Chromium Security
The latest Chromium Security coverage — news, analysis, and updates from the WindowsNews.AI desk.
CVE-2026-7938: Critical Chromium Use-After-Free Bug Forces Emergency Chrome and Edge Updates
Google and Microsoft are urging immediate browser updates to patch CVE-2026-7938, a high-severity use-after-free vulnerability in Chromium's Cascading Style Sheets (CSS) engine that could allow...
Chrome V8 CVE-2026-7940: Patch Now to Block Malicious Extensions
Google and Microsoft jointly disclosed CVE-2026-7940 on May 6, 2026, a medium-severity vulnerability in the V8 JavaScript engine that underpins Chromium-based browsers. The flaw, which affects Google...
CVE-2026-7947 Chrome 148 Update: Windows Users Must Patch UI Spoofing Bug Now
Google silently pushed a critical patch to the Chrome stable channel on May 6, 2026, fixing CVE-2026-7947, a medium-severity user interface (UI) spoofing bug in the Chromium Network component. The...
CVE-2026-7949 Skia Bug: Update Chrome/Edge to Stop Extension Data Leaks
Google and Microsoft disclosed CVE-2026-7949 on May 6, 2026, a medium‑severity Chromium vulnerability in the Skia graphics library that permits cross‑origin data leaks when attacker‑controlled...
Chrome 148 Patches CVE-2026-7952: Malicious Extensions Bypass Policy in Edge, Others
Google shipped an urgent update for Chrome on May 6, 2026, patching CVE-2026-7952, a medium-severity flaw that undermined extension policy enforcement across all Chromium-based browsers. The...
Update Chrome and Edge now: Patch fixes Chromium media OOB write flaw
Google Chrome has addressed a medium-severity out-of-bounds write vulnerability tracked as CVE-2026-7957, disclosed on May 6, 2026. The flaw resides in the Chromium Media component and affects Chrome...
Chromium DevTools Medium Bug Poses High Risk for Developer Machines
Google and Microsoft issued coordinated disclosures on May 6, 2026, for CVE-2026-7965, a medium-severity input-validation flaw in the DevTools component of Chromium. The bug, fixed in Google Chrome...
Chrome 148 Fixes High-Risk DevTools Flaw — Update Chrome and Edge Immediately
On May 6, 2026, Microsoft confirmed that a newly disclosed Chromium vulnerability—CVE-2026-7975—also affects its Edge browser. The use-after-free flaw in DevTools could help attackers escape...
Chrome 148 and Edge Patch: WebAudio Bug CVE-2026-7980 Earns High Severity Despite Medium Label
Google and Microsoft have patched a use-after-free vulnerability in Chromium’s WebAudio component, tracked as CVE-2026-7980, shipping the fix in Chrome version 148.0.7778.96 and in current...
CVE-2026-7985 GPU Bug Forces Windows Patch for All Chromium Apps
Google and Microsoft jointly disclosed CVE-2026-7985 on May 6, 2026, a medium-severity use-after-free bug in Chromium's GPU process that could allow a renderer compromise to escalate into a full...
Windows/Edge Alert: Patch Critical Chrome CVE-2026-7984 ReadingMode Flaw Now
Google has shipped an urgent security update for Chrome to address CVE-2026-7984, a severe use-after-free vulnerability in the browser's ReadingMode component. The fix arrives in Chrome 148.0.7778.96...
Google and Microsoft Patch Chromium DataTransfer Drag-and-Drop Flaw in Chrome 148
Google and Microsoft jointly disclosed CVE-2026-7989 on May 6, 2026, detailing a medium-severity vulnerability in Chromium's DataTransfer implementation. The flaw, fixed in Chrome before version...