Warning: AI IDEs Cursor and Windsurf Expose Users to 94 Chromium Flaws
Developers using the Cursor and Windsurf IDEs are currently exposed to exploitation through at least 94 known vulnerabilities in Chromium and its JavaScript engine, V8. Both environments are built on outdated versions of Electron and Visual Studio Code, and as a result, fail to receive timely security updates for critical components. According to estimates, over 1.8 million users are potentially at risk.
A report from Ox Security revealed that Cursor and Windsurf—forks of Visual Studio Code enhanced with LLM-based code completion and generation tools—are tied to a static version of Electron. Within it reside vulnerable builds of Chromium and V8, and since the IDE developers have not updated Electron, the entire stack remains exposed to security flaws long since patched in modern browsers.
One such flaw, CVE-2025-7656 (CVSS score: 8.8), involves an integer overflow in the Maglev JIT compiler when processing functions with an unusually large number of arguments (approximately 40,000). Although this issue was resolved in Chromium on July 15, 2025, it remains exploitable within Cursor and Windsurf. Researchers successfully demonstrated a working proof-of-concept exploit using a deeplink that launches the embedded browser and loads a malicious script. This causes a rendering process crash—a denial-of-service condition—but, according to the authors, could also enable arbitrary code execution due to memory corruption.
The exploitation process operates stealthily: a deeplink can be hidden in documentation, a README file, or even a phishing email. When triggered, it opens the IDE’s built-in Simple Browser, which connects to a remote server delivering a malicious payload. Because the injected code exists outside of user prompts, static analysis tools fail to detect it.
Ox Security emphasizes that the flaw does not reproduce in the latest version of Visual Studio Code, which benefits from regular Chromium updates. However, in Cursor and Windsurf, the exploit remains effective, as both are locked to Chromium version 132.0.6834.210 (March 21, 2025 build). Since that release, at least 94 CVEs have been patched in Chromium—only one of which was leveraged in the current proof-of-concept—while the others remain publicly documented and unpatched.
What makes this particularly concerning is that IDE environments are far more than simple text editors—they have access to developers’ source code, API keys, databases, and cloud infrastructure. A compromised IDE could therefore serve as an entry point for supply chain attacks, threatening entire organizations and their clients.
Possible attack vectors include:
- Malicious extensions that automatically load the exploit
- Infected documentation or tutorials
- Phishing campaigns with enticing deeplink URLs
- Weaponized README files that trigger attacks through IDE previews
Despite the gravity of the issue, Cursor responded to Ox Security’s disclosure with the statement: “Self-DOS falls outside our scope of consideration.” Windsurf provided no response at all. Experts stress that such dismissive attitudes ignore the broader systemic danger—not only the potential for remote code execution (RCE) but also dozens of other unresolved vulnerabilities. This lack of action effectively leaves millions of users defenseless.
Ox Security concludes that the issue is systemic: Electron-based applications inherit n-day vulnerabilities from Chromium and V8 when developers fail to update the underlying framework. Unlike browsers, IDEs do not receive automatic security updates, making them increasingly fragile over time. Since end users cannot independently upgrade Chromium within an Electron-based IDE, the responsibility lies solely with the developers.
The firm urges immediate action: implement an automated update mechanism for Chromium and Electron, establish a strict SLA for patching critical CVEs, and recognize development environment security as an integral component of the broader cybersecurity infrastructure.
Support Our Threat Intelligence
If you find our technology report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
