Live
Chrome’s FedCM Flaw Lets Attackers Skip Same-Origin Rules—Update to 150.0.7871.47 Now·MSFT +0.1%Google Ships Fix for Chrome Parser Flaw That Let Attackers Skirt Webpage Defenses·NVDA +3.0%Google Patches Chrome for Windows After Chromoting Bug Grants Attackers Local Admin Rights·GOOGL +1.2%A Low-Severity Chrome iOS Bug and the CPE Mix-Up That Almost Hid It·AMZN +2.9%Chrome 150 Closes WebXR Loophole That Could Hijack Your VR Browsing Session·MSFT +0.1%Chrome 150.0.7871.47 Patches Low-Severity HTML Parsing Flaw That Could Enable Cross-Site Scripting·NVDA +3.0%Chrome 150 Patches CSS Side-Channel Flaw That Exposed Cross-Origin Data on Windows and Mac·GOOGL +1.2%Chrome 150 for Android Patches Sandbox Escape Bug—NVD Tags It 'Low' Severity·AMZN +2.9%Chrome’s FedCM Flaw Lets Attackers Skip Same-Origin Rules—Update to 150.0.7871.47 Now·MSFT +0.1%Google Ships Fix for Chrome Parser Flaw That Let Attackers Skirt Webpage Defenses·NVDA +3.0%Google Patches Chrome for Windows After Chromoting Bug Grants Attackers Local Admin Rights·GOOGL +1.2%A Low-Severity Chrome iOS Bug and the CPE Mix-Up That Almost Hid It·AMZN +2.9%Chrome 150 Closes WebXR Loophole That Could Hijack Your VR Browsing Session·MSFT +0.1%Chrome 150.0.7871.47 Patches Low-Severity HTML Parsing Flaw That Could Enable Cross-Site Scripting·NVDA +3.0%Chrome 150 Patches CSS Side-Channel Flaw That Exposed Cross-Origin Data on Windows and Mac·GOOGL +1.2%Chrome 150 for Android Patches Sandbox Escape Bug—NVD Tags It 'Low' Severity·AMZN +2.9%

Cve 2026 14079

The latest Cve 2026 14079 coverage — news, analysis, and updates from the WindowsNews.AI desk.

13 stories in view AI assisted desk updated 5:23 AM
Latest Most Read Breaking
Sort
Chrome Ios Security · Cpe Metadata

A Low-Severity Chrome iOS Bug and the CPE Mix-Up That Almost Hid It

A Chrome for iOS Omnibox vulnerability fixed in version 150.0.7871.47 highlights how incomplete CPE data in the NVD can cause organizations to overlook critical mobile patches. The incident serves as a practical lesson in verifying vulnerability feeds and taking immediate action, even on 'low severity' bugs.

Security

Chrome 150.0.7871.47 Patches Low-Severity HTML Parsing Flaw That Could Enable Cross-Site Scripting

Google released Chrome 150.0.7871.47 for Windows and macOS on June 30, 2026, to fix CVE-2026-14083, a low-severity universal cross-site scripting vulnerability caused by improper HTML input validation. While the practical risk is limited, the update highlights the importance of promptly applying even minor browser patches to avoid potential exploit chains.

Security Desk·3m ago ·5 min
Security

Chrome 150 Closes WebXR Loophole That Could Hijack Your VR Browsing Session

Google's Chrome 150 stable release on June 30, 2026 patches a low-severity WebXR navigation bypass (CVE-2026-14073) that could allow malicious sites to redirect users during VR sessions. The fix, which adds a redundant origin check, requires no user action beyond a routine browser update. While the vulnerability had limited real-world impact, its resolution highlights the expanding security considerations for immersive web experiences.

Security Desk·4m ago ·5 min
Security

Chrome 150 Patches CSS Side-Channel Flaw That Exposed Cross-Origin Data on Windows and Mac

Google patched Chrome 150 on June 30, 2026, fixing a CSS side-channel vulnerability (CVE-2026-14085) that allowed remote attackers to leak cross-origin data from embedded iframes. While rated low severity, the flaw undermines same-origin policy, making the update essential for Windows and Mac users. No workarounds exist, so updating to version 150.0.7871.47 is the only protection.

Security Desk·9m ago ·5 min
Advertisement
Chrome 150 · Cve-2026-14107

Chrome 150 Fixes CVE-2026-14107: Why You Should Update Now Despite Its Low Severity Rating

Google's Chrome 150 stable channel update fixes CVE-2026-14107, a use-after-free vulnerability in the Scheduling component. While rated 'Low' severity, security experts warn it can be used in exploit chains to achieve remote code execution. Windows users should urgently apply the update to protect against potential attacks.

SE Security Desk·13m ago
Android Browser Patching · Chrome 150 Security

Chrome 150 for Android Patches Sandbox Escape Bug—NVD Tags It 'Low' Severity

Chrome 150 for Android patches CVE-2026-14106, a sandbox escape in the Text component that received a “Low” severity rating from the National Vulnerability Database. Despite the low rating, a sandbox escape can be a critical part of a full device compromise. Android users should verify they’re on Chrome 150 and keep automatic updates enabled.

SE Security Desk·13m ago
Chrome 150 Update · Cve-2026-14108

Chrome 150 Patch Closes PDFium Use-After-Free Bug—Update Now to Block Malicious PDF Attacks

Google released Chrome 150.0.7871.47 on June 30, 2026, patching a critical use-after-free flaw in the PDFium library. The vulnerability, tracked as CVE-2026-14108, could allow remote code execution if a user opens a crafted PDF. All users should update immediately, and IT admins must push the patch across fleets to prevent exploitation.

SE Security Desk·14m ago
CVE-2026-14113 · Google Chrome

Critical Chrome Updater Bug CVE-2026-14113 Hits Windows: Patch to 150.0.7871.47 Now

Google has released Chrome 150.0.7871.47 to fix CVE-2026-14113, a use-after-free bug in the browser's updater on Windows. The flaw could let an attacker with a foothold in the renderer break out of the sandbox, so all Windows Chrome users should update immediately. The patch addresses a less-examined attack surface and highlights the growing scrutiny on browser components beyond the renderer.

SE Security Desk·19m ago
Chrome Security · Cve-2026-14111

Google Issues Fix for WebProtect Use-After-Free Flaw in Chrome 150

Google released a Chrome update on June 30, 2026, fixing a low-severity use-after-free vulnerability in the WebProtect component (CVE-2026-14111). The flaw required user interaction to be exploited, making the risk low for most users. Chrome users should update to version 150.0.7871.47 immediately.

SE Security Desk·19m ago
Chrome 150 · CVE-2026-14120

CVE-2026-14120: Chrome 150 Fixes DevTools Sandbox Escape

Google released Chrome 150 with a patch for CVE-2026-14120, a high-severity DevTools flaw that allowed sandbox escape after renderer compromise. All users should update to version 150.0.7871.47 immediately to protect against potential attacks.

SE Security Desk·23m ago
Browser Patching · Chrome Security

Chrome 150 Patches Low-Severity Flaw That Could Leak Sensitive Data via DevTools

The June 30, 2026, release of Chrome 150.0.7871.47 addresses CVE-2026-14118, a low-severity DevTools validation issue that could leak cross-origin data. While the risk to average users is minimal, web developers should exercise caution. Windows users can secure their browsers by updating immediately.

SE Security Desk·24m ago
Chrome For Android · CVE-2026-14134

Chrome for Android Fixes Autofill Spoofing Bug That Could Trick Users into Handing Over Passwords

Google has patched CVE-2026-14134, a low-severity Autofill UI spoofing vulnerability in Chrome for Android that could trick users into handing over saved passwords to malicious sites. The fix arrived in version 150.0.7871.47, and no active attacks have been reported. Users should update Chrome immediately and remain cautious when Autofill prompts appear on unfamiliar pages.

SE Security Desk·29m ago
Cve-2026-14135 · Google Chrome

Chrome 150 Patches UI Spoofing Flaw CVE-2026-14135 – Why All Windows Users Should Update Immediately

Google patched CVE-2026-14135, a low-severity UI spoofing vulnerability in Chrome, with version 150.0.7871.47. The flaw requires an already-compromised renderer process, making it a secondary threat. All Windows users should update Chrome immediately to close this avenue in potential attack chains.

SE Security Desk·29m ago