Patch Tuesday!

https://msrc.microsoft.com/update-guide/releaseNote/2026-Mar

CVEs have been published or revised in the Security Update Guide

March 11, 2026

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

CVE-2026-3537

• Title: Chromium: CVE-2026-3537 Object lifecycle issue in PowerVR
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 11, 2026
• Last updated: March 11, 2026
• Aggregate CVE severity rating:

Customer action required: Yes

CVEs have been published or revised in the Security Update Guide

March 12, 2026

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

CVE-2026-26133

• Title: M365 Copilot Information Disclosure Vulnerability
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 12, 2026
• Last updated: March 12, 2026
• Aggregate CVE severity rating: Important
• Customer action required: Yes

CVE-2026-3537

• Title: Chromium: CVE-2026-3537 Object lifecycle issue in PowerVR
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 11, 2026
• Last updated: March 11, 2026
• Aggregate CVE severity rating:

Customer action required: Yes

CVEs have been published or revised in the Security Update Guide

March 13, 2026

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

CVE-2026-0385

• Title: Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 13, 2026
• Last updated: March 13, 2026
• Aggregate CVE severity rating: Low
• Customer action required: Yes

CVE-2026-3910

• Title: Chromium: CVE-2026-3910 Inappropriate implementation in V8
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 13, 2026
• Last updated: March 13, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-3913

• Title: Chromium: CVE-2026-3913 Heap buffer overflow in WebML
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 13, 2026
• Last updated: March 13, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-3914

• Title: Chromium: CVE-2026-3914 Integer overflow in WebML
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 13, 2026
• Last updated: March 13, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-3915

• Title: Chromium: CVE-2026-3915 Heap buffer overflow in WebML
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 13, 2026
• Last updated: March 13, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-3916

• Title: Chromium: CVE-2026-3916 Out of bounds read in Web Speech
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 13, 2026
• Last updated: March 13, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-3917

• Title: Chromium: CVE-2026-3917 Use after free in Agents
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 13, 2026
• Last updated: March 13, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-3918

• Title: Chromium: CVE-2026-3918 Use after free in WebMCP
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 13, 2026
• Last updated: March 13, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-3919

• Title: Chromium: CVE-2026-3919 Use after free in Extensions
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 13, 2026
• Last updated: March 13, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-3920

• Title: Chromium: CVE-2026-3920 Out of bounds memory access in WebML
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 13, 2026
• Last updated: March 13, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-3921

• Title: Chromium: CVE-2026-3921 Use after free in TextEncoding
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 13, 2026
• Last updated: March 13, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-3922

• Title: Chromium: CVE-2026-3922 Use after free in MediaStream
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 13, 2026
• Last updated: March 13, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-3923

• Title: Chromium: CVE-2026-3923 Use after free in WebMIDI
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 13, 2026
• Last updated: March 13, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-3924

• Title: Chromium: CVE-2026-3924 Use after free in WindowDialog
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 13, 2026
• Last updated: March 13, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-3925

• Title: Chromium: CVE-2026-3925 Incorrect security UI in LookalikeChecks
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 13, 2026
• Last updated: March 13, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-3926

• Title: Chromium: CVE-2026-3926 Out of bounds read in V8
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 13, 2026
• Last updated: March 13, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-3927

• Title: Chromium: CVE-2026-3927 Incorrect security UI in PictureInPicture
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 13, 2026
• Last updated: March 13, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-3928

• Title: Chromium: CVE-2026-3928 Insufficient policy enforcement in Extensions
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 13, 2026
• Last updated: March 13, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-3929

• Title: Chromium: CVE-2026-3929 Side-channel information leakage in ResourceTiming
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 13, 2026
• Last updated: March 13, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-3930

• Title: Chromium: CVE-2026-3930 Unsafe navigation in Navigation
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 13, 2026
• Last updated: March 13, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-3931

• Title: Chromium: CVE-2026-3931 Heap buffer overflow in Skia
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 13, 2026
• Last updated: March 13, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-3932

• Title: Chromium: CVE-2026-3932 Insufficient policy enforcement in PDF
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 13, 2026
• Last updated: March 13, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-3934

• Title: Chromium: CVE-2026-3934 Insufficient policy enforcement in ChromeDriver
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 13, 2026
• Last updated: March 13, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-3935

• Title: Chromium: CVE-2026-3935 Incorrect security UI in WebAppInstalls
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 13, 2026
• Last updated: March 13, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-3936

• Title: Chromium: CVE-2026-3936 Use after free in WebView
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 13, 2026
• Last updated: March 13, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-3937

• Title: Chromium: CVE-2026-3937 Incorrect security UI in Downloads
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 13, 2026
• Last updated: March 13, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-3938

• Title: Chromium: CVE-2026-3938 Insufficient policy enforcement in Clipboard
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 13, 2026
• Last updated: March 13, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-3939

• Title: Chromium: CVE-2026-3939 Use after free in WebView
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 13, 2026
• Last updated: March 13, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-3940

• Title: Chromium: CVE-2026-3940 Insufficient policy enforcement in DevTools
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 13, 2026
• Last updated: March 13, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-3941

• Title: Chromium: CVE-2026-3941 Insufficient policy enforcement in DevTools
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 13, 2026
• Last updated: March 13, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-3942

• Title: Chromium: CVE-2026-3942 Incorrect security UI in PictureInPicture
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 13, 2026
• Last updated: March 13, 2026
• Aggregate CVE severity rating:

Customer action required: Yes

CVEs have been published or revised in the Security Update Guide

March 16, 2026

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

CVE-2026-0385

• Title: Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 13, 2026
• Last updated: March 13, 2026
• Aggregate CVE severity rating: Low
• Customer action required: Yes

CVE-2026-3909

• Title: Chromium: CVE-2026-3909 Out of bounds write in Skia
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 16, 2026
• Last updated: March 16, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-3910

• Title: Chromium: CVE-2026-3910 Inappropriate implementation in V8
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 13, 2026
• Last updated: March 13, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-3913

• Title: Chromium: CVE-2026-3913 Heap buffer overflow in WebML
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 13, 2026
• Last updated: March 13, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-3914

• Title: Chromium: CVE-2026-3914 Integer overflow in WebML
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 13, 2026
• Last updated: March 13, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-3915

• Title: Chromium: CVE-2026-3915 Heap buffer overflow in WebML
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 13, 2026
• Last updated: March 13, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-3916

• Title: Chromium: CVE-2026-3916 Out of bounds read in Web Speech
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 13, 2026
• Last updated: March 13, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-3917

• Title: Chromium: CVE-2026-3917 Use after free in Agents
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 13, 2026
• Last updated: March 13, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-3918

• Title: Chromium: CVE-2026-3918 Use after free in WebMCP
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 13, 2026
• Last updated: March 13, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-3919

• Title: Chromium: CVE-2026-3919 Use after free in Extensions
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 13, 2026
• Last updated: March 13, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-3920

• Title: Chromium: CVE-2026-3920 Out of bounds memory access in WebML
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 13, 2026
• Last updated: March 13, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-3921

• Title: Chromium: CVE-2026-3921 Use after free in TextEncoding
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 13, 2026
• Last updated: March 13, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-3922

• Title: Chromium: CVE-2026-3922 Use after free in MediaStream
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 13, 2026
• Last updated: March 13, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-3923

• Title: Chromium: CVE-2026-3923 Use after free in WebMIDI
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 13, 2026
• Last updated: March 13, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-3924

• Title: Chromium: CVE-2026-3924 Use after free in WindowDialog
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 13, 2026
• Last updated: March 13, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-3925

• Title: Chromium: CVE-2026-3925 Incorrect security UI in LookalikeChecks
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 13, 2026
• Last updated: March 13, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-3926

• Title: Chromium: CVE-2026-3926 Out of bounds read in V8
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 13, 2026
• Last updated: March 13, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-3927

• Title: Chromium: CVE-2026-3927 Incorrect security UI in PictureInPicture
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 13, 2026
• Last updated: March 13, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-3928

• Title: Chromium: CVE-2026-3928 Insufficient policy enforcement in Extensions
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 13, 2026
• Last updated: March 13, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-3929

• Title: Chromium: CVE-2026-3929 Side-channel information leakage in ResourceTiming
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 13, 2026
• Last updated: March 13, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-3930

• Title: Chromium: CVE-2026-3930 Unsafe navigation in Navigation
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 13, 2026
• Last updated: March 13, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-3931

• Title: Chromium: CVE-2026-3931 Heap buffer overflow in Skia
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 13, 2026
• Last updated: March 13, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-3932

• Title: Chromium: CVE-2026-3932 Insufficient policy enforcement in PDF
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 13, 2026
• Last updated: March 13, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-3934

• Title: Chromium: CVE-2026-3934 Insufficient policy enforcement in ChromeDriver
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 13, 2026
• Last updated: March 13, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-3935

• Title: Chromium: CVE-2026-3935 Incorrect security UI in WebAppInstalls
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 13, 2026
• Last updated: March 13, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-3936

• Title: Chromium: CVE-2026-3936 Use after free in WebView
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 13, 2026
• Last updated: March 13, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-3937

• Title: Chromium: CVE-2026-3937 Incorrect security UI in Downloads
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 13, 2026
• Last updated: March 13, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-3938

• Title: Chromium: CVE-2026-3938 Insufficient policy enforcement in Clipboard
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 13, 2026
• Last updated: March 13, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-3939

• Title: Chromium: CVE-2026-3939 Use after free in WebView
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 13, 2026
• Last updated: March 13, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-3940

• Title: Chromium: CVE-2026-3940 Insufficient policy enforcement in DevTools
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 13, 2026
• Last updated: March 13, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-3941

• Title: Chromium: CVE-2026-3941 Insufficient policy enforcement in DevTools
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 13, 2026
• Last updated: March 13, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-3942

• Title: Chromium: CVE-2026-3942 Incorrect security UI in PictureInPicture
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 13, 2026
• Last updated: March 13, 2026
• Aggregate CVE severity rating:

Customer action required: Yes

CVEs have been published or revised in the Security Update Guide

March 19, 2026

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

CVE-2026-23658

• Title: Azure DevOps: msazure Elevation of Privilege Vulnerability
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 19, 2026
• Last updated: March 19, 2026
• Aggregate CVE severity rating: Critical
• Customer action required: No

CVE-2026-23659

• Title: Azure Data Factory Information Disclosure Vulnerability
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 19, 2026
• Last updated: March 19, 2026
• Aggregate CVE severity rating: Critical
• Customer action required: No

CVE-2026-24299

• Title: M365 Copilot Information Disclosure Vulnerability
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 19, 2026
• Last updated: March 19, 2026
• Aggregate CVE severity rating: Critical
• Customer action required: No

CVE-2026-26120

• Title: Microsoft Bing Tampering Vulnerability
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 19, 2026
• Last updated: March 19, 2026
• Aggregate CVE severity rating: Critical
• Customer action required: No

CVE-2026-26136

• Title: Microsoft Copilot Information Disclosure Vulnerability
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 19, 2026
• Last updated: March 19, 2026
• Aggregate CVE severity rating: Critical
• Customer action required: No

CVE-2026-26137

• Title: Microsoft 365 Copilot BizChat Elevation of Privilege Vulnerability
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 19, 2026
• Last updated: March 19, 2026
• Aggregate CVE severity rating: Critical
• Customer action required: No

CVE-2026-26138

• Title: Microsoft Purview Elevation of Privilege Vulnerability
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 19, 2026
• Last updated: March 19, 2026
• Aggregate CVE severity rating: Critical
• Customer action required: No

CVE-2026-26139

• Title: Microsoft Purview Elevation of Privilege Vulnerability
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 19, 2026
• Last updated: March 19, 2026
• Aggregate CVE severity rating: Critical
• Customer action required: No

CVE-2026-32169

• Title: Azure Cloud Shell Elevation of Privilege Vulnerability
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 19, 2026
• Last updated: March 19, 2026
• Aggregate CVE severity rating: Critical
• Customer action required: No

CVE-2026-32191

• Title: Microsoft Bing Images Remote Code Execution Vulnerability
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 19, 2026
• Last updated: March 19, 2026
• Aggregate CVE severity rating: Critical

Customer action required: No

CVEs have been published or revised in the Security Update Guide

March 23, 2026

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

CVE-2026-4440

• Title: Chromium: CVE-2026-4440 Out of bounds read and write in WebGL
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 22, 2026
• Last updated: March 22, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-4441

• Title: Chromium: CVE-2026-4441 Use after free in Base
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 23, 2026
• Last updated: March 23, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-4443

• Title: Chromium: CVE-2026-4443 Heap buffer overflow in WebAudio
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 23, 2026
• Last updated: March 23, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-4444

• Title: Chromium: CVE-2026-4444 Stack buffer overflow in WebRTC
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 23, 2026
• Last updated: March 23, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-4445

• Title: Chromium: CVE-2026-4445 Use after free in WebRTC
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 23, 2026
• Last updated: March 23, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-4446

• Title: Chromium: CVE-2026-4446 Use after free in WebRTC
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 23, 2026
• Last updated: March 23, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-4447

• Title: Chromium: CVE-2026-4447 Inappropriate implementation in V8
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 23, 2026
• Last updated: March 23, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-4448

• Title: Chromium: CVE-2026-4448 Heap buffer overflow in ANGLE
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 23, 2026
• Last updated: March 23, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-4449

• Title: Chromium: CVE-2026-4449 Use after free in Blink
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 23, 2026
• Last updated: March 23, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-4450

• Title: Chromium: CVE-2026-4450 Out of bounds write in V8
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 23, 2026
• Last updated: March 23, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-4451

• Title: Chromium: CVE-2026-4451 Insufficient validation of untrusted input in Navigation
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 23, 2026
• Last updated: March 23, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-4452

• Title: Chromium: CVE-2026-4452 Integer overflow in ANGLE
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 23, 2026
• Last updated: March 23, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-4454

• Title: Chromium: CVE-2026-4454 Use after free in Network
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 23, 2026
• Last updated: March 23, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-4455

• Title: Chromium: CVE-2026-4455 Heap buffer overflow in PDFium
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 23, 2026
• Last updated: March 23, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-4456

• Title: Chromium: CVE-2026-4456 Use after free in Digital Credentials API
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 23, 2026
• Last updated: March 23, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-4457

• Title: Chromium: CVE-2026-4457 Type Confusion in V8
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 23, 2026
• Last updated: March 23, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-4458

• Title: Chromium: CVE-2026-4458 Use after free in Extensions
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 23, 2026
• Last updated: March 23, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-4460

• Title: Chromium: CVE-2026-4460 Out of bounds read in Skia
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 23, 2026
• Last updated: March 23, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-4461

• Title: Chromium: CVE-2026-4461 Inappropriate implementation in V8
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 23, 2026
• Last updated: March 23, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-4462

• Title: Chromium: CVE-2026-4462 Out of bounds read in Blink
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 23, 2026
• Last updated: March 23, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-4463

• Title: Chromium: CVE-2026-4463 Heap buffer overflow in WebRTC
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 23, 2026
• Last updated: March 23, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-4464

• Title: Chromium: CVE-2026-4464 Integer overflow in ANGLE
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 23, 2026
• Last updated: March 23, 2026
• Aggregate CVE severity rating:

Customer action required: Yes

CVEs have been published or revised in the Security Update Guide

March 27, 2026

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

CVE-2026-32187

• Title: Microsoft Edge (Chromium-based) Defense in Depth Vulnerability
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 27, 2026
• Last updated: March 27, 2026
• Aggregate CVE severity rating: Low
• Customer action required: Yes

CVE-2026-4442

• Title: Chromium: CVE-2026-4442 Heap buffer overflow in CSS
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 27, 2026
• Last updated: March 27, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-4453

• Title: Chromium: CVE-2026-4453 Integer overflow in Dawn
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 20, 2026
• Last updated: March 20, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-4459

• Title: Chromium: CVE-2026-4459 Out of bounds read and write in WebAudio
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 20, 2026
• Last updated: March 20, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-4673

• Title: Chromium: CVE-2026-4673 Heap buffer overflow in WebAudio
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 27, 2026
• Last updated: March 27, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-4674

• Title: Chromium: CVE-2026-4674 Out of bounds read in CSS
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 27, 2026
• Last updated: March 27, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-4675

• Title: Chromium: CVE-2026-4675 Heap buffer overflow in WebGL
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 27, 2026
• Last updated: March 27, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-4677

• Title: Chromium: CVE-2026-4677 Out of bounds read in WebAudio
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 27, 2026
• Last updated: March 27, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-4679

• Title: Chromium: CVE-2026-4679 Integer overflow in Fonts
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 27, 2026
• Last updated: March 27, 2026
• Aggregate CVE severity rating:
• Customer action required: Yes

CVE-2026-4680

• Title: Chromium: CVE-2026-4680 Use after free in FedCM
• Version: 1.0
• Reason for revision: Information published.
• Originally released: March 27, 2026
• Last updated: March 27, 2026
• Aggregate CVE severity rating:

Customer action required: Yes