The latest versions of Cursor and Windsurf IDEs are vulnerable to over 94 known security flaws in the Chromium and V8 engines, exposing approximately 1.8 million developers. Despite responsible disclosure, the security risks remain due to outdated software and unaddressed vulnerabilities. #Chromium #V8Engine #ElectronFramework
Keypoints
- Cursor and Windsurf are built on outdated versions of Chromium and V8 engines.
- These IDEs are vulnerable to numerous patched security issues that remain exploitable.
- Exploitation of vulnerabilities like CVE-2025-7656 can cause crashes or potentially arbitrary code execution.
- Attack vectors include malicious extensions, phishing, and poisoned repositories.
- Developers of the IDEs have yet to respond to the security reports, leaving risks unmitigated.