Microsoft Ships Chromium Fixes for Multiple Memory Safety Flaws in Edge
Microsoft published security advisories for a broad set of Chromium vulnerabilities affecting its browser platform, including CVE-2026-7344 (use-after-free in Accessibility), CVE-2026-7341 (use-after-free in WebRTC), CVE-2026-7353 (heap buffer overflow in Skia), and CVE-2026-7337 (type confusion in V8). Additional flaws patched include use-after-free bugs in Views, Media, GPU, Cast, and Navigation, along with insufficient validation of untrusted input in Compositing and an inappropriate implementation issue in Tint.
The volume and variety of bugs indicate a significant browser security update focused on memory-safety and input-handling weaknesses in Chromium components commonly exposed through web content. Microsoft also listed CVE-2026-31682, a separate issue tied to br_nd_send and Neighbor Discovery option parsing, but the main body of advisories centers on Chromium-derived fixes that organizations should prioritize across Microsoft Edge deployments to reduce risk from malicious websites and crafted content.
Timeline
May 1, 2026
Microsoft publishes Chromium vulnerability advisories
Microsoft's Security Update Guide published a batch of Chromium-related vulnerability advisories, including CVE-2026-7333, CVE-2026-7334, CVE-2026-7335, CVE-2026-7337, CVE-2026-7338, CVE-2026-7341, CVE-2026-7343, CVE-2026-7344, CVE-2026-7346, CVE-2026-7353, CVE-2026-7356, and CVE-2026-7360. The entries cover issues such as use-after-free, type confusion, heap buffer overflow, inappropriate implementation, and insufficient validation of untrusted input across Chromium components.
Apr 26, 2026
Microsoft publishes advisory for CVE-2026-31682
Microsoft's Security Update Guide published an advisory for CVE-2026-31682, described as "bridge: br_nd_send: linearize skb before parsing ND options." The reference indicates the vulnerability entry was made public on this date.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Sources
5 more from sources like msrc security advisories
Related Stories
Microsoft Flags Multiple Chromium Memory-Safety Flaws in Security Update Guide
Microsoft published Security Update Guide entries for a broad set of **Chromium** vulnerabilities affecting browser components including **WebRTC, ANGLE, Network, Navigation, Blink, Base, V8, Skia,** and **WebAudio**. The listed issues include multiple `use-after-free` bugs such as `CVE-2026-4445`, `CVE-2026-4454`, `CVE-2026-4449`, and `CVE-2026-4441`, as well as a `heap buffer overflow` in `ANGLE` (`CVE-2026-4448`), a `heap buffer overflow` in `WebAudio` (`CVE-2026-4443`), an `out-of-bounds read` in `Skia` (`CVE-2026-4460`), `insufficient validation of untrusted input` in `Navigation` (`CVE-2026-4451`), and an `inappropriate implementation` flaw in `V8` (`CVE-2026-4461`). The same set of advisories also included non-Chromium entries tied to lower-level platform components: `CVE-2026-4438` for `gethostbyaddr` and `gethostbyaddr_r` returning invalid DNS hostnames, `CVE-2025-71267` for an `ntfs3` infinite loop triggered by a zero-sized `ATTR_LIST`, and `CVE-2026-23233` for an `f2fs` fix to avoid mapping the wrong physical block for a swapfile. Together, the disclosures show Microsoft tracking both browser-engine memory-corruption risks and underlying filesystem and networking defects through its update pipeline.
1 months ago
Microsoft Chromium Updates Address Blink Use-After-Free and History Navigation UI Flaw
Microsoft published security advisories for two Chromium vulnerabilities affecting browser security components: **CVE-2026-5872**, a **use-after-free in Blink**, and **CVE-2026-5899**, an **incorrect security UI issue in History Navigation**. The flaws were listed in Microsoft's Security Update Guide as Chromium-related issues, indicating they affect browser code relied on by Microsoft products built on the Chromium engine. The Blink memory-safety bug could expose users to instability or potential exploitation scenarios typical of use-after-free vulnerabilities, while the History Navigation flaw involves incorrect security indicators that could mislead users about page state or trust signals during navigation. Organizations using Microsoft browsers or platforms that incorporate Chromium components should review the relevant advisories and apply the associated security updates through normal patch management processes.
3 weeks ago
Microsoft Discloses Chromium V8 Use-After-Free and Heap Buffer Overflow Flaws
Microsoft published security advisories for two vulnerabilities affecting separate components: **`CVE-2026-5861`**, a *use-after-free* flaw in Chromium's V8 JavaScript engine, and **`CVE-2026-31789`**, a *heap buffer overflow* in hexadecimal conversion logic. The advisories were released through Microsoft's Security Update Guide and identify memory-safety issues that could expose affected software to instability or potential code-execution scenarios depending on how the vulnerable components are reached. The disclosures highlight continued risk from low-level memory corruption bugs in widely used software components, particularly browser engine code and data-conversion routines. Microsoft did not provide detailed public synopses in the referenced advisories, but the vulnerability classifications indicate that organizations should prioritize patch review and deployment for products that incorporate the affected Chromium and Microsoft code paths.
3 weeks ago