Short answer
Microsoft documents CVE-2025-10891 in its Security Update Guide because the vulnerability is in Chromium (the open‑source engine) that Microsoft Edge (Chromium‑based) consumes — the entry tells customers “this issue existed in Chromium and has been addressed in the Edge builds that...
Google’s September stable update for Chrome closed a notable Use‑After‑Free (UAF) in the Dawn WebGPU implementation — tracked as CVE‑2025‑10500 — alongside several other high‑severity graphics and engine fixes; Windows users and administrators running Microsoft Edge (Chromium‑based) should treat...
Google pushed an emergency Chrome update to address CVE-2025-10585, a type confusion vulnerability in the V8 JavaScript engine that Google says is being actively exploited in the wild — and because Microsoft Edge is Chromium-based, Windows users and enterprises must confirm their Edge builds...
Chromium developers have closed a high‑severity upstream bug — tracked as CVE‑2025‑10201 — that the Chromium project describes as an “inappropriate implementation in Mojo” which could be abused, via a crafted HTML page, to bypass Chrome’s site‑isolation protections on Android, Linux and...
Google’s Chrome is quietly treating copy-and-paste as a first‑class privacy risk: Canary builds now show Safety Check automatically removing clipboard permissions from sites you haven’t visited recently, surface a clear “Removed permissions for [x] sites” notice in the menu, and give users a...
Mozilla has quietly pushed the Firefox 115 Extended Support Release (ESR) safety net forward again: security updates for Firefox 115 on legacy desktops — specifically Windows 7, Windows 8, Windows 8.1 and older macOS builds — will continue through March 2026, with Mozilla planning a formal...
backport
browsersecurity
end of life
enterprise it
extended support release
firefox esr
firefox esr 115
legacy systems
linux mint
macos legacy
mozilla
os upgrade
patch management
security updates
telemetry
ubuntu lts
web security
windows 7
windows 8
windows 8.1
Google's Chromium project has logged a serious security issue — tracked as CVE-2025-9866 — describing an inappropriate implementation in Extensions that can be weaponized to bypass Content Security Policy (CSP) via a crafted HTML page; Google has issued a Chrome stable update to remediate the...
Google's Chromium team has fixed a medium-severity UI spoofing flaw—tracked as CVE-2025-9865—that existed in the browser's Toolbar implementation and could allow domain spoofing on Android when a user performed specific UI gestures on crafted pages.
Background
Chromium's September 2025 security...
Palo Alto Networks has pushed a clear marker in the SASE arms race with the launch of Prisma SASE 4.0, a major platform refresh that explicitly frames the next phase of enterprise security as AI versus AI — protecting organizations not only from AI-augmented attackers, but from the uncontrolled...
adnsr
advanced dns resolver
agent governance
ai copilots
ai versus ai
artificial intelligence securitybrowser battlefield
browsersecurity
copilot security
dns security
iam integration
identity governance
in-browser detection
phishing defense
prisma sase 4.0
private app security
saas security
threat detection
web security
zero trust
Mozilla’s decision to keep Firefox 115 ESR alive for older machines is the latest twist in a multi-stage, pragmatic approach to supporting users who remain on end-of-life operating systems — the Extended Support Release for Firefox 115 will now be maintained for Windows 7, Windows 8/8.1 and...
backport
backporting
browsersecuritybrowser-security
cybersecurity
end of life
enterprise it
enterprise policies
esr 115
esr release cycle
esr-115
esr-extension
extended support release
extended-support-release
firefox
firefox esr
firefox esr 115
firefox-esr
it administration
legacy os
legacy systems
legacy-os
linux mint
linux-migration
macos
macos 10.12
macos 10.13
macos 10.14
macos legacy
macos-10-12-to-10-14
microsoft-windows
migration planning
mozilla
operating system upgrades
os upgrade
os-upgrade
patch management
privacy
release calendar
security backports
security updates
security-patches
software maintenance
tech-news
technology policy
telemetry
ubuntu lts
web compatibility
web security
web-security
windows 7
windows 8
windows 8.1
windows-7
windows-8-1
Google’s quiet change to Chrome’s security documentation — adding an explicit AI Features section to the Chrome Security FAQ — is a small, technical edit with outsized implications for how browser vendors will treat generative AI moving forward. The new guidance makes a clear, pragmatic...
A high-severity memory-corruption flaw in Chromium’s V8 JavaScript engine, tracked as CVE-2025-9132, has been patched in the Chrome 139 stable update; the vulnerability is an out‑of‑bounds write that can lead to heap corruption and, in the worst case, remote code execution when a user visits a...
Microsoft Edge’s Canary channel has begun surfacing experimental controls that explicitly treat passkeys as first‑class syncable credentials in the browser, adding new flags labeled Passkey roaming and Passkey roaming management and settings, and exposing a combined “Passwords and passkeys” sync...
A recently disclosed memory-safety flaw in Chromium’s Aura windowing component — tracked as CVE-2025-8882 — allows a remote attacker who can trick a user into specific UI gestures to trigger a use‑after‑free that may lead to heap corruption; the bug was patched upstream in Google Chrome...
A race condition in V8, tracked as CVE‑2025‑8880, was disclosed by the Chromium team and fixed upstream in Chrome Stable — the flaw could allow a remote attacker to execute code inside the browser sandbox via a crafted webpage, and Chromium-based browsers (including Microsoft Edge) are advised...
A newly recorded Chromium vulnerability, tracked as CVE-2025-8881, exposes a weakness in the browser’s File Picker implementation that can be coaxed into leaking cross‑origin data when a user is tricked into specific UI gestures on a crafted page; the bug affects Google Chrome builds prior to...
Microsoft’s Security Response Center has published an advisory for CVE-2025-49755, a user‑interface (UI) misrepresentation — spoofing — vulnerability affecting Microsoft Edge (Chromium‑based) on Android devices, a flaw that allows a remote attacker to present misleading or falsified UI elements...
Google is experimenting with a new Incognito-mode protection called Script Blocking in Incognito that will block third‑party scripts known to perform browser fingerprinting techniques, using a list‑based Masked Domain List (MDL) and a small change to the Fetch specification that gives browsers a...
Microsoft has clarified that Microsoft Edge — and the Microsoft WebView2 Runtime — will continue to receive security and quality updates on Windows 10 (version 22H2) through at least October 2028, even though the Windows 10 operating system itself reaches its end-of-support milestone on October...
browser lifecycle
browsersecurity
chromium edge
cybersecurity
edge browser
edge updates
embedded web ui
enterprise it
esu
extended security updates
migration planning
os end of support
os lifecycle
pwas
software patching
webview2
webview2 updates
windows 10
windows 10 22h2
Microsoft’s recent lifecycle clarification — that Microsoft Edge (and the WebView2 runtime) will continue to receive security and quality updates on Windows 10, version 22H2, well after the operating system itself reaches end-of-support — reshapes migration timelines for millions of users and...
browsersecurity
compliance auditing
edge browser
edge updates
enterprise it
esu
extended security updates
it governance
kernel vulnerabilities
migration planning
os lifecycle
patch management
pwas
security risk
security updates
webview2
webview2 runtime
windows 10 22h2
windows 10 end of support
windows update management