Patch the browser you code in
AI IDEs such as Cursor and Windsurf include their own browser engine. If that engine is not up to date, it carries known vulnerabilities. This week’s signals show Cursor 2.0 released on Oct 29, 2025 without a stated browser upgrade in the Cursor 2.0 changelog. Users also posted About screenshots that still show older builds. Windsurf’s October notes list a newer baseline in the Windsurf changelog. Treat these tools like browsers: verify versions, reduce risky paths, upgrade when available.