CVE-2026-9900

Out of bounds write in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-42177

linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSOURL + "/", i.e. "https://login.microsoftonline.com/". Chrome's urlFilter without a |...

CVE-2026-7919

CVE-2026-7919 affects Google Chrome/Aura. Use-after-free in Aura prior to 148.0.7778.96 could allow a renderer‑process‑compromised attacker to escape the sandbox via a crafted HTML page. The Chrome 148 stable release (148.0.7778.96 and later) includes fixes for this issue. Mitigation is to update...

CVE-2026-7899

Out of bounds read and write in V8 in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

SUSE CVE-2026-7345

Insufficient validation of untrusted input in Feedback in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-5866

Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

CVE-2026-5272

Heap buffer overflow in GPU in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

CVE-2026-3541

Inappropriate implementation in CSS in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: High...

CVE-2025-4609

Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 136.0.7103.113 allowed a remote attacker to potentially perform a sandbox escape via a malicious file. Chromium security severity: High...

SUSE CVE-2024-9120

Use after free in Dawn in Google Chrome on Windows prior to 129.0.6668.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

DEBIAN-CVE-2024-9123

Integer overflow in Skia in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High...

SUSE CVE-2011-3966

Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to error handling for Cascading Style Sheets CSS token-sequence data...

SUSE CVE-2018-17465

Incorrect implementation of object trimming in V8 in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page...

Chrome Browser Bug Under Active Attack

Google is warning that a bug in its Chrome web browser is actively under attack, and it is urging users to upgrade to the latest 91.0.4472.101 version to mitigate the issue. In all, Google rolled out fixes for 14 bugs impacting its Windows, Mac and Linux browsers as part of its June update to the...

OSV-2021-699 UNKNOWN WRITE in m3_FreeModule

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33726 Crash type: UNKNOWN WRITE Crash state: m3FreeModule FreeModule CompileExtendedOpcode...

Google Chrome Bug Could Let Hackers Bypass CSP Protection; Update Web Browsers

If you haven't recently updated your Chrome, Opera, or Edge web browser to the latest available version, it would be an excellent idea to do so as quickly as possible. Cybersecurity researchers on Monday disclosed details about a zero-day flaw in Chromium-based web browsers for Windows, Mac and...

UBUNTU-CVE-2020-6475

Incorrect implementation in full screen in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page...

UBUNTU-CVE-2020-6386

Use after free in speech in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

A day^W^W Several months in the life of Project Zero - Part 1: The Chrome bug of suffering

Posted by Sergei Glazunov and Mark Brand, Project Zero Introduction It was a normal week in the Project Zero office when we got an interesting email from the Chrome team — they’d been looking into a serious crash that was happening occasionally on Android builds of Chrome, but hadn’t made much...

This Week in Security News: Fake Apps on iOS and Google Play and Social Media Security Issues

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about the evolution of EDR to XDR and why your CISO should care, stock trading app attacks and fake gambling apps. Also, read about ho...