CVE-2026-4688: Sandbox escape due to use-after-free in
Disability Access APIs.
CVE-2026-4695: Incorrect boundary conditions in the
Audio/Video: Web Codecs component.
CVE-2026-4697: Incorrect boundary conditions in the
Audio/Video: Web Codecs component.
CVE-2026-4700: Mitigation bypass in the Networking: HTTP
component.
CVE-2026-4701: Use-after-free in the JavaScript Engine
component.
CVE-2026-4702: JIT miscompilation in the JavaScript Engine
component.
CVE-2026-4704: Denial-of-service in the WebRTC: Signaling
component.
CVE-2026-4705: Undefined behavior in the WebRTC: Signaling
component.
CVE-2026-4708: Incorrect boundary conditions in the Graphics
component.
CVE-2026-4710: Incorrect boundary conditions in the
Audio/Video component.
CVE-2026-4711: Use-after-free in the Widget: Cocoa
component.
CVE-2026-4712: Information disclosure in the Widget: Cocoa
component.
CVE-2026-4713: Incorrect boundary conditions in the Graphics
component.
CVE-2026-4714: Incorrect boundary conditions in the
Audio/Video component.
CVE-2026-4715: Uninitialized memory in the Graphics: Canvas2D
component.
CVE-2026-4716: Incorrect boundary conditions and
uninitialized memory in the JavaScript Engine.
CVE-2026-4717: Privilege escalation in the Netmonitor
component.
CVE-2026-4718: Undefined behavior in the WebRTC: Signaling
component.
CVE-2026-4719: Incorrect boundary conditions in the Graphics:
Text component.
CVE-2026-4720: Memory safety bugs