Cve 2026 14040
The latest Cve 2026 14040 coverage — news, analysis, and updates from the WindowsNews.AI desk.
Urgent Chrome 150 Update Blocks Remote Code Execution Attacks on Windows and Mac
Google has shipped Chrome 150.0.7871.47 for Windows and macOS, fixing a high-severity use-after-free bug (CVE-2026-13965) in the Oilpan garbage collector that could let remote attackers execute code. Users and IT admins should update immediately to prevent potential drive-by attacks. The out-of-cycle release signals urgency, possibly indicating active exploitation or a readily available exploit.
Microsoft Patches Edge Spoofing Flaw That Could Let Attackers Impersonate Trusted Sites
Microsoft released an emergency patch for its Edge browser on July 3, 2026, fixing a spoofing vulnerability (CVE-2026-45489) that could let attackers impersonate trusted websites. The update to build 150.0.4078.48 is rated medium severity but poses a phishing risk because it undermines the trustworthiness of the address bar. Users should ensure automatic updates are enabled, and IT admins should push the patch immediately.
Chrome 150.0.7871.47 Fixes UI Spoofing That Could Rewrite Your Browsing History
Google fixed CVE-2026-13966, a medium-severity Chrome UI spoofing bug in the History page, with the release of version 150.0.7871.47. The flaw could let attackers mislead users by fabricating browsing history entries. All desktop Chrome users should immediately update to close the loophole.
Google Chrome 150.0.7871.47 Fixes Heap Overflow in Storage; Admins Warned of NVD Mapping Gap
Google's latest Chrome update patched a medium-severity heap buffer overflow in the Storage component that could enable code execution after a renderer compromise. The fix, in version 150.0.7871.47, is crucial for Windows users, but admins are facing a new problem: the NVD's CPE entry doesn't yet reflect the patched version, causing vulnerability scanners to miss it. This article explains what happened, who's affected, and how to keep systems secure while NVD updates.
Chrome 150 Update Patches Password UI Spoofing Flaw—Check Your Browser Now
Chrome 150.0.7871.47 fixes CVE-2026-13982, a medium-severity vulnerability that allows attackers to spoof the password manager UI after compromising the renderer. Home users and enterprises should update immediately to prevent credential theft through convincing fake dialogs. The patch highlights ongoing challenges in securing inter-process communication within browsers.
Google Chrome 150 Patches Skia Memory Leak—Update Now to Block Data Theft
Google Chrome’s June 30, 2026 stable update (version 150.0.7871.47) patches CVE-2026-13971, a medium-severity memory initialization flaw in the Skia graphics engine that could allow data leaks. The fix is rolling out to Windows, macOS, and Linux, and all users should restart Chrome immediately to apply the update. IT admins should push the update via enterprise policies to prevent potential exploitation.
Google Fixes ChromeOS Vulnerability That Could Let Attackers Spoof Media Prompts
Google has patched a medium-severity UI spoofing vulnerability (CVE-2026-13986) in Chrome for ChromeOS that could trick users into granting permissions or downloading malware. The fix is in ChromeOS version 150.0.7871.47, and while Windows users aren't directly affected, the incident highlights the importance of prompt browser updates across all platforms.
Google Patches Chrome TabStrip UI Spoofing Bug (CVE-2026-13984) – Windows Users Should Update Now
Google released Chrome 150.0.7871.47 on June 30, 2026, fixing CVE-2026-13984, a medium-severity flaw in the TabStrip that could let attackers spoof the user interface. The bug, which affects Windows, Mac, and Linux, could trick users into thinking a malicious site is legitimate. All Chrome users are urged to update immediately to prevent potential phishing attacks.
Google Fixes Chrome Vulnerability That Allowed Attackers to Spoof Web App Origins
Google disclosed CVE‑2026‑13993, a medium‑severity Chrome flaw fixed before version 150.0.7871.47 that could misrepresent the installing domain in Web App Install prompts. The bug, requiring user interaction, allowed attackers to spoof the origin of Progressive Web Apps, potentially tricking users into installing malicious software. Chrome’s automatic update has already delivered the patch, and users should verify they are on the latest version to stay protected.
Google Patches Chrome on Windows to Fix DataTransfer Vulnerability That Could Enable UI Spoofing
Google released Chrome version 150.0.7871.47 for Windows on June 30, 2026, fixing a medium-severity vulnerability (CVE-2026-13990) in the DataTransfer API that could allow a compromised renderer process to spoof UI elements. Users should update immediately to prevent potential exploitation in chained attacks. The update is rolling out via automatic updates and is also available as a direct download.
CVE-2026-14007: Chrome Permissions Bypass Hits Windows – Here’s How to Secure Your Browser
A medium-severity vulnerability in Google Chrome (CVE-2026-14007) allows attackers to bypass PermissionsPolicy enforcement, potentially accessing sensitive features without consent. Windows users running Chrome or Edge should update immediately to version 150.0.7871.47 or later to close the gap.
Chrome 150 Ships Fix for UI Spoofing Flaw That Could Trick Users Into Granting Permissions
Google fixed a permissions UI spoofing vulnerability (CVE-2026-13996) in Chrome 150.0.7871.47 that could let attackers trick users into granting camera, mic, or location access via a crafted webpage. Users and admins should update immediately to avoid unauthorized sensor access.
Chrome 150.0.7871.47 Fixes Medium-Severity StorageAccessAPI Cross-Origin Leak
A medium-severity flaw in Chrome's StorageAccessAPI, tracked as CVE-2026-14021, could allow cross-origin data leakage from a compromised renderer process. Google fixed it in Chrome 150.0.7871.47 released June 30, 2026. Users on Windows and other platforms should update immediately.