Chromium: CVE-2026-9123 Heap buffer overflow in Chromecast (CVE-2026-9124)
activeVendor advisoryCVE-2026-9124
Information published.
May 21, 2026, 11:43 PMOfficial source
Vendor watch hub
What this page covers
The Microsoftwatch hub is a vendor-specific view inside ITECS MSP Threat Radar. We pull the latest security advisories, incidents, and known-exploited CVEs directly from the official feeds below, score each one for MSP relevance, and surface what's most likely to need attention this week.
- Confirm whether recent Microsoft activity overlaps with your environment.
- Prioritize advisories by MSP-relevance score, severity, and status.
- Turn the signal into an assessment, briefing, or managed-service engagement with ITECS.
At a glance
Tracked
2196
Active
1390
Featured
1447
Unique CVEs
20
Most recent entry
May 21, 2026, 11:43 PM
Feed refreshes daily · 5:15 a.m. Central
Sources·Microsoft Security Update Guide (MSRC), CISA KEV, and NVD
"Most recent entry" is the newest item the upstream feed has published — not our sync time.
Watch items
Recent Microsoft watch items
Showing the 20 most recent items, newest first. Each row links to the official advisory.
20 rows · sorted newest first
Operations viewChromium: CVE-2026-9122 Out of bounds read in GPU (CVE-2026-9123)
activeVendor advisoryCVE-2026-9123
Information published.
May 21, 2026, 11:43 PMOfficial source
Chromium: CVE-2026-9121 Out of bounds read in GPU (CVE-2026-9122)
activeVendor advisoryCVE-2026-9122
Information published.
May 21, 2026, 11:43 PMOfficial source
Chromium: CVE-2026-9126 Use after free in DOM (CVE-2026-9121)
activeVendor advisoryCVE-2026-9121
Information published.
May 21, 2026, 11:43 PMOfficial source
Chromium: CVE-2026-9124 Insufficient validation of untrusted input in Input (CVE-2026-9126)
activeVendor advisoryCVE-2026-9126
Information published.
May 21, 2026, 11:43 PMOfficial source
Chromium: CVE-2026-9120 Use after free in WebRTC (CVE-2026-9120)
activeVendor advisoryCVE-2026-9120
Information published.
May 21, 2026, 11:43 PMOfficial source
Chromium: CVE-2026-9119 Heap buffer overflow in WebRTC (CVE-2026-9119)
activeVendor advisoryCVE-2026-9119
Information published.
May 21, 2026, 11:43 PMOfficial source
Chromium: CVE-2026-9118 Use after free in XR (CVE-2026-9118)
activeVendor advisoryCVE-2026-9118
Information published.
May 21, 2026, 11:43 PMOfficial source
Chromium: CVE-2026-9117 Type Confusion in GFX (CVE-2026-9117)
activeVendor advisoryCVE-2026-9117
Information published.
May 21, 2026, 11:43 PMOfficial source
Chromium: CVE-2026-9116 Insufficient policy enforcement in ServiceWorker (CVE-2026-9116)
activeVendor advisoryCVE-2026-9116
Information published.
May 21, 2026, 11:43 PMOfficial source
Chromium: CVE-2026-9115 Insufficient policy enforcement in Service Worker (CVE-2026-9115)
activeVendor advisoryCVE-2026-9115
Information published.
May 21, 2026, 11:43 PMOfficial source
Chromium: CVE-2026-9114 Use after free in QUIC (CVE-2026-9114)
activeVendor advisoryCVE-2026-9114
Information published.
May 21, 2026, 11:43 PMOfficial source
Chromium: CVE-2026-9113 Out of bounds read in GPU (CVE-2026-9113)
activeVendor advisoryCVE-2026-9113
Information published.
May 21, 2026, 11:43 PMOfficial source
Chromium: CVE-2026-9112 Use after free in GPU (CVE-2026-9112)
activeVendor advisoryCVE-2026-9112
Information published.
May 21, 2026, 11:43 PMOfficial source
Chromium: CVE-2026-9110 Inappropriate implementation in UI (CVE-2026-9110)
activeVendor advisoryCVE-2026-9110
Information published.
May 21, 2026, 11:43 PMOfficial source
Chromium: CVE-2026-9111 Use after free in WebRTC (CVE-2026-9111)
activeVendor advisoryCVE-2026-9111
Information published.
May 21, 2026, 11:43 PMOfficial source
Chromium: CVE-2026-8522 Use after free in Downloads (CVE-2026-8522)
activeVendor advisoryCVE-2026-8522
Information published.
May 21, 2026, 9:00 AMOfficial source
Chromium: CVE-2026-8521 Use after free in Tab Groups (CVE-2026-8521)
activeVendor advisoryCVE-2026-8521
Information published.
May 21, 2026, 9:00 AMOfficial source
Chromium: CVE-2026-8520 Race in Payments (CVE-2026-8520)
activeVendor advisoryCVE-2026-8520
Information published.
May 21, 2026, 9:00 AMOfficial source
Microsoft SharePoint Remote Code Execution Vulnerability (CVE-2026-45659)
highactiveVendor advisoryCVE-2026-45659
Information published.
May 21, 2026, 9:00 AMOfficial source
| Alert | Exposure | Status | Published | Source |
|---|---|---|---|---|
Chromium: CVE-2026-9123 Heap buffer overflow in Chromecast (CVE-2026-9124)Information published. Microsoft Edge (Chromium-based) | CVE-2026-9124 Elevated | active | May 21, 2026, 11:43 PM | Vendor advisoryOpen source |
Chromium: CVE-2026-9122 Out of bounds read in GPU (CVE-2026-9123)Information published. Microsoft Edge (Chromium-based) | CVE-2026-9123 Elevated | active | May 21, 2026, 11:43 PM | Vendor advisoryOpen source |
Chromium: CVE-2026-9121 Out of bounds read in GPU (CVE-2026-9122)Information published. Microsoft Edge (Chromium-based) | CVE-2026-9122 Elevated | active | May 21, 2026, 11:43 PM | Vendor advisoryOpen source |
Chromium: CVE-2026-9126 Use after free in DOM (CVE-2026-9121)Information published. Microsoft Edge (Chromium-based) | CVE-2026-9121 Elevated | active | May 21, 2026, 11:43 PM | Vendor advisoryOpen source |
Chromium: CVE-2026-9124 Insufficient validation of untrusted input in Input (CVE-2026-9126)Information published. Microsoft Edge (Chromium-based) | CVE-2026-9126 Elevated | active | May 21, 2026, 11:43 PM | Vendor advisoryOpen source |
Chromium: CVE-2026-9120 Use after free in WebRTC (CVE-2026-9120)Information published. Microsoft Edge (Chromium-based) | CVE-2026-9120 Elevated | active | May 21, 2026, 11:43 PM | Vendor advisoryOpen source |
Chromium: CVE-2026-9119 Heap buffer overflow in WebRTC (CVE-2026-9119)Information published. Microsoft Edge (Chromium-based) | CVE-2026-9119 Elevated | active | May 21, 2026, 11:43 PM | Vendor advisoryOpen source |
Chromium: CVE-2026-9118 Use after free in XR (CVE-2026-9118)Information published. Microsoft Edge (Chromium-based) | CVE-2026-9118 Elevated | active | May 21, 2026, 11:43 PM | Vendor advisoryOpen source |
Chromium: CVE-2026-9117 Type Confusion in GFX (CVE-2026-9117)Information published. Microsoft Edge (Chromium-based) | CVE-2026-9117 Elevated | active | May 21, 2026, 11:43 PM | Vendor advisoryOpen source |
Chromium: CVE-2026-9116 Insufficient policy enforcement in ServiceWorker (CVE-2026-9116)Information published. Microsoft Edge (Chromium-based) | CVE-2026-9116 Elevated | active | May 21, 2026, 11:43 PM | Vendor advisoryOpen source |
Chromium: CVE-2026-9115 Insufficient policy enforcement in Service Worker (CVE-2026-9115)Information published. Microsoft Edge (Chromium-based) | CVE-2026-9115 Elevated | active | May 21, 2026, 11:43 PM | Vendor advisoryOpen source |
Chromium: CVE-2026-9114 Use after free in QUIC (CVE-2026-9114)Information published. Microsoft Edge (Chromium-based) | CVE-2026-9114 Elevated | active | May 21, 2026, 11:43 PM | Vendor advisoryOpen source |
Chromium: CVE-2026-9113 Out of bounds read in GPU (CVE-2026-9113)Information published. Microsoft Edge (Chromium-based) | CVE-2026-9113 Elevated | active | May 21, 2026, 11:43 PM | Vendor advisoryOpen source |
Chromium: CVE-2026-9112 Use after free in GPU (CVE-2026-9112)Information published. Microsoft Edge (Chromium-based) | CVE-2026-9112 Elevated | active | May 21, 2026, 11:43 PM | Vendor advisoryOpen source |
Chromium: CVE-2026-9110 Inappropriate implementation in UI (CVE-2026-9110)Information published. Microsoft Edge (Chromium-based) | CVE-2026-9110 Elevated | active | May 21, 2026, 11:43 PM | Vendor advisoryOpen source |
Chromium: CVE-2026-9111 Use after free in WebRTC (CVE-2026-9111)Information published. Microsoft Edge (Chromium-based) | CVE-2026-9111 Elevated | active | May 21, 2026, 11:43 PM | Vendor advisoryOpen source |
Chromium: CVE-2026-8522 Use after free in Downloads (CVE-2026-8522)Information published. Microsoft Edge (Chromium-based) | CVE-2026-8522 Elevated | active | May 21, 2026, 9:00 AM | Vendor advisoryOpen source |
Chromium: CVE-2026-8521 Use after free in Tab Groups (CVE-2026-8521)Information published. Microsoft Edge (Chromium-based) | CVE-2026-8521 Elevated | active | May 21, 2026, 9:00 AM | Vendor advisoryOpen source |
Chromium: CVE-2026-8520 Race in Payments (CVE-2026-8520)Information published. Microsoft Edge (Chromium-based) | CVE-2026-8520 Elevated | active | May 21, 2026, 9:00 AM | Vendor advisoryOpen source |
Microsoft SharePoint Remote Code Execution Vulnerability (CVE-2026-45659)Information published. Microsoft Office SharePoint | highCVE-2026-45659 High | active | May 21, 2026, 9:00 AM | Vendor advisoryOpen source |
ITECS response pathways
Turn the Microsoft watch feed into an action plan
These pathways connect the vendor watch feed into service-owner resources that already carry commercial authority.
Microsoft 365 consulting
Use the microsoft 365 consulting pathway when this vendor alert needs an ITECS-managed response plan.
Cybersecurity services
Connect the vendor watch page to broader managed detection, response, and governance planning.
Cybersecurity assessment
Translate current watch items into a faster risk snapshot and prioritized remediation plan.
Threat Radar hub
Return to the hub for cross-vendor prioritization, live filtering, and broader MSP threat context.
Vendor watch FAQ
Common questions
What is the Microsoft threat watch page?
It is the Microsoft-specific view inside ITECS Threat Radar, built to track recent advisories, incidents, and watch items that may affect Dallas-area business operations.
How should teams use the Microsoft watch page?
Use it to confirm whether current Microsoft issues overlap with your environment, prioritize remediation, and decide whether you need an assessment, managed security follow-through, or vendor-specific hardening work.
Can ITECS help respond to Microsoft security issues?
Yes. ITECS can help map Microsoft advisories against your systems, validate affected services, prioritize remediation, and connect the issue to broader managed cybersecurity or managed IT workflows.