Browser Extensions
The latest Browser Extensions coverage — news, analysis, and updates from the WindowsNews.AI desk.
Chrome 150 Fixes Extensions Flaw That Could Leak Your Private Data – Update Now
Google shipped an emergency update to Chrome’s stable desktop channel on June 30, 2026, patching a vulnerability in the browser’s extensions system that could allow attackers to steal sensitive...
Chrome 150.0.7871.47 Patches High‑Severity Extension UI Spoofing Flaw (CVE‑2026‑13999)
Google released Chrome 150.0.7871.47 to the Stable channel on June 30, 2026, fixing a potentially dangerous UI spoofing vulnerability in the browser's extension system. The flaw, tracked as...
Google Pushes Chrome 150 Update to Block Extensions from Leaking Cross-Origin Data
Google shipped Chrome 150.0.7871.47 on June 30, 2026, closing a medium-severity vulnerability that could let a malicious browser extension swipe data from websites you visit—even if those sites are...
Chrome 150.0.7871.47 Plugs Use-After-Free Hole: Why Even 'Low' Severity Bugs Need Immediate Patching
Google released Chrome 150.0.7871.47 to the Stable Channel for desktop on June 30, 2026, closing a use-after-free vulnerability tracked as CVE-2026-14040. The flaw resides in BrowserTag, a component...
Microsoft Edge June 2026 Patch Closes High-Severity Chromium Vulnerability CVE-2026-12445
Microsoft has rolled out its June 2026 security update for Microsoft Edge, delivering a critical patch for CVE-2026-12445, a high-severity vulnerability lurking in the Chromium open-source code that...
Critical Chrome Extension Flaw CVE-2026-11658 Patched: Why Windows Users Must Lock Down Extension Policies Now
Google has released an emergency patch for a high-severity input-validation vulnerability in Chrome’s extension subsystem, tracked as CVE-2026-11658, that could allow attackers to bypass security...
Don’t Wait for Kernel Patches: Chrome 149 Fixes Critical Use-After-Free Vulnerability
Google rolled out Chrome 149.0.7827.103 on June 8, 2026, addressing a single but severe security bug tracked as CVE-2026-11644—a use-after-free vulnerability in the browser’s Views component on...
Browser Ad Blockers Hijack AI Conversations in Massive Data Theft Operation
A pair of popular browser extensions masquerading as legitimate ad blockers were caught red-handed intercepting sensitive artificial intelligence prompts and user metadata, security researchers...
Bing Launches "-ai" Search Parameter and Extension to Disable AI Answers
Microsoft has rolled out a new opt-out mechanism for Bing’s AI-generated search answers, allowing users to disable Copilot-style responses with a simple browser extension toggle or by appending...
Chrome V8 CVE-2026-7940: Patch Now to Block Malicious Extensions
Google and Microsoft jointly disclosed CVE-2026-7940 on May 6, 2026, a medium-severity vulnerability in the V8 JavaScript engine that underpins Chromium-based browsers. The flaw, which affects Google...
CVE-2026-7949 Skia Bug: Update Chrome/Edge to Stop Extension Data Leaks
Google and Microsoft disclosed CVE-2026-7949 on May 6, 2026, a medium‑severity Chromium vulnerability in the Skia graphics library that permits cross‑origin data leaks when attacker‑controlled...
Chrome 148 and Edge Patch Use-After-Free Flaw Exploitable via Malicious Extensions
On May 6, 2026, Google shipped Chrome 148.0.7778.96 to the stable channel, closing a use-after-free vulnerability tracked as CVE-2026-7976. The flaw sits in Chromium’s Views component—the...