I guess I could use --min-release-age with npm install. Only install dependencies that are at least a year old. π
I dunno if any supply-chain attacks have persisted longer than that. I hope notβ¦
All these supply-chain attacks in npm are making me awfully nervous.
I need to use Sass and PostCSS in a project, and I think I'm going to copy an old package-lock.json from another project that uses them.
That's not a long-term solution, thoughβ¦
And I'm worried the same thing is going to happen to crates.io at some point. π¬
π CVE-2026-11279 - High (8.8)
Out of bounds read in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)
π https://www.thehackerwire.com/vulnerability/CVE-2026-11279/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
π CVE-2026-11296 - High (7.5)
Inappropriate implementation in ImageCapture in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low)
π https://www.thehackerwire.com/vulnerability/CVE-2026-11296/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
π CVE-2026-11307 - High (8.8)
Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: Low)
π https://www.thehackerwire.com/vulnerability/CVE-2026-11307/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
π CVE-2026-11306 - High (8.8)
Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: Low)
π https://www.thehackerwire.com/vulnerability/CVE-2026-11306/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
π CVE-2026-11305 - High (8.8)
Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: Low)
π https://www.thehackerwire.com/vulnerability/CVE-2026-11305/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
π CVE-2026-11303 - High (8.8)
Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: Low)
π https://www.thehackerwire.com/vulnerability/CVE-2026-11303/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
ARGVMI~1.PIF
urlDNA.io 
TheHackerWire
OffSequence