—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in Microsoft Edge Stable (Chromium-based) 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

Microsoft Edge Stable Channel (Chromium-based) versions prior to 142.0.3595.65

Overview

Multiple vulnerabilities have been reported in Microsoft Edge Stable (Chromium-based) which could allow a remote attacker to execute arbitrary code or data manipulation on the targeted system.

Target Audience:

All end-user organizations and individuals using Microsoft Edge Stable (Chromium-based).

Risk Assessment:

High risk of remote code execution.

Impact Assessment:

Potential for data manipulation or service disruption.

Description

Microsoft Edge Stable (Chromium-based) is a web browser developed by Microsoft using the Chromium engine, offering fast performance, enhanced security, and compatibility with modern web standards while integrating with Microsoft services.

Multiple vulnerabilities exist in Microsoft Edge Stable (Chromium-based) due to Out of bounds write in WebGPU; Inappropriate implementation in Views and V8. A remote attacker could exploit these vulnerabilities by persuading a victim to visit a specially crafted web page.

Successful exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code or data manipulation on the targeted system.

Solution

Apply appropriate updates as mentioned by the vendor.

https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security#november-5-2025

Vendor Information

Microsoft

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-12725

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-12726

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-12727

References

Microsoft

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-12725

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-12726

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-12727

CVE Name

CVE-2025-12725

CVE-2025-12726

CVE-2025-12727

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIyBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmkOCrEACgkQ3jCgcSdc

ys8cOQ/41vPRFqsDxvxuAgKsQq2y9Wgqp/FIysbYWqz2Atpfs5zXisP4weI7tVqD

ykOAafBfXfSpun+gDTsjbeWkh6JzQSuS/MCtwhE+pHDav0Dn0pnpfyZm3LtH5L16

zYVhjEzoF+JLb+B88iMkQdpv1UtRe2crdGi/gjJLg3YQ1+qGX6tzZ8n/UtgyBzXO

th2MN5bbeMOFuYBfN9Gv71Y84PwTtpo0F9vfTsoTE8Tn0+n/V0PFwiYMH8bgZjSh

HWGJGKWdnfdrMtvAuIH1E6t8HsUoLVKaZ2ZhPSAj4jhm5IYanVLJnkUviWoa0W48

7oPZxznzrRfX9N0zK1wXgBjbTDcH/vsLMjF9RSQFy7C2CZnqeFT2ucZZkZxJfzXp

tGE58KhkxeSXviuj50C1q8iJd2VcOCcjkWMZJ8PTwzKlUjCFsvlPyOzFYc7iurG6

g0jPvL80FwEjW0l0sVSAEUAfiV10N6FFBY3VB0n3G1HxoipSlWTJYJjUk0sb5FMP

QFKOMsaV9ZKf+Lb2v3FuuJMP+bURrfBzY+q0V0U/UQCKWM11jTK9Kh6Pb0gDOjp4

Y4YDNk/JG/wRoUh55dbP84FGq83n4WxZtH5WTdf1RYWhoTmjTGS3tpkCZz39TotS

0F2qleW06WEK1FoF6AugE8YMTwk5PRC/DAvUMUKTKwq2l/E/0g==

=w9mN

—–END PGP SIGNATURE—–