CVE-2026-6299: Use after free in Prerender in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium…

CVE-2026-6299 [HIGH] Google Chrome up to 147.0.7727.55 Prerender use after free (ID 497053) A vulnerability categorized as critical has been discovered in Google Chrome. The affected element is an unknown function of the component Prerender. The manipulation results in use after free. This vulnerability is reported as CVE-2026-6299. The attack can be launched remotely. No exploit exists. It is advisable to upgrade the affected component.

CVE-2026-6299 [HIGH] CWE-416 GHSA-3347-qjpp-457v: Use after free in Prerender in Google Chrome prior to 147 Use after free in Prerender in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

CVE-2026-6299 [CRITICAL] Stable Channel Update for Desktop: CVE-2026-6299 Stable Channel Update for Desktop CVE-2026-6299: Use after free in Prerender. Reported by Google on 2026-03-28 [TBD][ 497724498 ] Critical CVE-2026-6358: Use after free in XR Reported by Jihyeon Jeong (Compsec Lab, Seoul National University / Research Intern) on 2026-03-30 [TBD][ 490251701 ] High CVE-2026-6359: Use after free in Video Severity: critical

CVE-2026-6299 [HIGH] CWE-825 chromium-browser: Use after free in Prerender chromium-browser: Use after free in Prerender An use after free flaw was found in the Prerender component of the Chromium browser. Upstream bug(s): https://code.google.com/p/chromium/issues/detail?id=497053588 Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.

CVE-2026-6299 [HIGH] CVE-2026-6299 CVE-2026-6303 CVE-2026-6304 CVE-2026-6308 CVE-2026-6309 CVE-2026-6310 CVE-2026-6311 CVE-2026-6312 CVE-2026-6313 CVE-2026-6314 CVE-2026-6315 CVE-2026-6316 CVE-2026-6317 CVE-2026-6361 CVE- CVE-2026-6299 CVE-2026-6303 CVE-2026-6304 CVE-2026-6308 CVE-2026-6309 CVE-2026-6310 CVE-2026-6311 CVE-2026-6312 CVE-2026-6313 CVE-2026-6314 CVE-2026-6315 CVE-2026-6316 CVE-2026-6317 CVE-2026-6361 CVE-2026-6363 ... chromium: various flaws [fedora-all] Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.

CVE-2026-6299 [HIGH] CVE-2026-6299 CVE-2026-6303 CVE-2026-6304 CVE-2026-6308 CVE-2026-6309 CVE-2026-6310 CVE-2026-6311 CVE-2026-6312 CVE-2026-6313 CVE-2026-6314 CVE-2026-6315 CVE-2026-6316 CVE-2026-6317 CVE-2026-6361 CVE- CVE-2026-6299 CVE-2026-6303 CVE-2026-6304 CVE-2026-6308 CVE-2026-6309 CVE-2026-6310 CVE-2026-6311 CVE-2026-6312 CVE-2026-6313 CVE-2026-6314 CVE-2026-6315 CVE-2026-6316 CVE-2026-6317 CVE-2026-6361 CVE-2026-6363 ... chromium: various flaws [epel-all] Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.

CVE-2026-6299 [HIGH] CVE-2026-6299 Google Chrome: Chromium: Google Chrome and Chromium: Arbitrary code execution via a crafted HTML page CVE-2026-6299 Google Chrome: Chromium: Google Chrome and Chromium: Arbitrary code execution via a crafted HTML page Use after free in Prerender in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

CVE-2026-20184 ⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More Home Threat Intelligence Vulnerabilities Cyber Attacks Webinars Expert Insights Awards Webinars Awards Free eBooks About THN Jobs Advertise with us ## ⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More Monday’s recap shows the same pattern in different places. A third-party tool becomes a way in, then leads to internal access. A trusted download path is briefly swapped to deliver malware. Browser extensions act normally while pulling data and running code. Even update channels are used to push payloads. It’s not breaking systems—it’s bending trust. There’s also a shift in how attacks run. Slower check-ins, multi-stage payloads, andmore code kept in memory. Attackers lean on real tools and normal workflows instead of custom builds. Some cas