Security Alerts
The latest Security Alerts coverage — news, analysis, and updates from the WindowsNews.AI desk.
Chrome 150 Patches High-Severity Aura Flaw Before NVD Can Catch Up
Google patched a high-severity memory-safety flaw in Chrome’s Aura UI framework on July 16, shipping version 150.0.7871.128 for Windows and .129 for macOS. The fix arrived before the corresponding...
Google Chrome 150 Update Fixes High-Severity Cast Vulnerability — What Windows Users Need to Know
Google released Chrome 150.0.7871.128 for Windows on July 16, closing a high-severity use-after-free flaw in the Cast component tracked as CVE-2026-15902. The same update patches three critical...
CVE-2026-15901 Shows Up on NVD — But It’s Not a Real Chromium Flaw Yet
Security teams scanning for new vulnerabilities this week encountered a curious entry: CVE-2026-15901, described as a Chromium use-after-free in the Network component, now displays on the National...
Critical Chrome GPU Flaw Fixed in Latest Update — Why Windows Users Can’t Wait for the NVD to Catch Up
Google released Chrome 150.0.7871.128 for Windows and Linux on July 16, 2026, alongside a corresponding macOS build, patching a critical use-after-free vulnerability in the browser’s GPU component....
CVE-2026-15899: Why Chrome’s Latest Security Fix Is Invisible to the NVD — and How to Respond
Google shipped a Chrome security update on Wednesday that fixes a critical camera-related vulnerability, but the U.S. government’s official vulnerability database still doesn’t acknowledge the...
That Alarming New Chromium CVE Is Real, But the Details Are Still a Mystery
A new vulnerability identifier has surfaced this week with a title that would make any system administrator pause: "Chromium: CVE-2026-15903 Out of bounds read and write in V8." The CVE appeared in...
Chromium CVE-2026-15904: Why It’s Missing from the NVD and What to Do About It
A newly disclosed use-after-free vulnerability in the Chromium browser engine’s Ozone component—assigned CVE-2026-15904—presents a puzzle for Windows users and admins. The U.S. National...
RHEL 8/9/10: A Tiny Compressed WebSocket Message Can Crash Your Server—No Patch Yet
Red Hat disclosed a high-severity vulnerability in the libsoup network library that lets a remote, unauthenticated attacker crash a service with a single, carefully crafted compressed WebSocket...
CVE-2026-15711: How a Linux Library Bug Can Crash Your Windows Services
{ "title": "CVE-2026-15711: How a Linux Library Bug Can Crash Your Windows Services", "content": "On July 14, 2026, security researchers at Red Hat published details of a high-severity...
How a Heap Bug in libsoup Can Crash Your WSL Apps – and What Windows Admins Must Do
On July 14, 2026, Red Hat disclosed a heap buffer over-read vulnerability in the libsoup networking library that can crash applications handling HTTP/2 traffic. CVE-2026-15712 affects versions 3.0...
Windows PCs Face a Linux-Sized Security Hole: What to Know About CVE-2026-15714
On July 14, 2026, Red Hat published CVE-2026-15714, an out-of-bounds read flaw in the libsoup HTTP library’s multipart response processing. A remote, unauthenticated attacker can craft a malicious...
Red Hat Flags libsoup HTTP/2 Memory Leak That Can Crash Apps—No Patch Yet
Red Hat has published a new vulnerability, CVE-2026-15713, that exposes applications using the libsoup library to a remote-triggered denial of service. The flaw, disclosed on July 14, 2026, allows a...