"Google has released a Chrome security update addressing two high-severity vulnerabilities that could allow attackers to execute arbitrary code or cause browser crashes. The issues affect core browser components and may be triggered when users visit specially crafted websites. One of the vulnerabilities, CVE-2026-1861, allows "... a remote attacker to potentially exploit heap corruption via a crafted HTML page," NIST said in its reporting."
"The more serious issue, CVE-2026-1862, is a type confusion vulnerability in Chrome's V8 JavaScript and WebAssembly engine. Type confusion occurs when the engine incorrectly interprets the type of an object stored in memory - for example, treating a numeric value as a pointer. This misinterpretation can allow attackers to manipulate memory references, leading to out-of-bounds reads or writes. In practical terms, successful exploitation could enable arbitrary code execution within Chrome's sandboxed renderer process."
An update fixes two high-severity Chrome vulnerabilities that enable attackers to execute arbitrary code or crash the browser when users visit specially crafted websites. One vulnerability, CVE-2026-1861, permits potential heap corruption via a crafted HTML page. The more serious vulnerability, CVE-2026-1862, is a type confusion flaw in the V8 JavaScript and WebAssembly engine that can cause out-of-bounds reads or writes by misinterpreting object types. Successful exploitation could allow arbitrary code execution inside Chrome's sandboxed renderer process despite sandbox restrictions. Unpatched systems remain at meaningful risk from malicious web content.
Read at TechRepublic
Unable to calculate read time
Collection
[
|
...
]