Security Snafu: Cursor and Windsurf IDEs Expose 1.8 Million Developers to Chromium Vulnerabilities
Cursor and Windsurf IDEs are skating on thin ice, exposed to 94 Chromium and V8 vulnerabilities. Ox Security researchers show how outdated code is a hacker’s playground. While Cursor dismisses these as “out of scope,” developers might want to keep their code and their dignity safe from potential crashes and exploits.
Hot Take:
Uh oh, developers! It looks like your trusty coding companions, Cursor and Windsurf, have been hanging out with the wrong crowd—those old and vulnerable versions of Chromium and V8! With 94 security issues lurking beneath their code-tastic exteriors, these IDEs are more like I-Duhs. Maybe it’s time to break up with these outdated code editors before they ghost your projects into oblivion!
Key Points:
– Cursor and Windsurf IDEs are vulnerable to over 94 known security issues due to outdated Chromium and V8 engines.
– Ox Security researchers demonstrated how vulnerabilities like CVE-2025-7656 could be exploited.
– The IDEs are built on older Electron framework versions, contributing to their security woes.
– Despite disclosure, Cursor dismissed the issue as “out of scope,” and Windsurf didn’t respond.
– Hackers could exploit these vulnerabilities through various means including malicious extensions and phishing.