CVE-2026-7344: Use after free in Accessibility in Google Chrome on Windows prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to…

CVE-2026-7344 [HIGH] CWE-416 GHSA-fffh-qxqh-qv99: Use after free in Accessibility in Google Chrome on Windows prior to 147 Use after free in Accessibility in Google Chrome on Windows prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

CVE-2026-7344 [HIGH] CWE-825 chromium-browser: Use after free in Accessibility chromium-browser: Use after free in Accessibility An use after free flaw was found in the Accessibility component of the Chromium browser. Upstream bug(s): https://code.google.com/p/chromium/issues/detail?id=503419515 Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.

CVE-2026-7363 [CRITICAL] Stable Channel Update for Desktop: CVE-2026-7363 Stable Channel Update for Desktop CVE-2026-7363: Use after free in Canvas. Reported by heapracer on 2026-03-19 [TBD][ 493221953 ] Critical CVE-2026-7361: Use after free in iOS Reported by Google on 2026-03-16 [TBD][ 503419515 ] Critical CVE-2026-7344: Use after free in Accessibility Severity: critical

CVE-2026-46094 [MEDIUM] CVE-2026-46094 kernel: ext4: fix bounds check in check_xattrs() to prevent out-of-bounds access CVE-2026-46094 kernel: ext4: fix bounds check in check_xattrs() to prevent out-of-bounds access In the Linux kernel, the following vulnerability has been resolved: ext4: fix bounds check in check_xattrs() to prevent out-of-bounds access The bounds check for the next xattr entry in check_xattrs() uses (void *)next >= end, which allows next to point within sizeof(u32) bytes of end. On the next loop iteration, IS_LAST_ENTRY() reads 4 bytes via *(__u32 *)(entry), which can overrun the valid xattr region. For example, if next lands at end - 1, the check passes since next end, ensuring there is always enough space for the IS_LAST_ENTRY() read on the subsequent iteration. Discussion: Upstream advisory: https://lore.kernel.org/linux-cve-announce/2026052703-CVE-2026-46094-7344@gregkh/T

CVE-2026-7333 [CRITICAL] CVE-2026-7333 CVE-2026-7334 CVE-2026-7335 CVE-2026-7336 CVE-2026-7337 CVE-2026-7338 CVE-2026-7339 CVE-2026-7340 CVE-2026-7341 CVE-2026-7342 CVE-2026-7343 CVE-2026-7344 CVE-2026-7345 CVE-2026-7346 CVE- CVE-2026-7333 CVE-2026-7334 CVE-2026-7335 CVE-2026-7336 CVE-2026-7337 CVE-2026-7338 CVE-2026-7339 CVE-2026-7340 CVE-2026-7341 CVE-2026-7342 CVE-2026-7343 CVE-2026-7344 CVE-2026-7345 CVE-2026-7346 CVE-2026-7347 ... chromium: various flaws [epel-all] Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.

CVE-2026-7333 [CRITICAL] CVE-2026-7333 CVE-2026-7334 CVE-2026-7335 CVE-2026-7336 CVE-2026-7337 CVE-2026-7338 CVE-2026-7339 CVE-2026-7340 CVE-2026-7341 CVE-2026-7342 CVE-2026-7343 CVE-2026-7344 CVE-2026-7345 CVE-2026-7346 CVE- CVE-2026-7333 CVE-2026-7334 CVE-2026-7335 CVE-2026-7336 CVE-2026-7337 CVE-2026-7338 CVE-2026-7339 CVE-2026-7340 CVE-2026-7341 CVE-2026-7342 CVE-2026-7343 CVE-2026-7344 CVE-2026-7345 CVE-2026-7346 CVE-2026-7347 ... chromium: various flaws [fedora-all] Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.

CVE-2026-7344 [CRITICAL] CVE-2026-7344 chromium-browser: Use after free in Accessibility CVE-2026-7344 chromium-browser: Use after free in Accessibility Use after free in Accessibility in Google Chrome on Windows prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

CVE-2026-41940 [CRITICAL] ⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & More Home Threat Intelligence Vulnerabilities Cyber Attacks Webinars Expert Insights Awards Webinars Awards Free eBooks About THN Jobs Advertise with us ## ⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & More This week, the shadows moved faster than the patches. While most teams were still triaging last month’s alerts, attackers had already turned control panels into kill switches, kernels into open doors, and open-source pipelines into silent delivery systems. The game has shifted from breach to occupation. They’re living inside SaaS sessions, pushing code with trusted commits, and scaling operations like legitimate businesses — except their product is chaos. And the underground is getting uncomfortably professional. Here’s the full week