIDI component of Google Chrome on Android. A remote attacker can potentially execute arbitrary code by tricking a user into visiting a special...

PT-2026-38108

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 148.0.7778.96 Description Insufficient data validation in DevTools allows a remote attacker to bypass navigation restrictions through the use of a crafted HTML page. Recommendations Update to version...

Linux Distros Unpatched Vulnerability : CVE-2026-5278

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Web MIDI in Google Chrome on Android prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page...

Android Developer Verification Rollout Begins Ahead of September Enforcement

Google on Monday said it's officially rolling out Android developer verification to all developers to combat the problem of bad actors distributing harmful apps while "hiding behind anonymity." The development comes ahead of a planned verification mandate that goes into effect in Brazil, Indonesi...

An Empirical Comparison of Security and Privacy Characteristics of Android Messaging Apps

Mobile messaging apps are a fundamental communication infrastructure, used by billions of people every day to share information, including sensitive data. Security and Privacy are thus critical concerns for such applications. Although the cryptographic protocols prevalent in messaging apps are...

3 SOC Process Fixes That Unlock Tier 1 Productivity

What is really slowing Tier 1 down: the threat itself or the process around it? In many SOCs, the biggest delays do not come from the threat alone. They come from fragmented workflows, manual triage steps, and limited visibility early in the investigation. Fixing those process gaps can help Tier ...

Label-Efficient Training Updates for Malware Detection over Time

Machine Learning ML-based detectors are becoming essential to counter the proliferation of malware. However, common ML algorithms are not designed to cope with the dynamic nature of real-world settings, where both legitimate and malicious software evolve. This distribution drift causes models...

PT-2026-46554

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.53 Description Insufficient policy enforcement in Navigation allows a remote attacker to bypass the content security policy CSP, which is a security layer that helps detect and mitigate...

PT-2026-33158

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 147.0.7727.101 Description A use after free issue in XR allows a remote attacker to perform an out of bounds memory read by using a crafted HTML page. Use after free is a memory corruption flaw that...

Uncovering Relationships between Android Developers, User Privacy, and Developer Willingness to Reduce Fingerprinting Risks

The major mobile platforms, Android and iOS, have introduced changes that restrict user tracking to improve user privacy, yet apps continue to covertly track users via device fingerprinting. We study the opportunity to improve this dynamic with a case study on mobile fingerprinting that evaluates...

CVE-2026-23400

In the Linux kernel, the following vulnerability has been resolved: rustbinder: call setnotificationdone without proc lock Consider the following sequence of events on a death listener: 1. The remote process dies and sends a BRDEADBINDER message. 2. The local process invokes the...

CVE-2026-33045

Home Assistant is open source home automation software that puts local control and privacy first. Starting in version 2025.02 and prior to version 2026.01 the "remaining charge time"-sensor for mobile phones imported/included from Android Auto it appears is vulnerable cross-site scripting, simila...

EUVD-2026-16775

Home Assistant has stored XSS in history-graphs...

Cross-site Scripting (XSS)

Overview home-assistant-frontend is a The Home Assistant frontend Affected versions of this package are vulnerable to Cross-site Scripting XSS via the History-graph card in the history graph display component. An attacker can execute arbitrary JavaScript in a victim’s browser by supplying a...

CVE-2026-33045

Home Assistant is open source home automation software that puts local control and privacy first. Starting in version 2025.02 and prior to version 2026.01 the "remaining charge time"-sensor for mobile phones imported/included from Android Auto it appears is vulnerable cross-site scripting, simila...

CVE-2026-33045 Home Assistant has stored XSS in history-graphs

Home Assistant is open source home automation software that puts local control and privacy first. Starting in version 2025.02 and prior to version 2026.01 the "remaining charge time"-sensor for mobile phones imported/included from Android Auto it appears is vulnerable cross-site scripting, simila...