extension security

Chromium’s CVE‑2026‑3919 is a use‑after‑free vulnerability in the Extensions component that was addressed upstream in the Chromium project and distributed in Google Chrome’s stable update. Because Microsoft Edge (the modern Chromium‑based Edge) consumes Chromium’s open‑source engine, Microsoft...

Microsoft’s extensions story for Edge and the steady stream of small Windows utilities that BetaNews highlights are useful, but the path between a how‑to, a weekly app pick and safe daily use has changed significantly since the days when Edge extensions lived only in the Windows Store — and that...

A sharp, peer‑reviewed study and a string of security disclosures have exposed a worrying truth about the new generation of AI‑assisted web browsers: many of them collect and transmit highly sensitive browsing data — sometimes without clear consent — and the features that make these tools useful...

Microsoft Edge for Android is quietly being given the ability to install and run the same desktop extensions Windows 11 users rely on — but only in Canary for now, and with a clear “unverified for mobile” warning attached. The change lifts the long-standing artificial barrier that limited mobile...

Title: CVE-2025-55319 — When Agentic AI Meets VS Code: How AI “agents” can open a path to remote code execution (and what developers must do now) Executive summary Microsoft’s Security Response Center lists CVE-2025-55319 as a vulnerability affecting agentic AI integrations and Visual Studio...

Microsoft’s short, step-by-step support page for Microsoft Edge lays out the basics for adding, disabling, and removing extensions — but the topic matters far beyond a few clicks. Extensions shape privacy, performance, and security for millions of Windows users, and managing them properly is now...

A recent security vulnerability, identified as CVE-2025-8581, has been discovered in Google Chrome's Extensions component. This flaw could potentially allow remote attackers to leak cross-origin data by persuading users to perform specific actions on a crafted HTML page. Google has addressed...

A critical security vulnerability has surfaced in Chromium, identified as CVE-2025-8576, raising urgent alarms for users of all Chromium-based browsers, including Microsoft Edge. This flaw, classified as a "use after free" in Extensions, exposes millions of users to potential cyberattacks...

Microsoft has announced a significant extension to its Windows 10 support lifecycle, offering users a 12-month security update program to address concerns over the operating system's impending end of life. This initiative provides Windows 10 users with additional time to transition to newer...

Visual Studio Code continues to stand at the forefront of code editors, serving millions of developers globally with its flexibility, open-source nature, and strong ecosystem of extensions. However, its popularity and reach make it a prime target for security researchers and threat actors alike...

Microsoft Edge has steadily matured into one of the most feature-rich Chromium-based browsers, and recent developments confirm Microsoft’s dedication to both user experience and granular control. The latest feature now being tested allows users to enable or disable browser extensions on a...

Visual Studio users have long enjoyed a robust integrated development environment, complete with advanced debugging capabilities, intelligent code completion, and seamless integration with cloud-based workflows. However, even flagship software is not immune to security pitfalls. Among the more...

In recent days, the cybersecurity community has raised significant concerns regarding the discovery of CVE-2025-21264, a security feature bypass vulnerability impacting Visual Studio Code (VS Code), one of the world’s most popular code editors. As organizations, enterprises, and independent...

The recent decision by Microsoft to block the C/C++ extension for alternative Visual Studio Code (VS Code) distributions has sent ripples through the developer community, igniting debates around digital dependency, open-source ethics, and the future of independent development environments. On...

A new browser-based threat dubbed the “Cookie-Bite” attack is capturing the cybersecurity community’s attention, raising major concerns over the integrity of authentication within cloud environments like Microsoft Azure, Microsoft 365, Google Workspace, AWS, and others. The discovery, recently...

Microsoft’s recent move to restrict its C/C++ extension for Visual Studio Code (VS Code) exclusively to its first-party products has stirred significant concern and debate throughout the developer community. As of version 1.24.5 released on April 3, 2025, the extension now refuses to work on...

Microsoft's recent enforcement of licensing restrictions on its C/C++ extension for Visual Studio Code (VS Code) has stirred significant controversy among developers relying on open-source VS Code forks like VS Codium and commercial derivatives such as Cursor. This move, which first became...

Microsoft's recent enforcement move to block its popular C/C++ extension for Visual Studio Code (VS Code) from working in derivative products like VS Codium and Cursor reveals complex tensions at the intersection of open source, proprietary control, and competitive AI tools. This enforcement...

As we head into the twilight of Windows 10, significant changes are on the horizon, marking a crucial transition for users. The recent update highlights the urgency for users to migrate to Windows 11 as Microsoft gears up to withdraw free support for Windows 10, effective October 2025. With this...

If you're a coding aficionado or a VS Code virtuoso, grab your Peet's coffee, lean back in your ergonomic chair, and feast on the latest delights served up by Visual Studio Code 1.97. This new release is packed with tantalizing features destined to make developers' lives a tad juicier. AI...