Microsoft Published Fixes for Linux BPF and Chromium ANGLE Vulnerabilities
Microsoft released security guidance for CVE-2026-23359, a flaw in bpf described as a stack out-of-bounds write in devmap, indicating a memory corruption issue in low-level packet processing components. The company also published an advisory for CVE-2026-5283, a Chromium vulnerability in ANGLE caused by an inappropriate implementation, extending the scope of affected software from kernel-adjacent networking code to browser graphics infrastructure.
The advisories were issued through Microsoft's Security Update Guide and identify two distinct vulnerability classes that could affect system and browser security depending on product exposure and patch status. Organizations using Microsoft products that incorporate Linux kernel bpf functionality or Chromium-based components should review the relevant updates for CVE-2026-23359 and CVE-2026-5283 and prioritize remediation based on asset exposure and dependency on those technologies.
Timeline
Mar 26, 2026
Microsoft publishes advisory for CVE-2026-23359
Microsoft published a Security Update Guide entry for CVE-2026-23359, describing the issue as a bpf stack out-of-bounds write in devmap.
Feb 4, 2026
Microsoft publishes advisory for Chromium CVE-2026-5283
Microsoft added CVE-2026-5283 to its Security Update Guide, identifying the issue as an inappropriate implementation flaw in Chromium's ANGLE component.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Sources
4 more from sources like msrc security advisories
Related Stories
Microsoft Flags Chromium ANGLE Overflow and LocalNetworkAccess Policy Bypass
Microsoft published Security Update Guide entries for two Chromium vulnerabilities affecting browser security boundaries and memory safety. The flaws are tracked as **CVE-2026-5275**, a **heap buffer overflow in ANGLE**, and **CVE-2026-5881**, a **policy bypass in `LocalNetworkAccess`**. ANGLE is a graphics translation layer used by Chromium-based browsers, making the memory-corruption issue notable because such bugs can increase the risk of browser compromise. The second issue weakens enforcement of Chromium's `LocalNetworkAccess` protections, which are intended to restrict how web content reaches local network resources. Together, the advisories highlight separate but significant risks in Chromium components: one tied to potential memory corruption and the other to bypass of browser security policy controls. Microsoft did not provide additional public synopsis details in the referenced advisories.
3 weeks ago
Microsoft Ships Chromium Fixes for Multiple Memory Safety Flaws in Edge
Microsoft published security advisories for a broad set of Chromium vulnerabilities affecting its browser platform, including `CVE-2026-7344` (use-after-free in Accessibility), `CVE-2026-7341` (use-after-free in WebRTC), `CVE-2026-7353` (heap buffer overflow in Skia), and `CVE-2026-7337` (type confusion in V8). Additional flaws patched include use-after-free bugs in Views, Media, GPU, Cast, and Navigation, along with insufficient validation of untrusted input in Compositing and an inappropriate implementation issue in Tint. The volume and variety of bugs indicate a significant browser security update focused on memory-safety and input-handling weaknesses in Chromium components commonly exposed through web content. Microsoft also listed `CVE-2026-31682`, a separate issue tied to `br_nd_send` and Neighbor Discovery option parsing, but the main body of advisories centers on Chromium-derived fixes that organizations should prioritize across Microsoft Edge deployments to reduce risk from malicious websites and crafted content.
4 days ago
Microsoft discloses Chromium, pyOpenSSL, Linux kernel and DNS handling flaws
Microsoft published a new set of security advisories covering multiple third-party and open-source components, led by several **Chromium** vulnerabilities affecting `WebGL`, `WebRTC`, `ANGLE`, `V8`, `PDFium`, the **Digital Credentials API**, and **Extensions**. The issues include out-of-bounds read and write, heap buffer overflow, integer overflow, and use-after-free conditions tracked as `CVE-2026-4440`, `CVE-2026-4463`, `CVE-2026-4464`, `CVE-2026-4447`, `CVE-2026-4446`, `CVE-2026-4456`, `CVE-2026-4452`, `CVE-2026-4455`, `CVE-2026-4450`, and `CVE-2026-4458`. Microsoft also listed `CVE-2026-4437`, a flaw in `gethostbyaddr` and `gethostbyaddr_r` that may incorrectly handle DNS responses. The advisory set also includes **pyOpenSSL** flaws `CVE-2026-27459`, a DTLS cookie callback buffer overflow, and `CVE-2026-27448`, which could allow TLS connection bypass through an unhandled exception in `set_tlsext_servername_callback`. Additional entries cover several **Linux kernel** issues, including a potential NULL pointer dereference in `RDMA/siw` (`CVE-2026-23242`), a refcount bug and potential use-after-free in `perf_mmap` (`CVE-2026-23248`), an infinite loop in `ntfs3` metadata handling (`CVE-2025-71265`), an `io_uring` memory-management flaw (`CVE-2026-23259`), and a divide error in `rivafb` (`CVE-2026-23266`), alongside audit subsystem updates tracked as `CVE-2025-71239` and `CVE-2026-23241`.
1 months ago