Cert-In-Advisories

[CIVN-2025-0289] Multiple Vulnerabilities in Microsoft Edge Stable (Chromium-based)

By TeamwinPublished On: November 6, 2025

—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in Microsoft Edge Stable (Chromium-based)

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

Microsoft Edge Stable Channel (Chromium-based) versions prior to 141.0.3537.71

Overview

Multiple vulnerabilities have been reported in Microsoft Edge Stable (Chromium-based) which could allow a remote attacker to execute arbitrary code, bypass security, perform spoofing attack or disclose sensitive information on the targeted system.

Target Audience:

All end-user organizations and individuals using Microsoft Edge Stable (Chromium-based).

Risk Assessment:

High risk of remote code execution.

Impact Assessment:

Potential for unauthorized data access or service disruption.

Description

Microsoft Edge Stable (Chromium-based) is a web browser developed by Microsoft using the Chromium engine, offering fast performance, enhanced security, and compatibility with modern web standards while integrating with Microsoft services.

Multiple vulnerabilities exist in Microsoft Edge Stable (Chromium-based) due to Heap Incorrect security UI in Omnibox, SplitView, Fullscreen UI; Policy bypass in Extensions; Inappropriate implementation in V8, Autofill, App-Bound Encryption, Extensions; Out of bounds read in V8; Use after free in Ozone, PageInfo; Race in Storage, V8; Object lifecycle issue in Media and Type Confusion in V8. A remote attacker could exploit these vulnerabilities by persuading a victim to visit a specially crafted web page.

Successful exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code, bypass security, perform spoofing attack or disclose sensitive information on the targeted system.

Solution

Apply appropriate updates as mentioned by the vendor.

https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#october-31-2025

https://msrc.microsoft.com/update-guide/vulnerability

Vendor Information

Microsoft

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12036

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12428

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12429

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12430

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12431

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12432

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12433

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12434

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12435

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12436

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12437

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12438

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12439

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12440

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12441

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12443

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12444

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12445

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12446

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12447

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60711

References