Chromium Security
The latest Chromium Security coverage — news, analysis, and updates from the WindowsNews.AI desk.
Critical Chrome zero-day CVE-2026-5909 patched; Edge users face code execution risk via video files.
Google has patched a critical integer overflow vulnerability in Chromium's media processing component that affects Microsoft Edge users, but questions remain about Microsoft's patch prioritization...
Chrome and Edge Patch Critical Heap Overflow in WebAudio Component
Google has disclosed CVE-2026-5864, a high-severity heap buffer overflow vulnerability in Chromium's WebAudio component that affects both Chrome and Microsoft Edge browsers. The security flaw,...
CVE-2026-5871: Critical V8 Type Confusion Vulnerability Patched in Chrome 147.0.7727.55
Microsoft's Security Update Guide has flagged CVE-2026-5871 as a critical vulnerability in Chromium's V8 JavaScript engine. This type confusion flaw could allow remote attackers to execute arbitrary...
CVE-2026-5874: Chrome PrivateAI Use-After-Free Vulnerability Poses Sandbox Escape Risk
Google Chrome versions prior to 147.0.7727.55 contain a critical use-after-free vulnerability in the PrivateAI component that could enable sandbox escape attacks. Designated CVE-2026-5874, this...
Chromium LNA flaw CVE-2026-5881 lets sites bypass local network protections in Chrome and Edge
Chromium's CVE-2026-5881 reveals a critical vulnerability in how browsers handle navigation requests between different security contexts, specifically affecting the LocalNetworkAccess (LNA) policy...
CVE-2026-5880: Chromium Omnibox UI Spoofing Vulnerability Explained and Patched
Google's Chromium security team has disclosed CVE-2026-5880, a medium-severity vulnerability that allows attackers to spoof the browser's omnibox UI after compromising the renderer process. This...
CVE-2026-5888: Chrome's WebCodecs Memory Disclosure Vulnerability Explained
Google has patched a memory disclosure vulnerability in Chrome's WebCodecs API tracked as CVE-2026-5888, affecting version 147.0.7727.55. The flaw allows attackers to access sensitive data from...
CVE-2026-5899: Chromium History Navigation UXSS Vulnerability Threatens Edge Users
Google has assigned CVE-2026-5899 to a newly disclosed Chromium vulnerability in the History Navigation component that enables cross-site scripting attacks. This flaw allows remote attackers to...
CVE-2026-5289: Chromium Navigation Vulnerability Threatens Windows Browser Security
Microsoft has confirmed a critical vulnerability in Chromium-based browsers that could enable sandbox escape attacks on Windows systems. CVE-2026-5289, rated as high severity, represents a...
CVE-2026-4454: Critical Chrome Network Use-After-Free Vulnerability Requires Immediate Windows Patch
Google has disclosed CVE-2026-4454, a high-severity use-after-free vulnerability in Chrome's Network component that affects all Windows systems running Chrome versions below 146.0.7680.153. This...
CVE-2026-4441: Critical Chrome Use-After-Free Vulnerability Patched in Latest Update
Google has released Chrome 146 to address CVE-2026-4441, a critical use-after-free vulnerability in the Base component that could lead to heap corruption and arbitrary code execution. This memory...
CVE-2026-4457: Microsoft Edge Patches Critical V8 Type Confusion Vulnerability in Chromium Engine
Microsoft has patched a critical security vulnerability in the Chromium engine that powers Microsoft Edge, addressing CVE-2026-4457, a V8 type confusion heap corruption flaw that could allow remote...