Chromium: CVE-2026-3928 Insufficient policy enforcement in Extensions
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-3928
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-3928
Chromium: CVE-2026-3929 Side-channel information leakage in ResourceTiming
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-3929
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-3929
Chromium: CVE-2026-3936 Use after free in WebView
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-3936
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-3936
Chromium: CVE-2026-3915 Heap buffer overflow in WebML
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-3915
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-3915
Chromium: CVE-2026-3925 Incorrect security UI in LookalikeChecks
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-3925
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-3925
Chromium: CVE-2026-3910 Inappropriate implementation in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.Google is aware that an exploit for CVE-2026-3910 exists in the wild.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-3910
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.Google is aware that an exploit for CVE-2026-3910 exists in the wild.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-3910
CVE-2025-58160 Tracing logging user input may result in poisoning logs with ANSI escape sequences
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58160
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58160
CVE-2026-27171 zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27171
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27171
CVE-2026-27141 Sending certain HTTP/2 frames can cause a server to panic in golang.org/x/net
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27141
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27141
CVE-2026-27138 Panic in name constraint checking for malformed certificates in crypto/x509
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27138
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27138
CVE-2026-27137 Incorrect enforcement of email constraints in crypto/x509
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27137
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27137
CVE-2026-3494 MariaDB Server Audit Plugin Comment Handling Bypass
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-3494
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-3494
CVE-2026-3381 Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-3381
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-3381
CVE-2026-31802 node-tar Symlink Path Traversal via Drive-Relative Linkpath
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-31802
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-31802
CVE-2026-26018 CoreDNS Loop Detection Denial of Service Vulnerability
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26018
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26018
CVE-2026-26017 CoreDNS ACL Bypass
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26017
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26017
Chromium: CVE-2026-3909 Out of bounds write in Skia
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information. Google is aware that an exploit for CVE-2026-3909 exists in the wild.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-3909
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information. Google is aware that an exploit for CVE-2026-3909 exists in the wild.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-3909