Overview
Google Chrome has published security fixes addressing 18 vulnerabilities with some rated as critical severity. Successful exploitation could allow a remote attacker to compromise the browser through crafted web content, potentially leading to sandbox escape, arbitrary code execution, data exposure, browser crashes, or misuse of sensitive browser functionality, depending on the vulnerability exploited.
- CVE-2026-13028: Use-After-Free Vulnerability (CVSSv3 9.6)
- CVE-2026-13032: Use-After-Free Vulnerability (CVSSv3 9.6)
- CVE-2026-13036: Use-After-Free Vulnerability (CVSSv3 8.8)
Affected Versions: < 149.0.7827.197
Ubiquiti has released a security advisory addressing multiple critical vulnerabilities, some of which have been exploited in the wild, affecting a range of UniFi OS devices including network gateways, cloud keys, and storage appliances. Successful exploitation of these vulnerabilities could allow an attacker with network access to execute commands, modify system configurations, or access sensitive files. Some do not require authentication or user interaction for exploitation.
- CVE-2026-33000: Improper Input Validation Vulnerability (CVSSv3 9.1)
- CVE-2026-34908: Improper Access Control – Generic Vulnerability (CVSSv3 10.0)
- CVE-2026-34909: Path Traversal Vulnerability (CVSSv3 10.0)
- CVE-2026-34910: Improper Input Validation Vulnerability (CVSSv3 10.0)
- CVE-2026-34911: Path Traversal Vulnerability (CVSSv3 7.7)
Affected Versions: Please see vendor advisory in recommended action.
Curl has released a security advisory addressing multiple vulnerabilities in curl/libcurl. While none are rated high or of critical severity, curl is a widely used data transfer library and command-line tool which is often embedded within other software. Successful exploitation could allow credential or authentication-state leakage, incorrect reuse of trusted connections, exposure of sensitive request data, memory corruption, or denial of service.
- CVE-2026-11856: Cross-Origin Digest Auth State Leak (CVSS TBD – Curl Severity: Medium). Affected Versions: 7.10.6 <= 8.20.0
- CVE-2026-8927: Env-Set Cross-Proxy Digest Auth State Leak (CVSS TBD – Curl Severity: Medium). Affected Versions: 7.12.0 <= 8.20.0
- CVE-2026-8925: SASL Double-Free (CVSS TBD – Curl Severity: Medium). Affected Versions: 8.15.0 <= 8.20.0
- CVE-2026-9079: Stale Proxy Password Leak (CVSS TBD – Curl Severity: Medium). Affected Versions: 8.8.0 <= 8.20.0
Recommended Action
Organisations are encouraged to review the appropriate security advisory pages and apply the updates:
Google Chrome – Chrome Releases: Stable Channel Update for Desktop
Ubiquiti – Security Advisory Bulletin 064 | Ubiquiti Community
Curl – curl - CVEs
If you have any concerns, or have been affected by a cyber-related issue, report it to us by submitting a Cyber Concerns Online Reporting Form.