CVE-2026-7341

Daily digests

A use-after-free in Chrome's WebRTC stack lets an attacker run arbitrary code inside the browser sandbox by getting a user to visit a malicious page. The sandbox limits the blast radius, but this still gives an attacker a foothold, and it pairs nicely with CVE-2026-7343 above for a full escape. CVSS 9.8, no known exploitation yet.

• Daily Digest · Apr 29, 2026

  Chrome sandbox escape + 4 critical 9.8s