VSCodium 1.109.41146 Released to Patch Critical CVE-2026-2441 Vulnerability in Chromium

Software 44134 Published by

A new update for VSCodium, version 1.109.41146, has been released to fix a critical vulnerability known as CVE-2026-2441 in Chromium. This flaw allowed malicious websites to inject code into the renderer process and execute arbitrary commands on the host system, but the patch removes this attack surface without any performance penalty.



VSCodium 1.109.41146 – Why Updating for the Chromium CVE‑2026‑2441 Fix Matters

VSCodium 1.109.41146 drops on top of VS Code 1.109.4 and brings a back‑ported patch that closes Chrome’s CVE‑2026‑2441 flaw. The article explains what the vulnerability does, why the fix is worth installing, and how to verify you’re actually running the patched build.

Gnome_shell_screenshot_5gc050

What the CVE‑2026‑2441 bug actually did

Chromium’s issue let a malicious webpage inject code into the renderer process, which could then escape sandbox restrictions and execute arbitrary commands on the host. In VSCodium that translates to a potential remote‑code execution path when you open an untrusted HTML preview or use extensions that embed webviews. The exploit isn’t theoretical; a security researcher demonstrated it by crafting a specially‑encoded markdown file that launched a PowerShell script as soon as the preview pane rendered the content.

Verifying the update actually applied

After installing 1.109.41146, launch VSCodium and open the “Help => About” dialog. The version line should read VSCodium 1.109.41146 (commit …) and the build date will be within a day or two of the release. For an extra sanity check, run vscodium --version in PowerShell; the output includes the Chromium revision number, which now ends with the back‑ported commit hash.

Should you skip this update?

If your workflow never touches webviews, markdown previews, or extensions that embed remote content, you might feel safe staying on an older build. However, the patch is tiny—just a few lines of code—and it removes a whole attack surface without any performance penalty. In practice, installing the update costs a couple of minutes and saves you from a potential ransomware scenario.

Downloads
x86 64bits
WindowsUser Installer VSCodiumUserSetup-x64-1.109.41146.exe
System Installer VSCodiumSetup-x64-1.109.41146.exe
.zip VSCodium-win32-x64-1.109.41146.zip
.msi - updates enabled VSCodium-x64-1.109.41146.msi
.msi - updates disabled VSCodium-x64-updates-disabled-1.109.41146.msi
Remote Host vscodium-reh-win32-x64-1.109.41146.tar.gz
Web Host vscodium-reh-web-win32-x64-1.109.41146.tar.gz
CLI vscodium-cli-win32-x64-1.109.41146.tar.gz
macOS.dmg VSCodium.x64.1.109.41146.dmg
.zip VSCodium-darwin-x64-1.109.41146.zip
Remote Host vscodium-reh-darwin-x64-1.109.41146..tar.gz
Web Host vscodium-reh-web-darwin-x64-1.109.41146.tar.gz
CLI vscodium-cli-darwin-x64-1.109.41146.tar.gz
Linux.deb codium_1.109.41146_amd64.deb
.rpm codium-1.109.41146-el8.x86_64.rpm
.tar.gz VSCodium-linux-x64-1.109.41146.tar.gz
AppImage VSCodium-1.109.41146.glibc2.30-x86_64.AppImage VSCodium-1.109.41146.glibc2.30-x86_64.AppImage.zsync
Snap codium_1.109.41146_amd64.snap
Remote Host vscodium-reh-linux-x64-1.109.41146.tar.gz
Web Host vscodium-reh-web-linux-x64-1.109.41146.tar.gz
CLI vscodium-cli-linux-x64-1.109.41146.tar.gz
AlpineRemote Host vscodium-reh-alpine-x64-1.109.41146.tar.gz
Web Host vscodium-reh-web-alpine-x64-1.109.41146.tar.gz
ARM 64bits
WindowsUser Installer VSCodiumUserSetup-arm64-1.109.41146.exe
System Installer VSCodiumSetup-arm64-1.109.41146.exe
.zip VSCodium-win32-arm64-1.109.41146.zip
CLI vscodium-cli-win32-arm64-1.109.41146.tar.gz
macOS.dmg VSCodium.arm64.1.109.41146.dmg
.zip VSCodium-darwin-arm64-1.109.41146.zip
Remote Host vscodium-reh-darwin-arm64-1.109.41146.tar.gz
Web Host vscodium-reh-web-darwin-arm64-1.109.41146.tar.gz
CLI vscodium-cli-darwin-arm64-1.109.41146.tar.gz
Linux.deb codium_1.109.41146_arm64.deb
.rpm codium-1.109.41146-el8.aarch64.rpm
.tar.gz VSCodium-linux-arm64-1.109.41146.tar.gz
Snap codium_1.109.41146_arm64.snap
Remote Host vscodium-reh-linux-arm64-1.109.41146.tar.gz
Web Host vscodium-reh-web-linux-arm64-1.109.41146.tar.gz
CLI vscodium-cli-linux-arm64-1.109.41146.tar.gz
AlpineRemote Host vscodium-reh-alpine-arm64-1.109.41146.tar.gz
Web Host vscodium-reh-web-alpine-arm64-1.109.41146.tar.gz
ARM 32bits
Linux.deb codium_1.109.41146_armhf.deb
.rpm codium-1.109.41146-el8.armv7hl.rpm
.tar.gz VSCodium-linux-armhf-1.109.41146.tar.gz
Remote Host vscodium-reh-linux-armhf-1.109.41146.tar.gz
Web Host vscodium-reh-web-linux-armhf-1.109.41146.tar.gz
CLI vscodium-cli-linux-armhf-1.109.41146.tar.gz
PPC 64bits
Linux.tar.gz VSCodium-linux-ppc64le-1.109.41146.tar.gz
Remote Host vscodium-reh-linux-ppc64le-1.109.41146.tar.gz
Web Host vscodium-reh-web-linux-ppc64le-1.109.41146.tar.gz
RISC-V 64bits
Linux.tar.gz VSCodium-linux-riscv64-1.109.41146.tar.gz
Remote Host vscodium-reh-linux-riscv64-1.109.41146.tar.gz
Web Host vscodium-reh-web-linux-riscv64-1.109.41146.tar.gz
Loong 64bits
Linux.tar.gz VSCodium-linux-loong64-1.109.41146.tar.gz
Remote Host vscodium-reh-linux-loong64-1.109.41146.tar.gz
Web Host vscodium-reh-web-linux-loong64-1.109.41146.tar.gz
s390x
LinuxRemote Host vscodium-reh-linux-s390x-1.109.41146.tar.gz
Web Host vscodium-reh-web-linux-s390x-1.109.41146.tar.gz

FreeRDP, Expat, .NET, Alsa-Lib, GnuTLS updates for Ubuntu

Godot 4.6.1 Fixes Use‑After‑Free Crashes and Keeps Your Projects Alive

Windows

Linux

macOS

Community

  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...