Medium severity5.3NVD Advisory· Published May 6, 2026· Updated May 7, 2026
CVE-2026-8020
CVE-2026-8020
Description
Uninitialized Use in GPU in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low)
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop.htmlnvdVendor AdvisoryRelease Notes
- issues.chromium.org/issues/498382925nvdPermissions Required
News mentions
50- PoC Code Published for Critical NGINX VulnerabilitySecurityWeek · May 16, 2026
- In Other News: Big Tech vs Canada Encryption Bill, Cisco’s Free AI Security Spec, Audi App FlawsSecurityWeek · May 15, 2026
- Microsoft backpedals: Edge to stop loading passwords into memoryBleepingComputer · May 15, 2026
- Chrome 148 Update Patches Critical VulnerabilitiesSecurityWeek · May 15, 2026
- Iranian hackers targeted major South Korean electronics makerBleepingComputer · May 13, 2026
- Microsoft, Palo Alto Networks Find Many Vulnerabilities by Using AI on Their Own CodeSecurityWeek · May 13, 2026
- Browser Run: now running on Cloudflare Containers, it’s faster and more scalableCloudflare Blog · May 13, 2026
- Microsoft on pace to break annual vulnerability record as AI-driven patch wave takes holdThe Record · May 13, 2026
- Android Adds Intrusion Logging for Sophisticated Spyware ForensicsThe Hacker News · May 13, 2026
- Risky Business #837 -- GitHub Actions footgun claims TanStackRisky Business · May 13, 2026
- Android pushes new scam, theft, and AI protections in 2026 update waveHelp Net Security · May 13, 2026
- Patch Tuesday - May 2026Rapid7 Blog · May 13, 2026
- Patch Tuesday, May 2026 EditionKrebs on Security · May 12, 2026
- Microsoft May 2026 Patch Tuesday, (Tue, May 12th)SANS Internet Storm Center · May 12, 2026
- Microsoft’s May 2026 Patch Tuesday Addresses 118 CVEs (CVE-2026-41103)Tenable Blog · May 12, 2026
- Android 17 to expand banking scam call and privacy protectionsBleepingComputer · May 12, 2026
- Adobe Patches 52 Vulnerabilities in 10 ProductsSecurityWeek · May 12, 2026
- FCC Softens Ban on Foreign-Made RoutersDark Reading · May 11, 2026
- Cookie thieves caught stealing dev secrets via fake Claude Code installersThe Register Security · May 11, 2026
- Google Detects First AI-Generated Zero-Day ExploitSecurityWeek · May 11, 2026
- 11th May – Threat Intelligence ReportCheck Point Research · May 11, 2026
- ⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and MoreThe Hacker News · May 11, 2026
- A week in security (May 4 – May 10)Malwarebytes Labs · May 11, 2026
- Week in review: cPanel vulnerability actively exploited, DigiCert breach, LinkedIn job scamsHelp Net Security · May 10, 2026
- TCLBANKER Banking Trojan Targets Financial Platforms via WhatsApp and Outlook WormsThe Hacker News · May 8, 2026
- Microsoft says Edge’s plaintext password behavior is “by design”Malwarebytes Labs · May 8, 2026
- Vulnerability in Claude Extension for Chrome Exposes AI Agent to TakeoverSecurityWeek · May 8, 2026
- ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New StoriesThe Hacker News · May 7, 2026
- VoidStealer Malware Darts Past Google Chrome's EncryptionDark Reading · May 6, 2026
- Google Chrome’s silent 4GB AI download problem [updated]Malwarebytes Labs · May 6, 2026
- Attackers Actively Exploiting Critical Vulnerability in Breeze Cache PluginWordfence Blog · May 5, 2026
- Microsoft Edge Stores Passwords in Process Memory, Posing Enterprise RiskDark Reading · May 5, 2026
- Cleartext Passwords in MS Edge? In 2026?, (Mon, May 4th)SANS Internet Storm Center · May 5, 2026
- Google to pay up to $1.5 million for zero-click Pixel Titan M exploitsHelp Net Security · May 5, 2026
- SSL.com rotates their root certificate today, (Tue, May 5th)SANS Internet Storm Center · May 5, 2026
- Google now offers up to $1.5 million for some Android exploitsBleepingComputer · May 5, 2026
- CloudZ RAT potentially steals OTP messages using Pheno pluginCisco Talos Intelligence · May 5, 2026
- Backdoored PyTorch Lightning package drops credential stealerBleepingComputer · May 4, 2026
- Silver Fox Springs Tax-Themed Attacks on Orgs in India, RussiaDark Reading · May 4, 2026
- ⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & MoreThe Hacker News · May 4, 2026
- 2026: The Year of AI-Assisted AttacksThe Hacker News · May 4, 2026
- In Other News: Scattered Spider Hacker Arrested, SOC Effectiveness Metrics, NSA Tool VulnerabilitySecurityWeek · May 1, 2026
- Google Adjusts Bug Bounties: Chrome Payouts Drop as Android Rewards Rise Amid AI SurgeSecurityWeek · May 1, 2026
- Sophisticated Deep#Door Backdoor Enables Espionage, DisruptionSecurityWeek · May 1, 2026
- Open-source privacy proxy masks PII before prompts reach external AI servicesHelp Net Security · May 1, 2026
- New Python Backdoor Uses Tunneling Service to Steal Browser and Cloud CredentialsThe Hacker News · Apr 30, 2026
- SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain AttackThe Hacker News · Apr 29, 2026
- Today's Odd Web Requests, (Wed, Apr 29th)SANS Internet Storm Center · Apr 29, 2026
- Vidar Rises to Top of Chaotic Infostealer MarketDark Reading · Apr 28, 2026
- Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer CampaignThe Hacker News · Apr 28, 2026