CyberHappenings logo

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Cursor and Windsurf IDEs vulnerable to 94+ n-day Chromium issues

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

Cursor and Windsurf IDEs are vulnerable to over 94 known and patched security issues in the Chromium browser and V8 JavaScript engine. The vulnerabilities affect approximately 1.8 million developers using these AI-powered code editors. The IDEs are built on outdated versions of the Electron framework, which embeds Chromium and V8, exposing them to vulnerabilities that have been fixed in newer versions. The vulnerabilities can be exploited to cause denial of service or arbitrary code execution. The risks were disclosed responsibly on October 12, but the developers have not addressed them. Cursor considered the report out of scope, and Windsurf did not respond.

Timeline

  1. 21.10.2025 22:00 1 articles · 23h ago

    Cursor and Windsurf IDEs vulnerable to 94+ n-day Chromium issues disclosed

    Cursor and Windsurf IDEs were found to be vulnerable to over 94 known and patched security issues in the Chromium browser and V8 JavaScript engine. The vulnerabilities affect approximately 1.8 million developers using these AI-powered code editors. The risks were disclosed responsibly on October 12, but the developers have not addressed them. Cursor considered the report out of scope, and Windsurf did not respond.

    Show sources

Information Snippets