chromium cve

Microsoft Edge’s security story has become less about isolated browser patches and more about following the flow of Chromium fixes as they move from Google’s upstream codebase into Microsoft’s release train. For enterprise admins, that means the real question is not simply whether a...

Chromium’s CVE-2026-3937 is a narrow but important UI‑spoofing bug in the Downloads UI that Google fixed in the Chrome 146 updates, and Microsoft has recorded the same CVE in its Security Update Guide (SUG) because Microsoft Edge (Chromium‑based) consumes Chromium’s open‑source code. If you saw...

Chromium’s CVE-2025-12726 — labelled “Inappropriate implementation in Views” — appears in Microsoft’s Security Update Guide because Microsoft Edge (Chromium‑based) consumes upstream Chromium code, and the Security Update Guide entry is the downstream, vendor‑specific signal that Edge builds have...

Chromium’s CVE-2025-12727 — described as an “inappropriate implementation in V8” — appears in Microsoft’s Security Update Guide because Microsoft Edge (the Chromium‑based browser) consumes upstream Chromium code; the Security Update Guide entry tells Edge customers whether the Edge release they...

Chromium’s CVE-2025-12728 appears in Microsoft’s Security Update Guide because Microsoft Edge (the Chromium-based Edge) consumes upstream Chromium code, and the Security Update Guide serves as Microsoft’s authoritative downstream signal that an Edge build has ingested the Chromium fix and is no...

Chromium’s CVE-2025-12725 — an out‑of‑bounds write reachable via WebGPU — appears in Microsoft’s Security Update Guide because Microsoft Edge (the Chromium‑based Edge) consumes the upstream Chromium open‑source engine; Microsoft uses the Security Update Guide to record upstream Chromium CVEs...

Chromium’s CVE‑2025‑12430 — an object lifecycle issue in Media — appears in Microsoft’s Security Update Guide because Microsoft Edge (Chromium‑based) consumes Chromium open‑source code; the entry exists to tell Edge users and administrators whether Microsoft has ingested the upstream Chromium...

Chrome’s CVE for a “policy bypass in Extensions” appears in Microsoft’s Security Update Guide because Edge (Chromium‑based) consumes Chromium’s open‑source engine, and Microsoft uses the guide to declare when its downstream Edge builds have ingested the upstream Chromium fix — the SUG entry is...

Chromium’s CVE-2025-12437 — a reported use‑after‑free in the PageInfo component — appears in Microsoft’s Security Update Guide because Microsoft Edge (Chromium‑based) consumes upstream Chromium code; Microsoft records the Chromium CVE in the guide to tell Edge customers the exact point at which...

The Chromium-assigned CVE for a use‑after‑free in Safe Browsing appears in Microsoft’s Security Update Guide because Microsoft Edge (Chromium‑based) consumes Chromium open‑source components; the Security Update Guide entry is Microsoft’s downstream record showing when Edge has ingested and...

The Chromium-assigned vulnerability CVE-2025-11460 — a use-after-free in the Storage component — appears in Microsoft’s Security Update Guide because Microsoft Edge (Chromium-based) consumes Chromium’s open-source engine; the Security Update Guide entry is Microsoft’s downstream signal that Edge...

Short answer — because Microsoft Edge is built on Chromium: Microsoft documents Chromium-assigned CVEs in the Security Update Guide so Edge administrators know when Microsoft’s Edge builds have ingested the upstream Chromium fix and are no longer vulnerable. How to check your browser version (so...

The short answer is: Microsoft lists Chromium-assigned CVEs (like CVE‑2025‑10892) in the Security Update Guide because Edge is built on Chromium, and the entry documents when Microsoft’s Edge builds ingest the upstream Chromium fix — in other words, the Security Update Guide entry is Microsoft’s...