Microsoft Flags Multiple Chromium Memory-Safety Flaws in Security Update Guide
Microsoft published Security Update Guide entries for a broad set of Chromium vulnerabilities affecting browser components including WebRTC, ANGLE, Network, Navigation, Blink, Base, V8, Skia, and WebAudio. The listed issues include multiple use-after-free bugs such as CVE-2026-4445, CVE-2026-4454, CVE-2026-4449, and CVE-2026-4441, as well as a heap buffer overflow in ANGLE (CVE-2026-4448), a heap buffer overflow in WebAudio (CVE-2026-4443), an out-of-bounds read in Skia (CVE-2026-4460), insufficient validation of untrusted input in Navigation (CVE-2026-4451), and an inappropriate implementation flaw in V8 (CVE-2026-4461).
The same set of advisories also included non-Chromium entries tied to lower-level platform components: CVE-2026-4438 for gethostbyaddr and gethostbyaddr_r returning invalid DNS hostnames, CVE-2025-71267 for an ntfs3 infinite loop triggered by a zero-sized ATTR_LIST, and CVE-2026-23233 for an f2fs fix to avoid mapping the wrong physical block for a swapfile. Together, the disclosures show Microsoft tracking both browser-engine memory-corruption risks and underlying filesystem and networking defects through its update pipeline.
Timeline
Mar 23, 2026
Microsoft publishes batch of Chromium vulnerability advisories
Microsoft's Security Update Guide published multiple Chromium-related advisories, including CVE-2026-4441, CVE-2026-4443, CVE-2026-4445, CVE-2026-4448, CVE-2026-4449, CVE-2026-4451, CVE-2026-4454, CVE-2026-4460, and CVE-2026-4461. The issues span use-after-free, heap buffer overflow, insufficient input validation, out-of-bounds read, and inappropriate implementation flaws across components such as WebRTC, ANGLE, Blink, Network, Navigation, Skia, Base, V8, and WebAudio.
Mar 22, 2026
Microsoft publishes advisory for CVE-2026-4438
Microsoft's Security Update Guide published an entry for CVE-2026-4438, describing an issue where gethostbyaddr and gethostbyaddr_r can return invalid DNS hostnames. This marks the public disclosure of that vulnerability in Microsoft's advisory system.
Mar 20, 2026
Microsoft publishes advisory for Chromium CVE-2026-4453
Microsoft's Security Update Guide published an entry for CVE-2026-4453, an integer overflow vulnerability in Chromium's Dawn component. This marks public disclosure of the issue through Microsoft's advisory channel.
Mar 20, 2026
Microsoft publishes advisory for Chromium CVE-2026-4459
Microsoft's Security Update Guide published an entry for CVE-2026-4459, a Chromium WebAudio out-of-bounds read and write vulnerability. This marks public disclosure of the issue through Microsoft's advisory channel.
Mar 19, 2026
Microsoft publishes advisories for CVE-2025-71267 and CVE-2026-23233
Microsoft's Security Update Guide published entries for CVE-2025-71267, an NTFS3 infinite-loop issue triggered by a zero-sized ATTR_LIST, and CVE-2026-23233, an f2fs swapfile block-mapping flaw. These advisories indicate public disclosure of the vulnerabilities through Microsoft's update channel.
Jan 1, 2026
Microsoft publishes advisory for Chromium CVE-2026-4680
Microsoft's Security Update Guide published an entry for CVE-2026-4680, a Chromium use-after-free vulnerability in FedCM. This marks public disclosure of the issue through Microsoft's advisory channel.
Jan 1, 2026
Microsoft publishes advisory for Chromium CVE-2026-4677
Microsoft's Security Update Guide published an entry for CVE-2026-4677, a Chromium WebAudio out-of-bounds read vulnerability. This marks public disclosure of the issue through Microsoft's advisory channel.
Jan 1, 2026
Microsoft publishes advisory for Chromium CVE-2026-4674
Microsoft's Security Update Guide published an entry for CVE-2026-4674, a Chromium CSS out-of-bounds read vulnerability. This marks public disclosure of the issue through Microsoft's advisory channel.
Jan 1, 2026
Microsoft publishes advisory for Chromium CVE-2026-4673
Microsoft's Security Update Guide published an entry for CVE-2026-4673, a Chromium WebAudio heap buffer overflow vulnerability. This marks public disclosure of the issue through Microsoft's advisory channel.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Sources
5 more from sources like msrc security advisories
Related Stories
Microsoft Ships Chromium Fixes for Multiple Memory Safety Flaws in Edge
Microsoft published security advisories for a broad set of Chromium vulnerabilities affecting its browser platform, including `CVE-2026-7344` (use-after-free in Accessibility), `CVE-2026-7341` (use-after-free in WebRTC), `CVE-2026-7353` (heap buffer overflow in Skia), and `CVE-2026-7337` (type confusion in V8). Additional flaws patched include use-after-free bugs in Views, Media, GPU, Cast, and Navigation, along with insufficient validation of untrusted input in Compositing and an inappropriate implementation issue in Tint. The volume and variety of bugs indicate a significant browser security update focused on memory-safety and input-handling weaknesses in Chromium components commonly exposed through web content. Microsoft also listed `CVE-2026-31682`, a separate issue tied to `br_nd_send` and Neighbor Discovery option parsing, but the main body of advisories centers on Chromium-derived fixes that organizations should prioritize across Microsoft Edge deployments to reduce risk from malicious websites and crafted content.
4 days ago
Microsoft Flags Chromium ANGLE Overflow and LocalNetworkAccess Policy Bypass
Microsoft published Security Update Guide entries for two Chromium vulnerabilities affecting browser security boundaries and memory safety. The flaws are tracked as **CVE-2026-5275**, a **heap buffer overflow in ANGLE**, and **CVE-2026-5881**, a **policy bypass in `LocalNetworkAccess`**. ANGLE is a graphics translation layer used by Chromium-based browsers, making the memory-corruption issue notable because such bugs can increase the risk of browser compromise. The second issue weakens enforcement of Chromium's `LocalNetworkAccess` protections, which are intended to restrict how web content reaches local network resources. Together, the advisories highlight separate but significant risks in Chromium components: one tied to potential memory corruption and the other to bypass of browser security policy controls. Microsoft did not provide additional public synopsis details in the referenced advisories.
3 weeks ago
Microsoft Chromium Updates Address Blink Use-After-Free and History Navigation UI Flaw
Microsoft published security advisories for two Chromium vulnerabilities affecting browser security components: **CVE-2026-5872**, a **use-after-free in Blink**, and **CVE-2026-5899**, an **incorrect security UI issue in History Navigation**. The flaws were listed in Microsoft's Security Update Guide as Chromium-related issues, indicating they affect browser code relied on by Microsoft products built on the Chromium engine. The Blink memory-safety bug could expose users to instability or potential exploitation scenarios typical of use-after-free vulnerabilities, while the History Navigation flaw involves incorrect security indicators that could mislead users about page state or trust signals during navigation. Organizations using Microsoft browsers or platforms that incorporate Chromium components should review the relevant advisories and apply the associated security updates through normal patch management processes.
3 weeks ago