Cursor and Windsurf IDEs vulnerable to 94+ n-day Chromium issues

First reported

21.10.2025 22:00

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

Cursor and Windsurf IDEs are vulnerable to over 94 known and patched security issues in the Chromium browser and V8 JavaScript engine. The vulnerabilities affect approximately 1.8 million developers using these AI-powered code editors. The IDEs are built on outdated versions of the Electron framework, which embeds Chromium and V8, exposing them to vulnerabilities that have been fixed in newer versions. The vulnerabilities can be exploited to cause denial of service or arbitrary code execution. The risks were disclosed responsibly on October 12, but the developers have not addressed them. Cursor considered the report out of scope, and Windsurf did not respond.

Timeline

21.10.2025 22:00 1 articles · 23h ago

Cursor and Windsurf IDEs vulnerable to 94+ n-day Chromium issues disclosed
Cursor and Windsurf IDEs were found to be vulnerable to over 94 known and patched security issues in the Chromium browser and V8 JavaScript engine. The vulnerabilities affect approximately 1.8 million developers using these AI-powered code editors. The risks were disclosed responsibly on October 12, but the developers have not addressed them. Cursor considered the report out of scope, and Windsurf did not respond.
Show sources

Cursor, Windsurf IDEs riddled with 94+ n-day Chromium vulnerabilities — www.bleepingcomputer.com — 21.10.2025 22:00
Open in new tab

Information Snippets

Cursor and Windsurf IDEs are built on outdated versions of the Electron framework, which includes old versions of Chromium and V8.
First reported: 21.10.2025 22:00

1 source, 1 article
Show sources
- Cursor, Windsurf IDEs riddled with 94+ n-day Chromium vulnerabilities — www.bleepingcomputer.com — 21.10.2025 22:00
The IDEs are vulnerable to at least 94 known and patched security issues in Chromium and V8.
First reported: 21.10.2025 22:00

1 source, 1 article
Show sources
- Cursor, Windsurf IDEs riddled with 94+ n-day Chromium vulnerabilities — www.bleepingcomputer.com — 21.10.2025 22:00
The vulnerabilities can be exploited to cause denial of service or arbitrary code execution.
First reported: 21.10.2025 22:00

1 source, 1 article
Show sources
- Cursor, Windsurf IDEs riddled with 94+ n-day Chromium vulnerabilities — www.bleepingcomputer.com — 21.10.2025 22:00
The risks were disclosed responsibly on October 12, but the developers have not addressed them.
First reported: 21.10.2025 22:00

1 source, 1 article
Show sources
- Cursor, Windsurf IDEs riddled with 94+ n-day Chromium vulnerabilities — www.bleepingcomputer.com — 21.10.2025 22:00
Cursor considered the report out of scope, and Windsurf did not respond.
First reported: 21.10.2025 22:00

1 source, 1 article
Show sources
- Cursor, Windsurf IDEs riddled with 94+ n-day Chromium vulnerabilities — www.bleepingcomputer.com — 21.10.2025 22:00
The vulnerabilities can be exploited through deeplinks, malicious extensions, documentation, tutorials, phishing attacks, or poisoned repositories.
First reported: 21.10.2025 22:00

1 source, 1 article
Show sources
- Cursor, Windsurf IDEs riddled with 94+ n-day Chromium vulnerabilities — www.bleepingcomputer.com — 21.10.2025 22:00
The proof-of-concept exploit demonstrated on Cursor IDE caused a denial-of-service condition by crashing the renderer.
First reported: 21.10.2025 22:00

1 source, 1 article
Show sources
- Cursor, Windsurf IDEs riddled with 94+ n-day Chromium vulnerabilities — www.bleepingcomputer.com — 21.10.2025 22:00

Summary

Timeline

Cursor and Windsurf IDEs vulnerable to 94+ n-day Chromium issues disclosed

Information Snippets