CVE-2026-7363: Use after free in Canvas in Google Chrome on Linux, ChromeOS prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a…

CVE-2026-4439 [HIGH] PAN-SA-2026-0007 Chromium and Prisma Browser: Monthly Vulnerability Update (May 2026) PAN-SA-2026-0007 Chromium and Prisma Browser: Monthly Vulnerability Update (May 2026) Palo Alto Networks incorporated the following Chromium security fixes into our products: https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop.html https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_28.html https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_22.html https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html CVE Summary CVE-2026-4439 Out of bounds memory access in WebGL CVE-2026-4440 Out of bounds read and write in WebGL CVE-2026-4441 Use after free in Base CVE-2026-4442 Heap buffer overflow in

CVE-2026-7363 [HIGH] CWE-825 chromium-browser: Use after free in Canvas chromium-browser: Use after free in Canvas An use after free flaw was found in the Canvas component of the Chromium browser. Upstream bug(s): https://code.google.com/p/chromium/issues/detail?id=494352590 Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.

CVE-2026-7363 [CRITICAL] Stable Channel Update for Desktop: CVE-2026-7363 Stable Channel Update for Desktop CVE-2026-7363: Use after free in Canvas. Reported by heapracer on 2026-03-19 [TBD][ 493221953 ] Critical CVE-2026-7361: Use after free in iOS Reported by Google on 2026-03-16 [TBD][ 503419515 ] Critical CVE-2026-7344: Use after free in Accessibility Severity: critical

CVE-2026-7363 [HIGH] CWE-416 GHSA-pfrh-cqrm-8c83: Use after free in Canvas in Google Chrome on Linux, ChromeOS prior to 147 Use after free in Canvas in Google Chrome on Linux, ChromeOS prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Critical)

CVE-2026-7363 [CRITICAL] CVE-2026-7363 chromium-browser: Use after free in Canvas CVE-2026-7363 chromium-browser: Use after free in Canvas Use after free in Canvas in Google Chrome on Linux, ChromeOS prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Critical)

CVE-2026-41940 [CRITICAL] ⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & More Home Threat Intelligence Vulnerabilities Cyber Attacks Webinars Expert Insights Awards Webinars Awards Free eBooks About THN Jobs Advertise with us ## ⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & More This week, the shadows moved faster than the patches. While most teams were still triaging last month’s alerts, attackers had already turned control panels into kill switches, kernels into open doors, and open-source pipelines into silent delivery systems. The game has shifted from breach to occupation. They’re living inside SaaS sessions, pushing code with trusted commits, and scaling operations like legitimate businesses — except their product is chaos. And the underground is getting uncomfortably professional. Here’s the full week