Chrome, VS Code, and Copilot Security Issues Roundup
Browsers, editors, and AI assistants. A string of security issues has been found in the tools developers touch every day. These are the nasty kind of vulnerabilities that can be exploited just by using the tools normally.
Chrome zero-day: Use-After-Free in the CSS engine (CVE-2026-2441)
On February 13, Google released a security update for the Chrome stable channel. It fixes just one issue: a use-after-free vulnerability in the CSS engine tracked as CVE-2026-2441, rated High severity. It is also flagged as exploited in the wild. CISA has already added it to the KEV catalog.
Use-After-Free (UAF) is a bug where freed memory is referenced again. If this happens in the CSS engine, an attacker can place malicious data in freed memory and escalate to arbitrary code execution. Because CSS rendering runs for every web page, the attack surface is extremely broad. Simply visiting a malicious site may be enough to trigger the exploit.
Security researcher Shaheen Fazim reported the issue on February 11, and a patch shipped just two days later. The response speed underscores the seriousness. Update immediately to Chrome 145.0.7632.75/76 (Windows/Mac) or 144.0.7559.75 (Linux).
Four VS Code extensions with critical flaws, over 125 million installs in total
Four popular VS Code extensions were found to have serious security vulnerabilities. Their combined install count exceeds 125 million, so the blast radius is enormous.
Live Server(CVE-2025-65717、CVSS 9.1) — Via the local development HTTP server (localhost:5500), JavaScript embedded in a malicious website can crawl and exfiltrate local files. Just opening a malicious page in your browser during development can leak project files. Unpatched.
Markdown Preview Enhanced(CVE-2025-65716、CVSS 8.8) — Opening a crafted Markdown file can execute arbitrary JavaScript. It can enumerate local ports and exfiltrate data. Unpatched.
Code Runner(CVE-2025-65715、CVSS 7.8) — Arbitrary code execution via tampering with settings.json. Unpatched.
Microsoft Live Preview(no CVE) — A vulnerability allowing access to sensitive files via a malicious website. Silently fixed in version 0.4.16 in September 2025.
Three of the extensions remain unpatched. For now, the best course is to disable or uninstall unnecessary extensions and stop services that run on localhost when you’re not using them. Live Server is particularly troublesome because, combined with everyday browsing during development, the attack can succeed through entirely normal actions.
Bug where Microsoft Copilot was summarizing confidential emails without authorization
Microsoft’s AI assistant “Copilot” was found to have been reading and summarizing customers’ confidential emails it should not have been able to access.
Copilot built into Microsoft Office/365 bypassed organization-defined data protection policies and accessed paying customers’ confidential mail. Contracts, HR information, legal correspondence—information that requires strict access control—could be summarized by Copilot and presented to users without the proper permissions.
What’s especially concerning is that this is being treated as a “bug.” Whether AI features respect data protection policies should be guaranteed at design time; it should not surface later as a bug.
Traditional access control could be designed on a per-user basis, but with an AI assistant a new axis appears: which data the AI itself can access. Unless the scope of data the AI can reference perfectly matches the user’s permissions, organizations should be cautious about deploying AI in high-sensitivity environments.
What developers should do now
All three issues share a common theme: everyday development activity can directly open the door to attacks.
- Check that Chrome’s automatic updates are enabled.
- Consider disabling the VS Code extensions Live Server, Markdown Preview Enhanced, and Code Runner.
- If your company has deployed Copilot, verify that access control policies also apply to AI-mediated access.
Security of developer tools is often overlooked, but developer machines frequently have access to production environments. If they become the starting point of an attack, the damage won’t stop with the individual developer.