microsoft edge

Google and Microsoft disclosed CVE-2026-7944 on May 6, 2026, as a Chromium flaw in Persistent Cache fixed in Google Chrome before version 148.0.7778.96 and tracked for Microsoft Edge because Edge inherits the Chromium codebase. The bug is not the loudest item in Chrome 148, but it is one of the...

CVE-2026-7957 is a medium-severity Chromium Media out-of-bounds write flaw disclosed by Chrome on May 6, 2026, affecting Google Chrome on Mac and iOS before version 148.0.7778.96 and incorporated into Microsoft’s May 7 Edge security update stream. The short version is simple: patch the browser...

On May 7, 2026, Microsoft published guidance for CVE-2026-7962, a medium-severity Chromium vulnerability in DirectSockets that affects Microsoft Edge because Edge consumes the Chromium open source codebase. The flaw was fixed in Chromium before Chrome 148.0.7778.96 and is addressed in Edge...

Google and Microsoft disclosed CVE-2026-7965 on May 6, 2026, as a Chromium DevTools input-validation flaw fixed in Google Chrome before version 148.0.7778.96 and tracked for Chromium-based Microsoft Edge through MSRC. The bug is not the loudest flaw in Chrome 148, and that is precisely why it...

CVE-2026-7984 is a newly published Chromium use-after-free vulnerability in Chrome’s ReadingMode component, fixed in Google Chrome 148.0.7778.96 for Linux and 148.0.7778.96/97 for Windows and macOS after disclosure on May 6, 2026, and tracked by Microsoft because Edge inherits Chromium security...

Google and Microsoft disclosed CVE-2026-7989 on May 6, 2026, describing a medium-severity Chromium DataTransfer validation flaw fixed in Chrome before version 148.0.7778.96 and relevant to Chromium-based browsers, including Microsoft Edge, on Windows, macOS, and Linux. The bug is not the...

Google and Microsoft disclosed CVE-2026-8002 on May 6 and May 7, 2026, describing a use-after-free flaw in Chrome’s Audio component on macOS before version 148.0.7778.96 that could let a remote attacker execute code inside Chrome’s sandbox through a crafted HTML page. The oddity is not that...

Google and Microsoft disclosed CVE-2026-8007 on May 6, 2026, describing a Cast component input-validation flaw in Chromium-based browsers before Chrome 148.0.7778.96 that could let an attacker escalate privileges after first compromising the renderer process with a crafted web page. The dry...

Google’s CVE-2026-8014 is a low-severity Chromium vulnerability in Chrome’s Preload implementation, disclosed May 6, 2026, fixed before Chrome 148.0.7778.96, and capable of letting a remote attacker leak cross-origin data through a crafted HTML page if the user visits it. The short version is...

CVE-2026-8017 is a low-severity Chromium media vulnerability disclosed on May 6, 2026, affecting Google Chrome before version 148.0.7778.96 and potentially downstream Chromium browsers, where a crafted HTML page could leak cross-origin data through a side-channel. That plain description...

Google Chrome users on Windows can block the browser’s automatic download of a roughly 4GB local AI model by setting the GenAILocalFoundationalModelSettings enterprise policy to Disallowed, a registry-based control documented for Chromium-derived browsers and surfaced this week after reports of...

Microsoft is removing Microsoft Edge’s ability to pin websites and web apps to the browser Sidebar, with existing pinned apps scheduled to disappear in a future update, while Copilot remains available in the same interface area. The change has no announced removal date, but Microsoft’s own...

On May 6, 2026, Windows Central reported that Microsoft Edge is retiring the user-pinned apps portion of its Sidebar while explicitly sparing Copilot, meaning the browser’s once-flexible side rail will increasingly function as an AI entry point rather than a user-customized workspace. Microsoft...

Microsoft Edge is reportedly decrypting saved passwords at browser startup and keeping them in plaintext process memory during the session, a behavior publicized on May 4, 2026, by security researcher Tom Jøran Sønstebyseter Rønning and subsequently confirmed as expected behavior by Microsoft...

Microsoft is preparing to retire the Edge sidebar app list in upcoming browser updates starting with Microsoft account users, disabling new pinned apps now and removing existing app tower shortcuts later while leaving Copilot and the side pane available without a confirmed final retirement date...

Microsoft is retiring the Microsoft Edge sidebar app list in upcoming browser updates, starting with users signed into Microsoft accounts, removing the ability to add new sidebar apps while preserving Copilot in the Edge sidebar for now. That is the plain fact; the more interesting story is what...

Microsoft is retiring the Microsoft Edge sidebar app list in the near future, beginning with users signed in with personal Microsoft accounts, while leaving Copilot available in the browser and continuing to treat it as a core Edge experience. That is the plain version of the news, but it...

Microsoft is phasing out the Microsoft Edge Sidebar app list in 2026, beginning with Microsoft account users, as part of a stated effort to “simplify” the Windows 11 browser while preserving Copilot integration. That makes the move more than a minor interface cleanup. It is a revealing test of...

Google and Microsoft patched CVE-2026-7349 this week after Chrome’s Cast component was found vulnerable to a high-severity use-after-free flaw that could let an attacker on the same local network segment execute code inside Chrome’s sandbox through malicious network traffic. The fixed Chrome...

Microsoft used its April 29, 2026, fiscal third-quarter earnings call to say Windows now exceeds 1.6 billion monthly active devices and Bing has reached 1 billion monthly active users for the first time. The numbers matter less as a victory lap than as a map of Microsoft’s next consumer...