SKIP TO CONTENT
vibe coding academy
ON AIR — VIBE CODING ACADEMY · EN · LIVE
All articles
SECURITY·June 1, 2026·10 MIN READ

SECURITY ALERT: 94 Chromium CVEs in Cursor and Windsurf Expose 1.8 Million Developers

By EndOfCoding

OX Security published a critical research report today: Cursor and Windsurf — two of the most popular AI coding IDEs, collectively used by an estimated 1.8 million developers — contain 94 unpatched Chromium vulnerabilities in their embedded browsers. These aren't theoretical risks. Chromium CVEs at this severity level include remote code execution, privilege escalation, and credential theft vectors. If you use Cursor or Windsurf, this affects you right now.

What You'll Learn

You'll understand what the 94 Chromium CVEs mean specifically for AI coding IDEs (not just browsers), which vulnerability classes are highest risk for developers using these tools, immediate steps to reduce your exposure before patches are released, and how to set up monitoring so you know when patches land and when it's safe to resume normal usage patterns.

What OX Security Found

OX Security's research (published June 1, 2026) analyzed the embedded Chromium versions in Cursor and Windsurf. Both IDEs use Electron — a framework that embeds a Chromium browser engine to render the editor UI and run web-based content including AI chat panels, documentation previews, and extension UIs.

The findings:

  • 94 CVEs present in both IDEs' embedded Chromium versions
  • Severity breakdown: ~12 CRITICAL, ~31 HIGH, ~38 MEDIUM, ~13 LOW
  • 1.8 million estimated affected developers across both tools
  • Neither vendor had patched at time of disclosure

The core problem: Electron applications are responsible for updating their own embedded Chromium. Unlike Chrome (which auto-updates daily), Electron apps update Chromium only when they ship a new release that bumps the Electron version. If the IDE isn't actively maintained or updating Electron frequently, Chromium CVEs accumulate.

Why This Is Different From Browser CVEs

A Chromium vulnerability in your browser is serious. The same vulnerability in your IDE is potentially worse:

Elevated trust context: Your IDE has access to your local filesystem, SSH keys, API keys in .env files, and terminal. A browser exploit runs in a sandboxed tab. An IDE exploit runs in a context with direct access to your entire development environment.

AI content rendering: Cursor and Windsurf render AI-generated content (chat responses, code suggestions, documentation) in their embedded Chromium. If an attacker can inject malicious content into AI responses — via a compromised API, a prompt injection in a fetched file, or a malicious package in your dependency tree — the Chromium vulnerabilities could be triggered.

Extension surface: Both IDEs support extensions that run in Electron's renderer process. A malicious extension or a compromised legitimate extension could leverage these CVEs.

Highest-Risk CVE Classes in This Disclosure

Remote Code Execution (CRITICAL)

Chromium RCE vulnerabilities in the renderer process can be triggered by specially crafted content. In an IDE context, this content could be:

  • A malicious documentation URL fetched in the preview panel
  • A crafted response from a compromised or spoofed AI API endpoint
  • Content in a file opened from an untrusted repository

Credential Theft (HIGH)

Several of the HIGH-severity CVEs relate to browser storage isolation failures. IDE applications often cache authentication tokens for GitHub, AI services, and cloud providers in Electron's storage layer. Vulnerabilities here could expose those credentials.

Sandbox Escape (CRITICAL)

Chromium sandbox escapes let renderer-process code access the OS layer. In an IDE where the OS layer already has full filesystem access, a sandbox escape means full machine compromise.

Immediate Protective Steps

Step 1: Check Your IDE Version

# For Cursor — check version from Help menu or:
cat ~/.cursor/package.json | grep version

# For Windsurf — check version from Help menu or:
cat ~/.codeium/windsurf/package.json | grep version

Compare against the vendor's latest release notes for Chromium version bumps. OX Security will publish specific vulnerable version ranges at ox.security/advisories.

Step 2: Disable Untrusted Content Rendering

In Cursor and Windsurf settings, disable or restrict:

  • Preview panel: Disable automatic URL preview/fetch if enabled
  • Extension auto-install: Only install extensions from sources you've verified
  • Untrusted workspace mode: Enable this in both IDEs — it restricts extension execution in unfamiliar repos

In VS Code / Cursor settings.json:

{
  "security.workspace.trust.enabled": true,
  "security.workspace.trust.untrustedFiles": "prompt",
  "extensions.autoCheckUpdates": true,
  "extensions.autoUpdate": false
}

Step 3: Audit Your Installed Extensions

# List installed extensions (Cursor is VS Code-compatible)
ls ~/.cursor/extensions/

# Review each extension's last update date and publisher
# Remove any extensions you didn't explicitly install or that haven't been updated recently

Focus on extensions that have browser/webview permissions — these interact with the Chromium layer most directly.

Step 4: Rotate Credentials Stored in Your IDE

If you have tokens stored in Cursor or Windsurf (GitHub PATs, AI API keys, cloud credentials), rotate them as a precaution:

# Audit what credentials your IDE might have access to
grep -r 'GITHUB_TOKEN\|ANTHROPIC_API_KEY\|OPENAI_API_KEY\|AWS_ACCESS' ~/.cursor/ 2>/dev/null
grep -r 'GITHUB_TOKEN\|ANTHROPIC_API_KEY\|OPENAI_API_KEY\|AWS_ACCESS' ~/.codeium/ 2>/dev/null

# Rotate any found credentials via their respective platforms
# GitHub: Settings → Developer Settings → Personal Access Tokens
# Anthropic: console.anthropic.com → API Keys

Step 5: Set Up Patch Monitoring

# Watch for Cursor patch releases
# GitHub: anysphere/cursor releases page → Watch → Releases only

# Watch for Windsurf patch releases  
# GitHub: codeium/windsurf releases page → Watch → Releases only

# OX Security advisory feed
# RSS: ox.security/advisories/feed.xml

Update immediately when a release notes entry mentions 'Chromium version bump', 'Electron update', or specifically references these CVEs.

Should You Switch IDEs?

This disclosure is not a reason to permanently abandon Cursor or Windsurf — these are excellent tools and patches will come. But for high-sensitivity environments:

  • If you work with production credentials: Rotate everything and consider using VS Code with Claude extension or Claude Code CLI (terminal-based, no Electron browser risk) for the next 2–4 weeks until patches land
  • If you work on security-sensitive codebases: Enable untrusted workspace mode and disable preview features until patched
  • For most developers: Disable preview panels, update extensions, and wait for the patch

Common Challenges

'I haven't been exploited, so I'm fine' — Exploitation of Chromium CVEs is often silent. Credential theft and reconnaissance don't announce themselves. The absence of visible symptoms doesn't mean you haven't been targeted, especially if you've opened untrusted repositories or previewed external URLs in your IDE. 'Cursor/Windsurf will patch this fast' — Both vendors are aware and have been notified per OX Security's responsible disclosure timeline. But Electron Chromium updates require a full IDE release cycle — this typically takes 1–4 weeks. Don't wait for the patch to implement the protective steps above. 'I use a corporate machine with EDR — I'm covered' — EDR detects known malware patterns. Novel exploits using these Chromium CVEs won't have signatures yet. EDR is a backstop, not a substitute for patching and configuration hardening.

Advanced Tips

Check your Electron version directly: Cursor and Windsurf are Electron apps — run cursor --version --verbose or look in the app's package.json for the Electron version, then cross-reference that Electron release's Chromium version against the OX Security CVE list. This tells you exactly which CVEs affect your specific installation. For team environments: Push the settings.json changes above via your team's Cursor/Windsurf configuration management, and add a policy that requires IDE updates within 72 hours of security-related releases. Add this to your security checklist: IDE tooling is now part of your attack surface. Add 'check IDE Chromium version' to your quarterly security review alongside dependency audits and access reviews.

Conclusion

The Cursor and Windsurf CVE disclosure is a reminder that AI coding tools are software too — and Electron applications carry the full Chromium attack surface into your development environment. The protective steps above take 20 minutes to implement and significantly reduce your exposure window. Apply them now, monitor for patches, and update immediately when they drop. For a comprehensive security framework for AI-assisted development — including how to evaluate the security posture of your AI tooling — see Chapter 10 and Chapter 19 of the Vibe Coding Ebook, and explore the Security for Vibe Coders course at the Academy for the full practical curriculum.

Back to all articlesGet the newsletter →