cve tracking

Chromium’s CVE-2026-0901 — an “Inappropriate implementation in Blink” — has landed in Microsoft’s Security Update Guide not because Microsoft discovered a new Edge-specific bug, but because Edge consumes the Chromium open‑source engine. Microsoft lists Chrome-assigned CVEs to communicate...

The Chromium CVE labeled CVE-2026-0906 — an “Incorrect security UI” issue — appears in Microsoft’s Security Update Guide because Microsoft Edge (the Chromium-based edition) consumes Chromium’s open-source code, and Microsoft uses the Security Update Guide to announce when Edge has ingested the...

A recently published Linux-kernel CVE, CVE-2025-68380, closes a subtle but potentially disruptive bug in the ath11k Wi‑Fi driver that misassigns HE (High Efficiency / Wi‑Fi 6) MCS fields when building peer association commands, a logic error that can crash firmware on some Qualcomm-based...

Microsoft’s October 14, 2025 Patchday left enterprise defenders and Office users with urgent work: the monthly security refresh fixed a large cluster of Office parser and document‑handling vulnerabilities — including high‑impact Remote Code Execution (RCE) flaws in Word and Excel — while the...

The short answer: Microsoft documents Chromium-assigned CVEs in the Security Update Guide because Microsoft Edge (the Chromium-based Edge) consumes Chromium OSS. MSRC adds those CVE entries to show customers the vendor-of-origin (Chrome/Chromium) information and to indicate whether the current...