cve 2026 1220

CVE-2026-1220 is a high-severity vulnerability in the V8 JavaScript engine, described as a 'Race in V8' by Google. Google released an out-of-band Stable channel update for Chrome on January 20, 2026 to fix this bug. Because Microsoft Edge and other Chromium-based browsers share the V8 engine, administrators should treat all Chromium consumers in their environment as potentially exposed until downstream vendors confirm they have ingested the upstream fix. The vulnerability underscores the importance of patching Chromium-based browsers promptly and monitoring vendor advisories for ingestion of upstream security fixes.