Microsoft published security advisories for several Chromium vulnerabilities spanning browser components including WebXR, WebRTC, V8, and web apps. The issues are tracked as CVE-2026-8583 (insufficient policy enforcement in WebXR), CVE-2023-7024 (heap buffer overflow in WebRTC), CVE-2022-1096 (type confusion in V8), and CVE-2021-4052 (use-after-free in web apps), indicating exposure across both rendering and scripting-related functionality in Chromium-based environments.
The listed flaws cover multiple high-risk bug classes commonly associated with browser compromise, including memory corruption and policy enforcement weaknesses. Microsoft surfaced the vulnerabilities through its Security Update Guide and portal advisories, signaling that organizations using Microsoft products that incorporate Chromium components should review applicable updates and assess browser-related attack surface tied to immersive web features, real-time communications, JavaScript execution, and web application handling.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
4 events from the most recent confirmed update back to the earliest known activity.
Microsoft published a Security Update Guide entry for CVE-2026-8583, described as insufficient policy enforcement in WebXR in Chromium.
Microsoft published a Security Update Guide entry for CVE-2023-7024, a heap buffer overflow vulnerability in WebRTC in Chromium.
Microsoft published a Security Update Guide entry for CVE-2022-1096, described as a type confusion vulnerability in V8 within Chromium.
Microsoft published a Security Update Guide entry for CVE-2021-4052, a Chromium use-after-free vulnerability in web apps.
4 references tracked. Mallory keeps watching after this page renders.
msrc.microsoft.com
Open sourcemsrc.microsoft.com
Open sourcemsrc.microsoft.com
Open sourceportal.msrc.microsoft.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.