Extension Security
The latest Extension Security coverage — news, analysis, and updates from the WindowsNews.AI desk.
Chrome 149 Emergency Fix Closes CVE-2026-12017 — High‑Severity Site Isolation Bypass via Extensions
Google shipped Chrome 149.0.7827.114 for Windows and Mac and 149.0.7827.115 for Linux on June 11, 2026, plugging a high‑severity hole that let a compromised renderer slip past Site Isolation by...
VS Code 1.123 Syncs AI Chat Across Devices, Adds Research Agent
Microsoft shipped Visual Studio Code 1.123 on June 3, 2026, delivering one of the most AI-forward updates in the editor’s history. The release introduces GitHub-backed synchronization for AI chat...
Chrome 148 Fixes CVE-2026-7937: Why This Medium Bug Matters for Edge Too
On May 6, 2026, Google and Microsoft jointly disclosed CVE-2026-7937, a medium-severity flaw in Chromium’s DevTools policy enforcement that, before Chrome 148.0.7778.96, allowed a malicious...
CVE-2026-3919: Critical Edge Vulnerability Requires Immediate Verification of Chromium Patch
Microsoft Edge users face a critical security threat that demands immediate action. CVE-2026-3919, a use-after-free vulnerability in the Extensions component, has been patched in upstream Chromium...
Edge Extensions Security Guide: How to Safely Install from Chrome Web Store on Windows 10 & 11
Microsoft's transition to Chromium-based Edge has fundamentally transformed the browser extension ecosystem for Windows users, creating both opportunities and security challenges that demand careful...
AI Browser Privacy Crisis: How Prompt Injection & ShadyPanda Threaten Windows Users
The rapid integration of artificial intelligence into web browsers has created a new frontier of privacy vulnerabilities that Windows users need to understand immediately. Recent security research...
Microsoft Edge for Android Tests Desktop Extensions in Canary Build
Microsoft is quietly testing a groundbreaking feature in Edge for Android that could fundamentally change how users interact with browsers on mobile devices. The company is experimenting with...
CVE-2025-55319: How Agentic AI in Visual Studio Code Can Enable Remote Code Execution
A newly listed vulnerability in Microsoft’s Security Response Center, CVE-2025-55319, pulls back the curtain on a dangerous new class of attacks: prompt injections that weaponize agentic AI...
Mastering Edge Extensions: Permission Management and Security Best Practices for Windows Users and IT Admins
Adding an extension to Microsoft Edge takes just a few clicks—find it in the store, review the permissions prompt, and click 'Add extension.' But behind that simplicity lies a complex web of...
CVE-2025-8581: The Low-Risk Chrome Extension Bug That Still Requires an Immediate Update on Edge and Chrome
Google has patched a security vulnerability in Chrome’s Extensions framework that could have allowed attackers to siphon sensitive cross-origin data from unsuspecting users. Tracked as...
Critical Chromium Use-After-Free Flaw CVE-2025-8576 Triggers Urgent Edge, Chrome Updates
A severe use-after-free vulnerability in the Chromium extensions engine, tracked as CVE-2025-8576, is driving urgent updates across the browser ecosystem. The flaw, which carries high severity,...
Microsoft Extends Windows 10 Security Support for 12 Months: What You Need to Know
Microsoft’s decision to extend Windows 10’s security support with a new 12-month program marks a pivotal moment for the global PC landscape, impacting hundreds of millions of users, enterprises,...