#cross-origin-bypass

#cross-origin-bypass

"Use-after-free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page."

The first vulnerability, CVE-2026-4673, is a heap buffer overflow issue in WebAudio that earned the reporting researcher a $7,000 bug bounty reward. Google has yet to determine the bounty amount for CVE-2026-4677, another bug reported by the same researcher.

The bypass requires neither privilege escalation nor code injection, making it a stealthier approach compared to alternative ABE bypass methods.

The vulnerability, tracked as CVE-2026-20643 (CVSS score: N/A), has been described as a cross-origin issue in WebKit's Navigation API that could be exploited to bypass the same-origin policy when processing maliciously crafted web content.

I do not want AI in my web browser. I just don't. I also don't want companies collecting information about me, or sponsored content and product integrations. All those bits make me want to pull my hair out. I like my privacy and want to browse, you know, the old-fashioned way. I do use AI (on occasion), but only locally-installed AI and only for specific purposes (such as learning Python or researching a topic when I don't want to use a standard search engine).

CVE-2026-3909 is an out-of-bounds write flaw in Skia, the graphics library Chrome uses to render web content and parts of its user interface. Memory corruption bugs like this can sometimes be abused by attackers to crash applications or run their own code if successfully exploited.

The tools were designed to intercept users' ChatGPT session authentication tokens and send them to a remote server, but they don't exploit ChatGPT vulnerabilities to do so. Instead, they inject a content script into chatgpt.com and execute it in the MAIN JavaScript world. The script monitors outbound requests initialized by the web application, to identify and extract authorization headers and send them to a second content script, which exfiltrates them to the remote server.

Google credits security researcher Shaheen Fazim with reporting the exploit to Google. The dude's LinkedIn says he's a professional bug hunter, and I'd say he deserves the highest possible bug bounty for finding something that a government agency is saying "in CSS in Google Chrome before 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page."

"The sample retains Shai-Hulud hallmarks and adds GitHub API exfiltration with DNS fallback, hook-based persistence, SSH propagation fallback, MCP server injection with embedded prompt injection targeting AI coding assistants, and LLM API Key harvesting," the company said. The packages, published to npm by two npm publisher aliases, official334 and javaorg, are listed below - Also identified are four sleeper packages that do not incorporate any malicious features -

Google on Tuesday announced the release of Chrome 145 to the stable channel with fixes for 11 vulnerabilities, including three high-severity bugs. First in line is CVE-2026-2313, a high-severity use-after-free issue in CSS that earned the reporting researchers an $8,000 bug bounty reward. The two other high-severity defects, tracked as CVE-2026-2314 and CVE-2026-2315, were found and reported by Google and are described as a heap buffer overflow in Codecs and an inappropriate implementation in WebGPU, respectively.

Gene Moody, field CTO at Action1, explained that, in this vulnerability, a browser frees an object, but later continues to use the stale reference memory location. Any attacker who can shape heap layout with controlled content can potentially replace the contents of that freed memory with data they control. Because this lives in the renderer, and is reachable through normal page content, he said, the trigger surface is almost absolute.

Researchers have discovered that a compromised npm publish token pushed an update for the widely-used Cline command line interface (CLI) containing a malicious postinstall script. That script installs the wildly popular, but increasingly condemned, agentic application OpenClaw on the unsuspecting user's machine. This can be extremely dangerous, as OpenClaw has broad system access and deep integrations with messaging platforms including WhatsApp, Telegram, Slack, Discord, iMessage, Teams, and others.