newsThe portal itself — self-promo until real sponsors land
Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
25 results//sorted by published//last sync 2026-06-22 02:53Z
Subscribe to news →
CVE-2026-9886 — Use: after free in Base in Google Chrome on Mac prior to 148.0.7778.216 allowed
Use after free in Base in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) CVSSv3.1 9.6 (CRITICAL)
9.6
CVSS v3.1
98
Edit Score
CVE-2026-9885 — Insufficient validation of untrusted input in UI in Google Chrome on Mac prior to
Insufficient validation of untrusted input in UI in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) CVSSv3.1 8.3 (HIGH)
8.3
CVSS v3.1
92
Edit Score
CVE-2026-9884 — Use: after free in Browser in Google Chrome on Mac prior to 148.0.7778.216 allowed
Use after free in Browser in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical) CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-9883 — Use: after free in Base in Google Chrome prior to 148.0.7778.216 allowed a remote
Use after free in Base in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical) CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-9881 — Use: after free in Bluetooth in Google Chrome on Mac prior to 148.0.7778.216 allowed
Use after free in Bluetooth in Google Chrome on Mac prior to 148.0.7778.216 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. (Chromium security severity: Critical) CVSSv3.1 9.0 (CRITICAL)
9.0
CVSS v3.1
95
Edit Score
CVE-2026-9880 — Insufficient validation of untrusted input in WebGL in Google Chrome prior to 148.0.7778.216 allowed
Insufficient validation of untrusted input in WebGL in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) CVSSv3.1 8.3 (HIGH)
8.3
CVSS v3.1
92
Edit Score
CVE-2026-9879 — Out: of bounds write in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a
Out of bounds write in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical) CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-9878 — Use: after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote
Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Critical) CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-9877 — Google Chrome: Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote
Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) CVSSv3.1 8.3 (HIGH)
8.3
CVSS v3.1
92
Edit Score
CVE-2026-9876 — Use: after free in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed
Use after free in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) CVSSv3.1 9.6 (CRITICAL)
9.6
CVSS v3.1
98
Edit Score
CVE-2026-9875 — Out: of bounds read in WebGL in Google Chrome on Android prior to 148.0.7778.216
Out of bounds read in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) CVSSv3.1 9.6 (CRITICAL)
9.6
CVSS v3.1
98
Edit Score
CVE-2026-9874 — Use: after free in Dawn in Google Chrome prior to 148.0.7778.216 allowed a remote
Use after free in Dawn in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) CVSSv3.1 9.6 (CRITICAL)
9.6
CVSS v3.1
98
Edit Score
CVE-2026-9873 — Use: after free in Network in Google Chrome prior to 148.0.7778.216 allowed a remote
Use after free in Network in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Critical) CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-9872 — Out: of bounds write in GPU in Google Chrome on Android prior to 148.0.7778.216
Out of bounds write in GPU in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) CVSSv3.1 9.6 (CRITICAL)
9.6
CVSS v3.1
98
Edit Score
CVE-2026-8809 — Advanced: The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Privilege Escalation via
The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Privilege Escalation via Validation Bypass in all versions up to and including 0.9.2.5. The vulnerability exists due to the after_validate_save_post() function unconditionally trusting the attacker-controlled _acf_post_id POST parameter — with no authentication or integrity verification — to select a cleanup branch that silently discards all validation errors not prefixed with acfe:. This makes it poss CVSSv3.1 9.8 (CRITICAL)
9.8
CVSS v3.1
99
Edit Score
CVE-2026-10022 — Type: Confusion in V8 in Google Chrome prior to 148.0.7778.216 allowed an attacker who
Type Confusion in V8 in Google Chrome prior to 148.0.7778.216 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code inside a sandbox via a crafted Chrome Extension. (Chromium security severity: Medium) CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-10021 — Insufficient validation of untrusted input in USB in Google Chrome prior to 148.0.7778.216 allowed
Insufficient validation of untrusted input in USB in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Medium) CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-10020 — Insufficient validation of untrusted input in Skia in Google Chrome on Android prior to
Insufficient validation of untrusted input in Skia in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) CVSSv3.1 8.3 (HIGH)
8.3
CVSS v3.1
92
Edit Score
CVE-2026-10019 — Google Chrome: Integer overflow in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker
Integer overflow in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-10017 — Out: of bounds read in Headless in Google Chrome prior to 148.0.7778.216 allowed a
Out of bounds read in Headless in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) CVSSv3.1 8.3 (HIGH)
8.3
CVSS v3.1
92
Edit Score
CVE-2026-10016 — Use: after free in DOM in Google Chrome prior to 148.0.7778.216 allowed a remote
Use after free in DOM in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-10015 — Integer: overflow in WTF in Google Chrome prior to 148.0.7778.216 allowed a remote attacker
Integer overflow in WTF in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-10014 — Use: after free in WebMIDI in Google Chrome on Android prior to 148.0.7778.216 allowed
Use after free in WebMIDI in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) CVSSv3.1 8.3 (HIGH)
8.3
CVSS v3.1
92
Edit Score
CVE-2026-10013 — Use: after free in WebCodecs in Google Chrome prior to 148.0.7778.216 allowed a remote
Use after free in WebCodecs in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-10012 — Use: after free in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote
Use after free in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) CVSSv3.1 8.3 (HIGH)
8.3
CVSS v3.1
92
Edit Score