[CIVN-2025-0247] Multiple Vulnerabilities in Microsoft Edge (Chromium-based)
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
Multiple Vulnerabilities in Microsoft Edge (Chromium-based)
Indian – Computer Emergency Response Team (https://www.cert-in.org.in)
Severity Rating: HIGH
Software Affected
Microsoft Edge (Chromium-based) versions prior to 141.0.3537.57
Overview
Multiple vulnerabilities have been reported in Microsoft Edge (Chromium-based) which could allow a remote attacker to execute arbitrary code, bypass security restrictions, cause denial-of-service (DoS) or disclose sensitive information on the targeted system.
Target Audience:
All end-user organizations and individuals using Microsoft Edge (Chromium-based).
Risk Assessment:
High risk of remote code execution.
Impact Assessment:
Potential for unauthorized data access or service disruption.
Description
Microsoft Edge (Chromium-based) is a web browser developed by Microsoft using the Chromium engine, offering fast performance, enhanced security, and compatibility with modern web standards while integrating with Microsoft services.
Multiple vulnerabilities exist in Microsoft Edge (Chromium-based) due to Heap buffer overflow in WebGPU, Video; Side-channel information leakage in Storage, Tab; Inappropriate implementation in Media, Omnibox, Storage; Out of bounds read in Media, Off by one error in V8 and Use after free in V8. A remote attacker could exploit these vulnerabilities by persuading a victim to visit a specially crafted web page.
Successful exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code, bypass security restrictions, cause denial-of-service (DoS) or disclose sensitive information on the targeted system.
Solution
Apply appropriate updates as mentioned by the vendor.
https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#october-2-2025
Vendor Information
Microsoft
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11205
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11206
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11207
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11208
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11209
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11210
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11211
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11212
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11213
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11215
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11216
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11219
References
Microsoft
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11205
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11206
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11207
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11208
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11209
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11210
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11211
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11212
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11213
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11215
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11216
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11219
CVE Name
CVE-2025-11205
CVE-2025-11206
CVE-2025-11207
CVE-2025-11208
CVE-2025-11209
CVE-2025-11210
CVE-2025-11211
CVE-2025-11212
CVE-2025-11213
CVE-2025-11215
CVE-2025-11216
CVE-2025-11219
– —
Thanks and Regards,
CERT-In
Incident Response Help Desk
e-mail: incident@cert-in.org.in
Phone: +91-11-22902657
Toll Free Number: 1800-11-4949
Toll Free Fax : 1800-11-6969
Web: http://www.cert-in.org.in
PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4
PGP Key information:
https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS
Postal address:
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmjnskYACgkQ3jCgcSdc
ys9EJhAAnKt7X9L4hemiJeDM/S9EsesmcvOzKaDExvk4AN+SwXRuIkbHA2Vs6ETd
moLyYsqx0IJJFLSEm5QpvPR0doogYs6vevptl9PWwsmh/KU0XWDiSQHNOddd+T3h
zDF9MhH8MQU223arNLLvYd2wGje8erse5iAbh9hRQJOA9NgSwazm6ACsPaniEE4c
YHUO5RwSTW+HLqHQsgOieogEq8W9Ff6AJDU50GjCNkT2ECkndZ11wJd3n3Z8h7AS
YGu+n/57uGhXfPSi8HCdqB3DxKwLNxp+m6nyUcbc8QfjX2V43N3R1AUY1dwQ5IEs
cj6FYim2r5vMKt0M3piyk1cU4ekVT2auLxe2dLeK4n67NaGOE04Eda3mp/VXZUFN
SQfjRJjDQkcWC9JQiOFVmIm5KfZFpTW48+yCzlyStu6PJ7aabAOYPuLj9TnDuK2s
++A5npp/U51RZx0a7Sc6MUfgB5pZINM+Bal6v6fcKDz3Rq0n9J0qST5HLpZ3lD80
A/OlrPzv5w8+XyqVjE5ZWTQE2o/PSG2u+6TCL86kbG6jfL2xCF9muMsa9tqGM4T6
YwAoSDDev0XckzDa7RB/wsbBw7LZuZ7KOA4hMAENDSXA1z0UHhCyqg07tgdS6q6I
X7PmCpjoLFJKrpXn4n9wPsoJ1XrkWc982HijhWpDxDS/hY4VfFE=
=B9Yl
—–END PGP SIGNATURE—–
![[CIVN-2025-0253] Authentication Bypass Vulnerability in CrushFTP](https://teamwin.in/wp-content/uploads/2025/06/certin-new-e1751351599950-500x383.png)
