WebMCP Tool Surface Poisoning: Runtime Manipulation Attacks on LLM Agents

WebMCP is a newly emerging protocol that enables websites to expose tools directly to AI agents, bypassing traditional user interfaces and introducing new security risks. The dynamic exposure of agent-accessible tools in WebMCP expands the attack surface of web sessions, especially when third-par...

ROS-20260515-73-0034

A vulnerability in the WebMCP component of Google Chrome and Microsoft Edge browser is related to memory usage after it is freed. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted HTML page...

Astra Linux – Vulnerability in Chromium

The use of after free in WebMCP within Google Chrome before version 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...

Google Chrome WebMCP Resource Management Error Vulnerability

Google Chrome is a free web browser developed by Google Inc. A security vulnerability exists in Google Chrome WebMCP, which originates from re-referencing or using freed memory, and can be exploited by remote attackers to execute arbitrary code...

Chromium: CVE-2026-3918 Use after free in WebMCP

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

CVE-2026-3918

An use after free flaw was found in the WebMCP component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=483853103...

SUSE CVE-2026-3918

Use after free in WebMCP in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

EUVD-2026-11428

Use after free in WebMCP in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2026-3918

Use after free in WebMCP in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2026-3918

Use after free in WebMCP in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

DEBIAN-CVE-2026-3918

Use after free in WebMCP in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2026-3918

Use after free in WebMCP in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2026-3918

Use after free in WebMCP in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2026-3918

Use after free in WebMCP in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2026-3918

Use after free in WebMCP in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2026-3918

CVE-2026-3918 affects Google Chrome via WebMCP use-after-free leading to potential heap corruption when processing a crafted HTML page. Public sources in connected documents consistently describe the flaw as originating from after-free in WebMCP, with the issue occurring in Chrome builds prior to...

Google Chrome 资源管理错误漏洞

Google Chrome is a free web browser developed by Google Inc. A security vulnerability exists in Google Chrome WebMCP, which originates from re-referencing or using freed memory, and can be exploited by remote attackers to execute arbitrary code...

chromium -- security fixes

Chrome Releases reports: This update includes 29 security fixes: 483445078 Critical CVE-2026-3913: Heap buffer overflow in WebML. Reported by Tobias Wienand on 2026-02-10 481776048 High CVE-2026-3914: Integer overflow in WebML. Reported by cinzinga on 2026-02-04 483971526 High CVE-2026-3915: Heap...

PT-2026-24866

🟠 CVE-2026-3918 - High Use after free in WebMCP in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High https://t.co/Z6myTEvlEg https://t.co/AuzQFmtai4...