—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in Microsoft Edge

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: CRITICAL

Software Affected

Microsoft Edge Stable Channel (Chromium-based) versions prior to 142.0.3595.90

Overview

Multiple vulnerabilities have been reported in Microsoft Edge (Chromium-based) which could allow a remote attacker to execute arbitrary code on the targeted system.

Target Audience:

All end-user organizations and individuals using Microsoft Edge (Chromium-based).

Risk Assessment:

High risk of full system compromise, data theft, and malware deployment.

Impact Assessment:

Potential for arbitrary code execution or sensitive data disclosure.

Description

Microsoft Edge (Chromium-based) is a web browser developed by Microsoft using the Chromium engine, offering fast performance, enhanced security, and compatibility with modern web standards while integrating with Microsoft services.

Multiple vulnerabilities exist in Microsoft Edge (Chromium-based) due to type confusion in V8. A remote attacker could exploit these vulnerabilities by persuading a victim to visit a specially crafted web page.

Successful exploitation of these vulnerabilities may result in complete compromise of vulnerable system.

Note: CVE-2025-13223 is being actively exploited in the wild.

Solution

Apply the appropriate security updates released by Microsoft:

https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security#november-18-2025

Vendor Information

Microsoft

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13223

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13224

References

Microsoft

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13223

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13224

CVE Name

CVE-2025-13223

CVE-2025-13224

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmkfI0QACgkQ3jCgcSdc

ys/zUxAApsEQQaZgSSZjJM7x8m9L4K3aCBBXPLicOIqDTCv2cY+vGCCTqTP8C+pM

GqFa2ofQ14CbyKOA/yCphPU1g2xZWllmMM1zDfSdrYIH7tL8bgAYObLz5m8Fc/SK

ZhDElu/TAKutBr85GFzKab8OvQuU8NLjEZZk0SDG3FuUnWAMmi6da6CeHIlKehf+

oq+YkAiDv1Rp2sAc0jWH2pSW9BSbJ0fcpAymOUcmU6lVgVgh3zVq2naeBX/UdZff

NEWjqivhxTnR1zS0tno2ozN4kFEiRkx5j1A5QbRtc3Nk6o76aIPhqdBnxw5LaCnv

e8ySSGHIOl2Sw73VJkTosgYKQw3hcA0hVEW+WU6GJ8IxUj8j6ROUlYtVCC2PDdXY

89hNRbxGyhAiJNMZqlKmi5hATo6uEQMEW9HOnFyM8L8tlpepgMJtHzyFzQHl8E5/

ZxlbmT+01eZa89zr7NYG2mJYpPnJpmmI7i6voRPJbxaAszT5G+ZzljXKsMNu/Nhy

xYzxhtH9cTodxDU10HBFM9w/DBqz3BDXQxJl+G8iFTcS9BA2rVvlbjsFFltQz7Dp

SoJa4fXptr4wM9s9mK64Pf6fUKHbN9cL/QTaoZATEwjeYmxNZfrdVFkvu3P9zn1L

VEBiPpwjbU4MJVf9ME5ad2w7P7WWWIcYBEnIJHW6egEJrbAIk7s=

=0zRu

—–END PGP SIGNATURE—–