microsoft edge security

At Pwn2Own Berlin 2026 on May 14, security researchers demonstrated successful zero-day exploits against Microsoft Edge, Windows 11, LiteLLM, NVIDIA software, Red Hat Enterprise Linux, and other modern targets, earning $523,000 across 24 unique vulnerabilities on the contest’s first day. The...

Microsoft has assigned CVE-2026-33111 to an information disclosure vulnerability in Copilot Chat for Microsoft Edge, placing a browser-side AI feature inside the same security-update machinery that Windows administrators already use for operating-system and application flaws. The sparse public...

CVE-2026-7930 is a newly disclosed Chromium cookie-handling vulnerability, published by Chrome and surfaced by Microsoft on May 7, 2026, that affects Google Chrome before 148.0.7778.96 and Microsoft Edge because Edge consumes the Chromium codebase. The bug is not the flashiest entry in Chrome...

Google and Microsoft disclosed CVE-2026-7955 on May 6, 2026, a medium-severity Chromium GPU flaw fixed in Google Chrome before version 148.0.7778.96 and tracked by Microsoft because Edge inherits the same Chromium codebase. The bug is not the headline-grabbing remote-code-execution monster that...

On May 7, 2026, Microsoft published guidance for CVE-2026-7967, a Chromium Navigation flaw fixed in Chrome 148.0.7778.96 and carried into Microsoft Edge because Edge consumes the Chromium open-source browser engine. The vulnerability is easy to underrate because Chromium labels it “Medium,” yet...

Google and Microsoft documented CVE-2026-7988 on May 6–7, 2026, as a WebRTC type-confusion flaw in Chromium that affected Google Chrome before 148.0.7778.96 and Microsoft Edge before its corresponding 148.0.7778.xxx security update. The vulnerability is not the loudest bug in the Chrome 148...

Google and Microsoft disclosed CVE-2026-8010 on May 6, 2026, after Chrome 148 reached the desktop stable channel, fixing a SiteIsolation input-validation flaw in Chrome versions before 148.0.7778.96 that could let an attacker who already compromised the renderer bypass browser isolation with...

Microsoft’s CVE-2026-32187 entry for Microsoft Edge (Chromium-based) appears to be a Defense in Depth issue rather than a classic, immediately exploitable browser takeover flaw, and that distinction matters for how defenders should read the advisory. Microsoft’s own Security Update Guide...

Microsoft has now identified CVE-2026-3917, a use-after-free flaw in Chromium’s Agents component, as one of the vulnerabilities folded into the latest Chrome security cycle. Because Microsoft Edge (Chromium-based) ingests the same upstream Chromium codebase, the practical effect for Edge users...

The latest Chromium security update touching Microsoft Edge highlights a familiar but often underappreciated class of browser flaw: not a crash, not a straightforward remote code execution bug, but a side-channel information leak in ResourceTiming. Google’s Chrome release notes for March 2026...

Microsoft has flagged CVE-2026-3936, a use-after-free flaw in Chromium’s WebView component, as affecting Microsoft Edge (Chromium-based) because Edge ingests the upstream Chromium codebase and inherits security fixes from it. Google’s Chrome Releases notes show the issue as CVE-2026-3936: Use...

Microsoft’s latest Chromium security entry, CVE-2026-3915, is a heap buffer overflow in WebML that matters well beyond the narrow label attached to it. Because Microsoft Edge (Chromium-based) inherits fixes from upstream Chromium, the practical takeaway for Windows users is straightforward: once...

The Chromium project’s CVE-2026-3925 is a medium-severity “Incorrect security UI in LookalikeChecks” issue, and Microsoft’s Security Update Guide includes it because Microsoft Edge (Chromium-based) consumes Chromium’s upstream code. Google’s Chrome Releases page shows the bug was reported by...