CVE-2026-6358: Use after free in XR in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML…

CVE-2026-6358 [HIGH] CWE-125 chromium-browser: Use after free in XR chromium-browser: Use after free in XR An use after free flaw was found in the XR component of the Chromium browser. Upstream bug(s): https://code.google.com/p/chromium/issues/detail?id=497724498 Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.

CVE-2026-6299 [CRITICAL] Stable Channel Update for Desktop: CVE-2026-6299 Stable Channel Update for Desktop CVE-2026-6299: Use after free in Prerender. Reported by Google on 2026-03-28 [TBD][ 497724498 ] Critical CVE-2026-6358: Use after free in XR Reported by Jihyeon Jeong (Compsec Lab, Seoul National University / Research Intern) on 2026-03-30 [TBD][ 490251701 ] High CVE-2026-6359: Use after free in Video Severity: critical

CVE-2026-6358 [HIGH] CWE-416 GHSA-gjmf-r9m5-967q: Use after free in XR in Google Chrome on Android prior to 147 Use after free in XR in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Critical)

CVE-2026-6358 [HIGH] CVE-2026-6358 chromium-browser: Use after free in XR CVE-2026-6358 chromium-browser: Use after free in XR Use after free in XR in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Critical)

CVE-2026-6296 [CRITICAL] CVE-2026-6296 CVE-2026-6297 CVE-2026-6298 CVE-2026-6300 CVE-2026-6301 CVE-2026-6302 CVE-2026-6305 CVE-2026-6306 CVE-2026-6307 CVE-2026-6318 CVE-2026-6319 CVE-2026-6358 CVE-2026-6359 CVE-2026-6360 CVE- CVE-2026-6296 CVE-2026-6297 CVE-2026-6298 CVE-2026-6300 CVE-2026-6301 CVE-2026-6302 CVE-2026-6305 CVE-2026-6306 CVE-2026-6307 CVE-2026-6318 CVE-2026-6319 CVE-2026-6358 CVE-2026-6359 CVE-2026-6360 CVE-2026-6362 chromium: various flaws [epel-all] Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.

CVE-2026-6296 [CRITICAL] CVE-2026-6296 CVE-2026-6297 CVE-2026-6298 CVE-2026-6300 CVE-2026-6301 CVE-2026-6302 CVE-2026-6305 CVE-2026-6306 CVE-2026-6307 CVE-2026-6318 CVE-2026-6319 CVE-2026-6358 CVE-2026-6359 CVE-2026-6360 CVE- CVE-2026-6296 CVE-2026-6297 CVE-2026-6298 CVE-2026-6300 CVE-2026-6301 CVE-2026-6302 CVE-2026-6305 CVE-2026-6306 CVE-2026-6307 CVE-2026-6318 CVE-2026-6319 CVE-2026-6358 CVE-2026-6359 CVE-2026-6360 CVE-2026-6362 chromium: various flaws [fedora-all] Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.

CVE-2026-20184 ⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More Home Threat Intelligence Vulnerabilities Cyber Attacks Webinars Expert Insights Awards Webinars Awards Free eBooks About THN Jobs Advertise with us ## ⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More Monday’s recap shows the same pattern in different places. A third-party tool becomes a way in, then leads to internal access. A trusted download path is briefly swapped to deliver malware. Browser extensions act normally while pulling data and running code. Even update channels are used to push payloads. It’s not breaking systems—it’s bending trust. There’s also a shift in how attacks run. Slower check-ins, multi-stage payloads, andmore code kept in memory. Attackers lean on real tools and normal workflows instead of custom builds. Some cas