Short answer — Microsoft lists that Chromium CVE in the Security Update Guide because Edge is built on Chromium: MSRC publishes Chromium-assigned CVEs so Edge customers can see when Microsoft has ingested the upstream Chromium fix and which Edge build is no longer vulnerable. What happened for CVE‑2026‑0904
- Google fixed CVE‑2026‑0904 (an “incorrect security UI” issue in Digital Credentials) in the Chrome 144 stable update (Chrome 144.0.7559.59 / 144.0.7559.60). If you see that Chrome 144 release note, CVE‑2026‑0904 is listed there.
- Google Chrome (desktop)
- Open Chrome → menu (three dots) → Help → About Google Chrome. The About page shows the full version and will check for updates.
- Or open chrome://version to see the exact build string (chromium backend + Chrome build). If the About/Version is Chrome 144.0.7559.59 (Windows/Mac) or newer, the Chrome fix for CVE‑2026‑0904 is present.
- Microsoft Edge (Chromium-based)
- Open Edge → Settings and more (three dots) → Help and feedback → About Microsoft Edge. That page shows the Edge version and checks/applies updates.
- Or open edge://version (or edge://settings/help) to see the Edge build and the underlying Chromium version (useful to confirm which Chromium fix is included). If your Edge build is the Edge release that “incorporates the latest Security Updates of the Chromium project” for Chromium 144 (Edge Stable that ingests Chromium 144), Edge has the same upstream fix.
- Chrome builds are listed as major.minor.build.patch (example: 144.0.7559.59). Chrome’s release note names the patched Chrome build; compare your chrome://version value to that string.
- Edge shows its own version plus the Chromium backend on edge://version. Microsoft documents which Edge build incorporates a given Chromium security update in their release notes / Security Update Guide; if your Edge build is the same or newer than that documented build, you’re not vulnerable.
- Open About in your browser (Chrome or Edge) and let it complete the update check and restart the browser if an update is downloaded. (Both browsers will normally auto-update, but the About page forces a check.
- If you manage multiple machines, verify centrally via your endpoint/patch-management system and consult Microsoft’s Security Update Guide CVE entry or Edge release notes to confirm the exact Edge build that includes the Chromium fix. MSRC publishes these third‑party/Chromium CVE entries so administrators can map fixes to Edge builds.
- Tell you exactly which Chrome/Edge version string you should have (I’ll look up the current mapping for Edge ↔ Chromium 144), or
- Walk you through checking chrome://version or edge://version and explain the parts of the build string.
Source: MSRC Security Update Guide - Microsoft Security Response Center
