The first vulnerability, CVE-2026-4673, is a heap buffer overflow issue in WebAudio that earned the reporting researcher a $7,000 bug bounty reward. Google has yet to determine the bounty amount for CVE-2026-4677, another bug reported by the same researcher.
CVE-2026-3909 is an out-of-bounds write flaw in Skia, the graphics library Chrome uses to render web content and parts of its user interface. Memory corruption bugs like this can sometimes be abused by attackers to crash applications or run their own code if successfully exploited.
I do not want AI in my web browser. I just don't. I also don't want companies collecting information about me, or sponsored content and product integrations. All those bits make me want to pull my hair out. I like my privacy and want to browse, you know, the old-fashioned way. I do use AI (on occasion), but only locally-installed AI and only for specific purposes (such as learning Python or researching a topic when I don't want to use a standard search engine).
