Live

Cve 2026 14064

The latest Cve 2026 14064 coverage — news, analysis, and updates from the WindowsNews.AI desk.

13 stories in view AI assisted desk updated 5:49 AM
Latest Most Read Breaking
Sort
Browser Security · Chrome 150

Chrome 150 Patch Closes Codec Bug That Leaked Memory on Windows

Google's June 30, 2026 Chrome 150 update fixes a medium-severity, Windows-only information disclosure flaw (CVE-2026-14010) in the Codecs component. The patch prevents potential data leaks from uninitialized memory and requires users to update to version 150.0.7871.

Security

Google Fixes Chrome Use-After-Free on macOS — Why the Same Update Matters for Windows

Google released Chrome 150.0.7871.47 on June 30, 2026, fixing CVE-2026-14025, a macOS-only use-after-free vulnerability. Even though the bug is rated low severity and doesn't affect Windows directly, the update is crucial for all users because it likely includes other security improvements and erodes the attack chain possibilities. This article explains why every Windows user and IT admin should apply the update immediately and how to verify it.

Security Desk·3m ago ·5 min
Security

Google Fixes Chrome SanitizerAPI Flaw That Allowed Attackers to Snoop Across Websites

Google shipped Chrome 150.0.7871 to fix CVE-2026-14023, a medium-severity SanitizerAPI flaw that could allow a malicious webpage to bypass same-origin protections and silently read data from other open websites. Windows users and Chromium-based browser users should trigger an immediate update and restart the browser to ensure the patch is applied. IT administrators should prioritize deployment across managed devices, especially in environments handling sensitive corporate web apps.

Security Desk·5m ago ·5 min
Security

Chrome Linux Hit by Omnibox Spoofing CVE-2026-14030—Patch Now to 150.0.7871.47

A newly published Chrome vulnerability (CVE-2026-14030) allows malicious sites to spoof the Omnibox on Linux by exploiting the SplitView feature. All Chrome versions before 150.0.7871.47 are affected. Users should update immediately and verify their browser version.

Security Desk·9m ago ·5 min
Advertisement
Chrome Android Security · CVE-2026-14034

Chrome 150 for Android patches WebXR navigation bypass with emergency update

Google has released Chrome 150.0.7871.47 for Android to patch CVE-2026-14034, a low-severity WebXR flaw that could allow a remote attacker to bypass navigation restrictions. Home users should update the browser immediately; enterprise admins should enforce the new version via MDM policies.

SE Security Desk·15m ago
Chrome · Security

Chrome 150.0.7871.47 Patches Navigation Bypass on Windows — Update Now to Block Remote Attacks

Google released Chrome 150.0.7871.47 on June 30, 2026, patching CVE-2026-14054, a low-severity Chromium Network flaw that allowed a remote attacker to bypass navigation restrictions. Windows users should update immediately via the browser’s built-in updater to block potential phishing and redirect attacks. The fix requires no special configuration, though enterprise admins may want to accelerate deployment.

SE Security Desk·19m ago
Browser Extensions · Chrome 150 Update

Chrome 150 Fixes Extensions Flaw That Could Leak Your Private Data – Update Now

Chrome 150.0.7871.47, released June 30, 2026, patches a low-severity extensions vulnerability (CVE-2026-14053) that could leak cross-origin data after an attacker compromises add-ons. The article explains the risk for home users and enterprises, provides step-by-step update instructions, and advises locking down extensions to prevent exploitation.

SE Security Desk·20m ago
Browser Patching · Chrome Security

Google Ships Fix for Chrome Parser Flaw That Let Attackers Skirt Webpage Defenses

Google patched a low-severity Chrome vulnerability (CVE-2026-14058) that allowed attackers to bypass Content Security Policy protections via a parser flaw. The fix is included in Chrome version 150.0.7871.47, released June 30, 2026. Windows users should verify their browser is updated to prevent potential script injection attacks.

SE Security Desk·24m ago
CVE-2026-14057 · FedCM

Chrome’s FedCM Flaw Lets Attackers Skip Same-Origin Rules—Update to 150.0.7871.47 Now

CVE-2026-14057 is a critical same-origin bypass in Chrome’s FedCM API that lets attackers hijack accounts via crafted web pages. Users must update to Chrome 150.0.7871.47 immediately. The flaw highlights the high stakes of browser-based identity systems.

SE Security Desk·24m ago
Chrome Security Update · Chromoting

Google Patches Chrome for Windows After Chromoting Bug Grants Attackers Local Admin Rights

Google patched a high-severity local privilege escalation bug (CVE-2026-14060) in Chrome 150 for Windows that allowed attackers to gain SYSTEM rights via Chromoting. The update arrived on June 30, 2026, after a public exploit surfaced. All Windows Chrome users should update immediately.

SE Security Desk·24m ago
Chrome Ios Security · Cpe Metadata

A Low-Severity Chrome iOS Bug and the CPE Mix-Up That Almost Hid It

A Chrome for iOS Omnibox vulnerability fixed in version 150.0.7871.47 highlights how incomplete CPE data in the NVD can cause organizations to overlook critical mobile patches. The incident serves as a practical lesson in verifying vulnerability feeds and taking immediate action, even on 'low severity' bugs.

SE Security Desk·29m ago
Chrome 150 Security · Chromium Uxss

Chrome 150.0.7871.47 Patches Low-Severity HTML Parsing Flaw That Could Enable Cross-Site Scripting

Google released Chrome 150.0.7871.47 for Windows and macOS on June 30, 2026, to fix CVE-2026-14083, a low-severity universal cross-site scripting vulnerability caused by improper HTML input validation. While the practical risk is limited, the update highlights the importance of promptly applying even minor browser patches to avoid potential exploit chains.

SE Security Desk·29m ago
Browser Security · Chrome 150

Chrome 150 Closes WebXR Loophole That Could Hijack Your VR Browsing Session

Google's Chrome 150 stable release on June 30, 2026 patches a low-severity WebXR navigation bypass (CVE-2026-14073) that could allow malicious sites to redirect users during VR sessions. The fix, which adds a redundant origin check, requires no user action beyond a routine browser update. While the vulnerability had limited real-world impact, its resolution highlights the expanding security considerations for immersive web experiences.

SE Security Desk·29m ago