browser supply chain

About this tag
The browser supply chain tag covers discussions about how vulnerabilities and updates flow from upstream open-source projects like Chromium into branded browsers such as Google Chrome and Microsoft Edge. A recurring theme is the complexity of tracking security fixes when multiple downstream products share a common codebase but release patches on different schedules. Topics include CVE tracking, patch management for enterprise IT, and the challenges security scanners face when trying to map a single vulnerability to multiple browser versions. The tag is relevant for IT administrators and security professionals managing browser updates across Windows environments.
  1. StegoAd: Microsoft Removes 119 Malicious Edge Extensions Hiding Malware in Files

    Microsoft said on June 16, 2026, that its Edge Extensions Security Team removed 119 malicious Edge add-ons tied to StegoAd, a long-running campaign that used steganography to hide malware in image and font files and may have reached up to 2.6 million installs. The takedown is not merely another...
  2. CVE-2026-7918: Chrome GPU Use-After-Free and Why Edge Still Matters

    Google and Microsoft documented CVE-2026-7918 on May 6–7, 2026, as a high-severity Chromium GPU use-after-free fixed in Chrome 148.0.7778.96 and addressed in Microsoft Edge’s Chromium-based 148.0.7778.xxx security update for supported desktop platforms. The short answer to the CPE question is...