Msrc Microsoft Edge vulnerabilities

CVE-2025-47963 [MEDIUM] CWE-451 Microsoft Edge (Chromium-based) Spoofing Vulnerability Microsoft Edge (Chromium-based) Spoofing Vulnerability Description: No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker must send a user a malicious Office file and convince them to open it. FAQ: According to

CVE-2025-6557 [MEDIUM] Chromium: CVE-2025-6557 Insufficient data validation in DevTools Chromium: CVE-2025-6557 Insufficient data validation in DevTools Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: What is the version information for this release? Microsoft Edge Version Date Released Based on Chromium Version 138.0.3351.55 6/26/2025 138.0.7204.

CVE-2025-4052 [CRITICAL] Chromium: CVE-2025-4052 Inappropriate implementation in DevTools Chromium: CVE-2025-4052 Inappropriate implementation in DevTools Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: What is the version information for this release? Microsoft Edge Version Date Released Based on Chromium Version 136.0.3240.50 5/1/2025 136.0.7103

CVE-2025-4609 [CRITICAL] Chromium: CVE-2025-4609 Incorrect handle provided in unspecified circumstances in Mojo Chromium: CVE-2025-4609 Incorrect handle provided in unspecified circumstances in Mojo Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in

CVE-2025-5063 [HIGH] Chromium: CVE-2025-5063 Use after free in Compositing Chromium: CVE-2025-5063 Use after free in Compositing Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Ed

CVE-2025-5280 [HIGH] Chromium: CVE-2025-5280 Out of bounds write in V8 Chromium: CVE-2025-5280 Out of bounds write in V8 Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chro

CVE-2025-4050 [HIGH] Chromium: CVE-2025-4050 Out of bounds memory access in DevTools Chromium: CVE-2025-4050 Out of bounds memory access in DevTools Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: What is the version information for this release? Microsoft Edge Version Date Released Based on Chromium Version 136.0.3240.50 5/1/2025 136.0.7103.49

CVE-2025-4096 [HIGH] Chromium: CVE-2025-4096 Heap buffer overflow in HTML Chromium: CVE-2025-4096 Heap buffer overflow in HTML Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: What is the version information for this release? Microsoft Edge Version Date Released Based on Chromium Version 136.0.3240.50 5/1/2025 136.0.7103.49 FAQ: Why is this Chrom

CVE-2025-4372 [HIGH] Chromium: CVE-2025-4372 Use after free in WebAudio Chromium: CVE-2025-4372 Use after free in WebAudio Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Ch

CVE-2025-5281 [MEDIUM] Chromium: CVE-2025-5281 Inappropriate implementation in BFCache Chromium: CVE-2025-5281 Inappropriate implementation in BFCache Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is co

CVE-2025-5066 [MEDIUM] Chromium: CVE-2025-5066 Inappropriate implementation in Messages Chromium: CVE-2025-5066 Inappropriate implementation in Messages Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: What is the version information for this release? Microsoft Edge Version Date Released Based on Chromium Version 137.0.3296.52 5/29/2025 137.0.7151.

CVE-2025-4664 [MEDIUM] Chromium: CVE-2025-4664 Insufficient policy enforcement in Loader Chromium: CVE-2025-4664 Insufficient policy enforcement in Loader Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. Google is aware of reports that an exploit for CVE-2025-4664 exists in the wild. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vul

CVE-2025-5067 [MEDIUM] Chromium: CVE-2025-5067 Inappropriate implementation in Tab Strip Chromium: CVE-2025-5067 Inappropriate implementation in Tab Strip Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which i

CVE-2025-4051 [MEDIUM] Chromium: CVE-2025-4051 Insufficient data validation in DevTools Chromium: CVE-2025-4051 Insufficient data validation in DevTools Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: What is the version information for this release? Microsoft Edge Version Date Released Based on Chromium Version 136.0.3240.50 5/1/2025 136.0.7103.4

CVE-2025-5065 [MEDIUM] Chromium: CVE-2025-5065 Inappropriate implementation in FileSystemAccess API Chromium: CVE-2025-5065 Inappropriate implementation in FileSystemAccess API Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source

CVE-2025-5283 [MEDIUM] Chromium: CVE-2025-5283 Use after free in libvpx Chromium: CVE-2025-5283 Use after free in libvpx Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chro

CVE-2025-5064 [MEDIUM] Chromium: CVE-2025-5064 Inappropriate implementation in Background Fetch API Chromium: CVE-2025-5064 Inappropriate implementation in Background Fetch API Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source

CVE-2025-29825 [MEDIUM] CWE-451 Microsoft Edge (Chromium-based) Spoofing Vulnerability Microsoft Edge (Chromium-based) Spoofing Vulnerability Description: User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to click on a specially crafted URL to be

CVE-2025-29834 [HIGH] CWE-125 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Description: Out-of-bounds read in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to invest time in

CVE-2025-3067 [HIGH] Chromium: CVE-2025-3067 Inappropriate implementation in Custom Tabs Chromium: CVE-2025-3067 Inappropriate implementation in Custom Tabs Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which