Advertisement
Chrome 149 Update Patches 18 High-Severity UAF Vulnerabilities
Google releases Chrome 149 to address 18 severe vulnerabilities, including multiple use-after-free defects in Graphics, Dawn, and Mojo components.
Chrome 149 Update Patches 28 Vulnerabilities — Mitigation Guide
Google addresses 28 security flaws in Chrome 149, including critical use-after-free bugs. Learn about technical impacts and enterprise patching requirements.
Google Patches CVE-2026-11645: 5th Chrome Zero-Day Exploited in 2026
Google addresses CVE-2026-11645, a critical zero-day vulnerability in Chrome being actively exploited. Learn about patch guidance and detection strategies.
CVE-2024-4947: Google Patches Fifth Chrome Zero-Day of 2024
Google addresses CVE-2024-4947, a high-severity V8 type confusion vulnerability in Chrome being exploited in the wild. Update to version 125.0.6422.60 now.
Google Chrome DBSC: Preventing Account Takeover via Cookie Theft
Google Chrome rolls out Device Bound Session Credentials (DBSC) to protect users from session hijacking by cryptographically binding cookies to hardware.

Google Chrome ABE Bypass: Heightened Infostealer Threat
VoidStealer Trojan authors bypass Google Chrome's App-Bound Encryption (ABE), enabling infostealers to exfiltrate cookies and credentials from users.
April 2026 Patch Tuesday: SharePoint Zero-Day, BlueHammer, & Adobe RCE
Microsoft's April 2026 Patch Tuesday addresses 167 vulnerabilities, including a SharePoint Server zero-day, Windows Defender 'BlueHammer' flaw, and an actively exploited

Google Chrome 146 DBSC Implementation Hardens Windows Against Session Hijacking
Google releases Device Bound Session Credentials (DBSC) in Chrome 146 for Windows to mitigate cookie theft and session hijacking via hardware-backed security.
VoidStealer: Bypassing Chrome ABE via Remote Debugging Protocol
VoidStealer malware uses a novel debugger technique to bypass Google Chrome’s Application-Bound Encryption and exfiltrate browser-stored credentials.

Google Patches Chrome Zero-Days CVE-2026-3909 in Skia and V8
Google addresses two high-severity Chrome zero-days, including CVE-2026-3909, exploited in the wild via Skia and V8. Learn how to secure your browser now.

CVE-2026-0628: Chrome Gemini Panel Exploit Enables Privilege Escalation
A high-severity flaw in Google Chrome's Gemini side panel allowed malicious extensions to bypass security policies and access local files on target systems.
Chrome Gemini Live Hijacking: Malicious Extension Vulnerability
A vulnerability in Google Chrome’s Gemini Live AI assistant allowed malicious extensions to hijack sessions and steal user files. Learn more about the impact.