CyberSecurity

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information. 

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information. Google is aware that an exploit for CVE-2026-2441 exists in the wild. 

Updated information to include CVSS scores. This is an informational change only. 

Added FAQ information. This is an informational change only. 

Acknowledgement added. This is an informational change only. 

Changes made to the security updates links and information. This is an informational change only. 

Improper input validation in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. 

Access of resource using incompatible type (‘type confusion’) in Desktop Window Manager allows an authorized attacker to elevate privileges locally. 

Improper neutralization of special elements used in a command (‘command injection’) in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature over a network. 

Improper link resolution before file access (‘link following’) in Windows App for Mac allows an authorized attacker to elevate privileges locally.