Microsoft published Security Update Guide entries for multiple Chromium vulnerabilities affecting browser components including HID, ServiceWorker, V8, and the File Manager API. The newly listed issues include CVE-2026-8515, a use-after-free flaw in HID, and CVE-2026-9116, an insufficient policy enforcement bug in ServiceWorker, alongside earlier Chromium-tracked issues such as CVE-2024-4761 (out-of-bounds write in V8), CVE-2022-4262 (type confusion in V8), and CVE-2022-0107 (use-after-free in the File Manager API).
The advisories indicate continued Microsoft tracking of upstream Chromium security defects that can affect Chromium-based products, with the listed bugs spanning memory-corruption and policy-enforcement weaknesses commonly associated with browser compromise risk. The reference set also includes CVE-2019-1406, a separate Jet Database Engine remote code execution vulnerability, but the dominant event is Microsoft's publication of several Chromium-related vulnerability records covering browser engine and API attack surfaces.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
6 events from the most recent confirmed update back to the earliest known activity.
Microsoft published a Security Update Guide entry for CVE-2026-9116, a Chromium insufficient policy enforcement vulnerability in ServiceWorker.
Microsoft published a Security Update Guide entry for CVE-2026-8515, a Chromium use-after-free vulnerability in HID.
Microsoft published a Security Update Guide entry for CVE-2024-4761, a Chromium out-of-bounds write vulnerability in V8.
Microsoft published a Security Update Guide entry for CVE-2022-4262, a Chromium type confusion vulnerability in V8.
Microsoft published a Security Update Guide advisory for CVE-2022-0107, a Chromium use-after-free vulnerability in the File Manager API.
Microsoft published a Security Update Guide advisory for CVE-2019-1406, a remote code execution vulnerability in the Jet Database Engine.
6 references tracked. Mallory keeps watching after this page renders.
msrc.microsoft.com
Open sourcemsrc.microsoft.com
Open sourcemsrc.microsoft.com
Open sourceportal.msrc.microsoft.com
Open sourcemsrc.microsoft.com
Open sourceportal.msrc.microsoft.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.