4.3

CVSS3.1

CVE-2026-7979 -

Inappropriate implementation in Media in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

📅 Published: May 6, 2026, 6:12 p.m. 🔄 Last Modified: May 7, 2026, 1 a.m.

8.1

CVSS3.1

CVE-2026-7978 - Privilege Escalation via Improper Implementation in Chrome Companion on macOS

Inappropriate implementation in Companion in Google Chrome on Mac prior to 148.0.7778.96 allowed a remote attacker to perform OS-level privilege escalation via malicious network traffic. (Chromium security severity: Medium)

📅 Published: May 6, 2026, 6:12 p.m. 🔄 Last Modified: May 7, 2026, 3:15 a.m.

6.3

CVSS3.1

CVE-2026-7977 - Chrome Canvas Same‑Origin Policy Bypass via Crafted HTML

Inappropriate implementation in Canvas in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)

📅 Published: May 6, 2026, 6:12 p.m. 🔄 Last Modified: May 7, 2026, 4 a.m.

7.5

CVSS3.1

CVE-2026-7976 -

Use after free in Views in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Medium)

📅 Published: May 6, 2026, 6:12 p.m. 🔄 Last Modified: May 7, 2026, 2:45 a.m.

8.3

CVSS3.1

CVE-2026-7975 -

Use after free in DevTools in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

📅 Published: May 6, 2026, 6:12 p.m. 🔄 Last Modified: May 7, 2026, 12:45 a.m.

8.8

CVSS3.1

CVE-2026-7974 -

Use after free in Blink in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

📅 Published: May 6, 2026, 6:12 p.m. 🔄 Last Modified: May 7, 2026, 1:15 a.m.

8.8

CVSS3.1

CVE-2026-7973 -

Integer overflow in Dawn in Google Chrome on Windows prior to 148.0.7778.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

📅 Published: May 6, 2026, 6:12 p.m. 🔄 Last Modified: May 7, 2026, 12:15 a.m.

4.3

CVSS3.1

CVE-2026-7972 -

Uninitialized Use in GPU in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

📅 Published: May 6, 2026, 6:12 p.m. 🔄 Last Modified: May 7, 2026, 2:01 a.m.

6.3

CVSS3.1

CVE-2026-7971 -

Inappropriate implementation in ORB in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium)

📅 Published: May 6, 2026, 6:12 p.m. 🔄 Last Modified: May 7, 2026, 2:01 a.m.

8.3

CVSS3.1

CVE-2026-7970 -

Use after free in TopChrome in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

📅 Published: May 6, 2026, 6:12 p.m. 🔄 Last Modified: May 7, 2026, 2:01 a.m.

Vulnerability Database Index

4.3

CVE-2026-7979 -

8.1

CVE-2026-7978 - Privilege Escalation via Improper Implementation in Chrome Companion on macOS

6.3

CVE-2026-7977 - Chrome Canvas Same‑Origin Policy Bypass via Crafted HTML

7.5

CVE-2026-7976 -

8.3

CVE-2026-7975 -

8.8

CVE-2026-7974 -

8.8

CVE-2026-7973 -

4.3

CVE-2026-7972 -

6.3

CVE-2026-7971 -

8.3

CVE-2026-7970 -