CVE-2026-5859: Integer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page…

CVE-2026-5859 [HIGH] Stable Channel Update for ChromeOS / ChromeOS Flex: CVE-2026-5859 Stable Channel Update for ChromeOS / ChromeOS Flex CVE-2026-5859

CVE-2026-5858 [CRITICAL] Stable Channel Update for Desktop: CVE-2026-5858 Stable Channel Update for Desktop CVE-2026-5858: Heap buffer overflow in WebML. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-17 [$43000][ 494158331 ] Critical CVE-2026-5859: Integer overflow in WebML Reported by Anonymous on 2026-03-19 [$11000][ 486495143 ] High CVE-2026-5860: Use after free in WebRTC Severity: critical

CVE-2026-5859 [HIGH] CWE-190 chromium-browser: Integer overflow in WebML chromium-browser: Integer overflow in WebML An integer overflow flaw was found in the WebML component of the Chromium browser. Upstream bug(s): https://code.google.com/p/chromium/issues/detail?id=494158331 Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.

CVE-2026-5859 [HIGH] CVE-2026-5859: chromium - Integer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remo... Integer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) Scope: local bookworm: open bullseye: open forky: open sid: resolved (fixed in 147.0.7727.55-1) trixie: open

CVE-2026-5859 CWE-472 GHSA-7gpj-6vgg-g937: Integer overflow in WebML in Google Chrome prior to 147 Integer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

CVE-2026-5859 [HIGH] Google Chrome up to 146.0.7680.178 WebML external control of assumed-immutable web parameter (ID 494158 / WID-SEC-2026-1030) A vulnerability was found in Google Chrome. It has been rated as critical. Impacted is an unknown function of the component WebML. The manipulation leads to external control of assumed-immutable web parameter. This vulnerability is referenced as CVE-2026-5859. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is advised.

CVE-2026-5859 [HIGH] CVE-2026-5859: Integer overflow in WebML in Google Chrome prior to 147 Integer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

CVE-2026-5858 [HIGH] CVE-2026-5858 CVE-2026-5859 CVE-2026-5860 CVE-2026-5861 CVE-2026-5874 CVE-2026-5875 CVE-2026-5876 CVE-2026-5894 chromium: various flaws [epel-all] CVE-2026-5858 CVE-2026-5859 CVE-2026-5860 CVE-2026-5861 CVE-2026-5874 CVE-2026-5875 CVE-2026-5876 CVE-2026-5894 chromium: various flaws [epel-all] Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. Discussion: FEDORA-2026-952f3c3d9e (chromium-147.0.7727.55-1.fc43) has been submitted as an update to Fedora 43. https://bodhi.fedoraproject.org/updates/FEDORA-2026-952f3c3d9e --- FEDORA-EPEL-2026-718899309a (chromium-147.0.7727.55-1.el10_3) has been submitted as an update to Fedora EPEL 10.3. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-718899309a --- FEDORA-EPEL-2026-82b8678fe1 (chromium-147.0.7727.55-1.e

CVE-2026-5858 [HIGH] CVE-2026-5858 CVE-2026-5859 CVE-2026-5860 CVE-2026-5861 CVE-2026-5874 CVE-2026-5875 CVE-2026-5876 CVE-2026-5894 chromium: various flaws [fedora-all] CVE-2026-5858 CVE-2026-5859 CVE-2026-5860 CVE-2026-5861 CVE-2026-5874 CVE-2026-5875 CVE-2026-5876 CVE-2026-5894 chromium: various flaws [fedora-all] Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. Discussion: FEDORA-EPEL-2026-718899309a (chromium-147.0.7727.55-1.el10_3) has been submitted as an update to Fedora EPEL 10.3. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-718899309a --- FEDORA-EPEL-2026-4bb81189d7 (chromium-147.0.7727.55-1.el9) has been submitted as an update to Fedora EPEL 9. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-4bb81189d7 --- FEDORA-2026-f0ab053633 (chromium-147.0.7

CVE-2026-5859 [HIGH] CVE-2026-5859 chromium-browser: Integer overflow in WebML CVE-2026-5859 chromium-browser: Integer overflow in WebML Integer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

[HIGH] Microsoft Patch Tuesday April 2026., (Tue, Apr 14th) Microsoft Patch Tuesday April 2026. Published: 2026-04-14. Last Updated: 2026-04-14 17:46:09 UTC by Johannes Ullrich (Version: 1) 0 comment(s) This month's Microsoft Patch Tuesday looks like a record one, but let's look at it a bit closer to understand what is happening The update patches a total of 243 vulnerabilities. However, 78 of them are Chromium issues affecting Microsoft Edge. Patches for Edge were released earlier. This leaves 165 vulnerabilities that are not Edge-related. Of these, 8 are rated critical, and 154 are important. One vulnerability has already been exploited, and another was made public before today but has not yet been seen in the wild. Noteworthy Vulnerabilities: CVE-2026-33827 (Windows TCP/IP Remote Code Execution Vulnerability): As a packet nerd, I love thes

[HIGH] ⚡ Weekly Recap: Fiber Optic Spying, Windows Rootkit, AI Vulnerability Hunting and More Home Threat Intelligence Vulnerabilities Cyber Attacks Webinars Expert Insights Awards Webinars Awards Free eBooks About THN Jobs Advertise with us ## ⚡ Weekly Recap: Fiber Optic Spying, Windows Rootkit, AI Vulnerability Hunting and More Monday is back, and the weekend’s backlog of chaos is officially hitting the fan. We are tracking a critical zero-day that has been quietly living in your PDFs for months, plus some aggressive state-sponsored meddling in infrastructure that is finally coming to light. It is one of those mornings where the gap between a quiet shift and a full-blown incident response is basically non-existent. The variety this week is particularly nasty. We have AI models being turned into autonomous exploit engines, North Korean groups playing the long game

CVE-2026-5859 [HIGH] CVE-2026-5859 Impact, Exploitability, and Mitigation Steps | Wiz ## CVE-2026-5859 : Google Chrome vulnerability analysis and mitigation Integer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) Source : NVD Published April 8, 2026 CNA Score N/A Affected Technologies Google Chrome Chromium Has Public Exploit No Has CISA KEV Exploit No CISA KEV Release Date N/A CISA KEV Due Date N/A Exploitation Probability Percentile (EPSS) 9.4 Exploitation Probability (EPSS) N/A Affected packages and libraries cpe:2.3:a:google:chrome chromium Sources NVD Debian 11, 12, 13, 14 No Fix Added at: Apr 09, 2026 Echo No Fix Added at: Apr 09, 2026 Linux Has Fix Added at: Apr 09, 2026 Windows Has Fix Added at: Apr 09, 202