10 articles
Between 12 April and 16 May 2026, ZCyberNews published 14 articles under the Google tag, covering a global impact across technology, creators, enterprise software, and media sectors. The coverage included vulnerabilities CVE-2026-8550 and CVE-2026-8556, both with a CVSS score of 6.5, alongside CVE-2026-8541 and CVE-2026-8543 at 5.3, and CVE-2026-8566 at 3. The severity mix comprised six high, two critical, five informational, and one medium severity report.
HIGHChrome 148.0.7778.168 Patches Two High-Severity OOB Read Flaws
Google Chrome 148.0.7778.168 fixes CVE-2026-8543 and CVE-2026-8541 — two high-severity out-of-bounds read vulnerabilities in FileSystem and UI components on Mac and all platforms.
HIGHChrome 148 Patches AI Site Isolation Bypass, Android Payment Flaw
CVE-2026-8568 (CVSS 3.1) lets attackers bypass Chrome Site Isolation via AI features after renderer compromise; CVE-2026-8566 (CVSS 4.3) targets Android Payments.
HIGHChrome 148 Patches ANGLE Data Leak, Google Lens UAF
Google fixed CVE-2026-8556 (ANGLE cross-origin leak) and CVE-2026-8550 (Google Lens use-after-free) in Chrome 148.0.7778.168 for Windows. Both flaws require a compromised renderer.
CRITICALChrome 148 Patches 79 Flaws, 14 Critical Including Heap Overflow
Google's Chrome 148 update fixes 79 vulnerabilities, 14 critical — including heap buffer overflow CVE-2026-8509 ($43K bounty) and integer overflow CVE-2026-8510 in Skia ($25K...
CRITICALChrome 148 Patches 127 Flaws, Three Critical Use-After-Free Bugs
Google's Chrome 148 fixes 127 vulnerabilities including three critical-severity bugs (CVE-2026-7896, CVE-2026-7897, CVE-2026-7898) — integer overflow in Blink and use-after-free...
MEDIUMGoogle: AI Prompt Injection Attacks Rising, Still Low-Sophistication
Google reports a rise in malicious AI prompt injection attacks, but most remain low-sophistication and harmless. Indirect injection attempts target LLM-integrated apps.
HIGHFake Google Antigravity Installer Steals Accounts via Trojanized AI Tool
Malwarebytes reports a trojanized installer for Google's Antigravity AI tool steals browser cookies and account credentials within minutes, targeting users seeking the leaked software.
INFORMATIONALGoogle Tightens Android 17 Privacy Rules, Blocks 8.3 Billion Ads in 2025
Google announced new Android 17 privacy policies restricting contact and location data access, while its 2025 ad safety report details the blocking of 8.3 billion policy-violating ads and 24.9 million advertiser account suspensions.
HIGHFake YouTube Copyright Notices Steal Google Credentials via Phishing
YouTube creators are targeted by a sophisticated phishing campaign using fake copyright infringement notices to steal Google account credentials, enabling channel takeover and broader account compromise.
HIGHMalicious Chrome Extensions Hijack OAuth Tokens, Deploy Backdoors
Over 100 malicious extensions in the official Chrome Web Store are stealing Google OAuth2 tokens, deploying backdoors, and committing ad fraud, impacting millions of users.
Stay Updated
Get the latest cybersecurity news delivered to your inbox.