All news with #v8 engine tag

Cursor, Windsurf IDEs Exposed to 94+ Chromium Flaws

⚠️ The latest releases of Cursor and Windsurf IDEs embed outdated Chromium and V8 engines that contain at least 94 known, patched vulnerabilities. Ox Security researchers demonstrated a proof‑of‑concept exploiting CVE-2025-7656 (a Maglev JIT integer overflow) to crash Cursor, and warn that similar flaws could enable denial‑of‑service or arbitrary code execution in real attacks. Attack vectors include deeplinks, malicious extensions, poisoned README previews or documentation; the two IDEs together serve an estimated 1.8 million developers. Cursor dismissed the DoS finding as out of scope and Windsurf did not respond to inquiries.