Microsoft Flags Chromium ANGLE Overflow and LocalNetworkAccess Policy Bypass
Microsoft published Security Update Guide entries for two Chromium vulnerabilities affecting browser security boundaries and memory safety. The flaws are tracked as CVE-2026-5275, a heap buffer overflow in ANGLE, and CVE-2026-5881, a policy bypass in LocalNetworkAccess. ANGLE is a graphics translation layer used by Chromium-based browsers, making the memory-corruption issue notable because such bugs can increase the risk of browser compromise.
The second issue weakens enforcement of Chromium's LocalNetworkAccess protections, which are intended to restrict how web content reaches local network resources. Together, the advisories highlight separate but significant risks in Chromium components: one tied to potential memory corruption and the other to bypass of browser security policy controls. Microsoft did not provide additional public synopsis details in the referenced advisories.
Timeline
Feb 4, 2026
Microsoft publishes advisory for CVE-2026-5275
Microsoft added CVE-2026-5275, a Chromium ANGLE heap buffer overflow, to its Security Update Guide. No additional synopsis details were provided in the reference.
Jan 1, 2026
Microsoft publishes advisory for CVE-2026-5881
Microsoft added CVE-2026-5881, a Chromium LocalNetworkAccess policy bypass, to its Security Update Guide. No additional synopsis details were provided in the reference.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Sources
Related Stories
Microsoft Flags Multiple Chromium Memory-Safety Flaws in Security Update Guide
Microsoft published Security Update Guide entries for a broad set of **Chromium** vulnerabilities affecting browser components including **WebRTC, ANGLE, Network, Navigation, Blink, Base, V8, Skia,** and **WebAudio**. The listed issues include multiple `use-after-free` bugs such as `CVE-2026-4445`, `CVE-2026-4454`, `CVE-2026-4449`, and `CVE-2026-4441`, as well as a `heap buffer overflow` in `ANGLE` (`CVE-2026-4448`), a `heap buffer overflow` in `WebAudio` (`CVE-2026-4443`), an `out-of-bounds read` in `Skia` (`CVE-2026-4460`), `insufficient validation of untrusted input` in `Navigation` (`CVE-2026-4451`), and an `inappropriate implementation` flaw in `V8` (`CVE-2026-4461`). The same set of advisories also included non-Chromium entries tied to lower-level platform components: `CVE-2026-4438` for `gethostbyaddr` and `gethostbyaddr_r` returning invalid DNS hostnames, `CVE-2025-71267` for an `ntfs3` infinite loop triggered by a zero-sized `ATTR_LIST`, and `CVE-2026-23233` for an `f2fs` fix to avoid mapping the wrong physical block for a swapfile. Together, the disclosures show Microsoft tracking both browser-engine memory-corruption risks and underlying filesystem and networking defects through its update pipeline.
1 months ago
Microsoft Published Fixes for Linux BPF and Chromium ANGLE Vulnerabilities
Microsoft released security guidance for **CVE-2026-23359**, a flaw in `bpf` described as a **stack out-of-bounds write in devmap**, indicating a memory corruption issue in low-level packet processing components. The company also published an advisory for **CVE-2026-5283**, a Chromium vulnerability in **ANGLE** caused by an inappropriate implementation, extending the scope of affected software from kernel-adjacent networking code to browser graphics infrastructure. The advisories were issued through Microsoft's Security Update Guide and identify two distinct vulnerability classes that could affect system and browser security depending on product exposure and patch status. Organizations using Microsoft products that incorporate Linux kernel `bpf` functionality or Chromium-based components should review the relevant updates for **CVE-2026-23359** and **CVE-2026-5283** and prioritize remediation based on asset exposure and dependency on those technologies.
1 months ago
Microsoft Chromium Updates Address Blink Use-After-Free and History Navigation UI Flaw
Microsoft published security advisories for two Chromium vulnerabilities affecting browser security components: **CVE-2026-5872**, a **use-after-free in Blink**, and **CVE-2026-5899**, an **incorrect security UI issue in History Navigation**. The flaws were listed in Microsoft's Security Update Guide as Chromium-related issues, indicating they affect browser code relied on by Microsoft products built on the Chromium engine. The Blink memory-safety bug could expose users to instability or potential exploitation scenarios typical of use-after-free vulnerabilities, while the History Navigation flaw involves incorrect security indicators that could mislead users about page state or trust signals during navigation. Organizations using Microsoft browsers or platforms that incorporate Chromium components should review the relevant advisories and apply the associated security updates through normal patch management processes.
3 weeks ago