DEBIAN-CVE-2026-4678

Use after free in WebGPU in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

CVE-2026-4678

Use after free in WebGPU in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

CVE-2026-4678

Use after free in WebGPU in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

CVE-2026-4678

Use after free in WebGPU in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

CVE-2026-4678

Use after free in WebGPU in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

CVE-2026-4678

Technical details beyond the initial description are not provided in the connected documents. CVE-2026-4678 concerns a use-after-free in WebGPU in Google Chrome prior to 146.0.7680.165, enabling remote code execution via a crafted HTML page.

EUVD-2026-14684

Use after free in WebGPU in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

CVE-2026-4678

Use after free in WebGPU in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

Linux Distros Unpatched Vulnerability : CVE-2026-4678

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in WebGPU in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...

KLA90951 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Heap buffer overflow vulnerability in WebAudio can be exploited to cause denial of service. 2...

PT-2026-27279

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 146.0.7680.165 Description A use-after-free issue exists in the WebGPU component of Google Chrome. This flaw could allow a remote attacker to execute arbitrary code within a sandbox through a specially crafted...

chromium -- security fixes

Chrome Releases reports: This update includes 8 security fixes: 485397284 High CVE-2026-4673: Heap buffer overflow in WebAudio. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-02-18 488188166 High CVE-2026-4674: Out of bounds read in CSS. Reported by Syn4pse on 2026-02-27 488270257 High...

Stable Channel Update for Desktop

The Stable channel has been updated to 146.0.7680.164/165 for Windows/Mac and 146.0.7680.164 for Linux, which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log Security Fixes and Rewards Note: Access to bug details and links may be kept...

CVE-2026-21732 GPU DDK - libusc OOB write at ConvertSwitchToArrayLookupBP during WebGPU shader compilation

A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can trigger a write out-of-bounds write crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the device. An...

CVE-2026-21732

CVE-2026-21732 affects the GPU shader compiler path used by Imagination Graphics DDK in various disclosures. The issue is described as an out-of-bounds write crash triggered by unusual GPU shader code, specifically when a web page contains shader input that is loaded into the GPU compiler process...

WebGPU Resource Isolation Auditor

This WebGPU security javascript confirms that memory isolation between buffers is fully enforced. It does not exploit any vulnerability but rather demonstrates that behavior is working as expected. It validates that attempts to read or write outside of Buffer A's bounds are safely handled by eith...

Fedora 44 : cef (2026-376794abc1)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-376794abc1 advisory. Update to cef-145.0.25 + chromium 145.0.7632.75 CVE-2026-1861: Heap buffer overflow in libvpx CVE-2026-1862: Type Confusion in V8 CVE-2026-2313: Use...

Google Chrome 145.0.7632.117 WebGPU Tint Security Test

This is a proof of concept designed to test how the WebGPU Tint compiler handles an out-of-bounds memory access attempt in WGSL. The shader intentionally uses an invalid array index to simulate an out-of-bounds write operation. The purpose is to observe whether WebGPU validation, sandboxing, and...

Fedora 42 : chromium (2026-583eef79a8)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-583eef79a8 advisory. Update to 145.0.7632.75 CVE-2026-2441: Use after free in CSS CVE-2026-2313: Use after free in CSS CVE-2026-2314: Heap buffer overflow in Codecs...

OPENSUSE-SU-2026:20248-1 Security update for chromium

This update for chromium fixes the following issues: Changes in chromium: - more fixes for desktop file, some variables were lowercased, further adaptions in INSTALL script boo1258199 - also copy rollup into thirdparty/node/nodemodules - stay on llvm-10 for swiftshader but bring a similar patch -...