CVE-2026-6297: Use after free in Proxy in Google Chrome prior to 147.0.7727.101 allowed an attacker in a privileged network position to potentially perform a sandbox escape…

CVE-2026-6297 [HIGH] Stable Channel Update for ChromeOS / ChromeOS Flex: CVE-2026-6297 Stable Channel Update for ChromeOS / ChromeOS Flex CVE-2026-6297

CVE-2026-6297 [HIGH] CWE-825 chromium-browser: Use after free in Proxy chromium-browser: Use after free in Proxy An use after free flaw was found in the Proxy component of the Chromium browser. Upstream bug(s): https://code.google.com/p/chromium/issues/detail?id=493628982 Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.

CVE-2026-6296 [CRITICAL] Stable Channel Update for Desktop: CVE-2026-6296 Stable Channel Update for Desktop CVE-2026-6296: Heap buffer overflow in ANGLE. Reported by cinzinga on 2026-03-05 [$10000][ 493628982 ] Critical CVE-2026-6297: Use after free in Proxy Reported by heapracer on 2026-03-17 [TBD][ 495700484 ] Critical CVE-2026-6298: Heap buffer overflow in Skia Severity: critical

CVE-2026-6297 [HIGH] Google Chrome up to 147.0.7727.55 Proxy use after free (ID 493628) A vulnerability was found in Google Chrome. It has been rated as critical. Impacted is an unknown function of the component Proxy. The manipulation leads to use after free. This vulnerability is documented as CVE-2026-6297. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is advised.

CVE-2026-6297 [HIGH] CWE-416 GHSA-pfc6-jxgq-cf62: Use after free in Proxy in Google Chrome prior to 147 Use after free in Proxy in Google Chrome prior to 147.0.7727.101 allowed an attacker in a privileged network position to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

CVE-2026-6296 [CRITICAL] CVE-2026-6296 CVE-2026-6297 CVE-2026-6298 CVE-2026-6300 CVE-2026-6301 CVE-2026-6302 CVE-2026-6305 CVE-2026-6306 CVE-2026-6307 CVE-2026-6318 CVE-2026-6319 CVE-2026-6358 CVE-2026-6359 CVE-2026-6360 CVE- CVE-2026-6296 CVE-2026-6297 CVE-2026-6298 CVE-2026-6300 CVE-2026-6301 CVE-2026-6302 CVE-2026-6305 CVE-2026-6306 CVE-2026-6307 CVE-2026-6318 CVE-2026-6319 CVE-2026-6358 CVE-2026-6359 CVE-2026-6360 CVE-2026-6362 chromium: various flaws [epel-all] Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.

CVE-2026-6296 [CRITICAL] CVE-2026-6296 CVE-2026-6297 CVE-2026-6298 CVE-2026-6300 CVE-2026-6301 CVE-2026-6302 CVE-2026-6305 CVE-2026-6306 CVE-2026-6307 CVE-2026-6318 CVE-2026-6319 CVE-2026-6358 CVE-2026-6359 CVE-2026-6360 CVE- CVE-2026-6296 CVE-2026-6297 CVE-2026-6298 CVE-2026-6300 CVE-2026-6301 CVE-2026-6302 CVE-2026-6305 CVE-2026-6306 CVE-2026-6307 CVE-2026-6318 CVE-2026-6319 CVE-2026-6358 CVE-2026-6359 CVE-2026-6360 CVE-2026-6362 chromium: various flaws [fedora-all] Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.

CVE-2026-6297 [HIGH] CVE-2026-6297 chromium-browser: Use after free in Proxy CVE-2026-6297 chromium-browser: Use after free in Proxy Use after free in Proxy in Google Chrome prior to 147.0.7727.101 allowed an attacker in a privileged network position to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

CVE-2026-20184 ⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More Home Threat Intelligence Vulnerabilities Cyber Attacks Webinars Expert Insights Awards Webinars Awards Free eBooks About THN Jobs Advertise with us ## ⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More Monday’s recap shows the same pattern in different places. A third-party tool becomes a way in, then leads to internal access. A trusted download path is briefly swapped to deliver malware. Browser extensions act normally while pulling data and running code. Even update channels are used to push payloads. It’s not breaking systems—it’s bending trust. There’s also a shift in how attacks run. Slower check-ins, multi-stage payloads, andmore code kept in memory. Attackers lean on real tools and normal workflows instead of custom builds. Some cas