Chromium publishes fixed exploit 4 years later, turns out it's actually unfixed
Summary
A security exploit in Chromium, thought to have been fixed four years ago, was found to actually remain unfixed, highlighting a significant oversight in the browser's security patching process.
Similar Articles
Google publishes exploit code threatening millions of Chromium users
Google published exploit code for an unfixed Chromium vulnerability that can turn browsers into a limited botnet, affecting Chrome, Edge, and other Chromium-based browsers. The vulnerability remains unpatched after 29 months.
Chrome team ships the most ever security vulnerability fixes in a release - after another record last month
Google Chrome fixed a record 429 security flaws in one update, with only a quarter coming from external researchers, aided by Mythos-capable models for automated vulnerability discovery and patching.
Patch Tuesday, April 2026 Edition
Microsoft's April 2026 Patch Tuesday fixes a record 167 vulnerabilities, including an actively exploited SharePoint zero-day and a publicly disclosed Windows Defender bug (BlueHammer), while Google Chrome and Adobe Reader also addressed zero-days.
Linux Compromises, Broken Embargoes, and the Shrinking Patch Window
A report on three serious Linux local privilege escalation vulnerabilities discovered in May 2026, highlighting breakdowns in the disclosure model and implications for production environments.
CVE-2026-40369: Arbitrary Kernel Address Increment via NtQuerySystemInformation
CVE-2026-40369 describes a vulnerability in Windows kernel's NtQuerySystemInformation function that allows arbitrary kernel address increment, enabling privilege escalation from unprivileged processes including Chrome sandbox. The exploit is deterministic on Windows 11 24H2-25H2.