VSCodium has released version 1.109.41146 to address the critical CVE-2026-2441 vulnerability in Chromium, which permitted malicious websites to execute arbitrary commands on the host system. The update includes a back-ported patch that effectively closes this security loophole without impacting performance, making it essential for users, especially those who work with untrusted HTML previews or extensions that utilize webviews. To verify the update, users can check the version in the "Help => About" dialog or run a command in PowerShell for confirmation. While users not engaging with webviews may choose to delay the update, the minimal effort required to install it significantly reduces the risk of potential security threats
VSCodium 1.109.41146 Released to Patch Critical CVE-2026-2441 Vulnerability in Chromium
A new update for VSCodium, version 1.109.41146, has been released to fix a critical vulnerability known as CVE-2026-2441 in Chromium. This flaw allowed malicious websites to inject code into the renderer process and execute arbitrary commands on the host system, but the patch removes this attack surface without any performance penalty.
