CVE-2026-9126

Daily digests

A use-after-free bug in Chrome's DOM engine lets an attacker run code inside the browser sandbox if a user visits a malicious page. The attack requires user interaction (visiting a crafted page), and code execution is sandboxed, which limits the blast radius. Still, sandbox escapes get chained regularly, so don't sit on this one.

• Daily Digest · May 21, 2026

  Cisco Secure Workload CVSS 10, no auth needed