Use-After-Free
Outlook CVE-2026-40361: Zero-Click Word RCE Resurrects BadWinmail's Enterprise-Killer Class
A use-after-free in a shared Office DLL lets a malicious message fire RCE through the Outlook Reading Pane and Explorer Preview Pane. Microsoft rates exploitation 'more likely.'
Chrome Zero-Day CVE-2026-5281: WebGPU Use-After-Free Under Active Exploitation
Google patches fourth Chrome zero-day of 2026 — a use-after-free in the Dawn WebGPU implementation that enables arbitrary code execution via crafted HTML pages.