Cert-In-Advisories

[CIVN-2025-0354] Multiple Vulnerabilities in Microsoft Edge

By TeamwinPublished On: December 8, 2025

—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in Microsoft Edge

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

Microsoft Edge Stable Channel (Chromium-based) versions prior to 143.0.3650.66

Overview

Multiple vulnerabilities have been reported in Microsoft Edge (Chromium-based) which could allow a remote attacker to execute arbitrary code, bypass security restrictions, perform spoofing attacks, gain elevated privileges, cause denial of service condition or access to sensitive information on the targeted system.

Target Audience:

All end-user organizations and individuals using Microsoft Edge (Chromium-based).

Risk Assessment:

High risk of full system compromise, unauthorized access to sensitive data, malware deployment, authentication bypass, or system instability.

Impact Assessment:

Potential for arbitrary code execution, service disruption, privilege escalation, or sensitive data disclosure.

Description

Microsoft Edge (Chromium-based) is a web browser developed by Microsoft using the Chromium engine, offering fast performance, enhanced security, and compatibility with modern web standards while integrating with Microsoft services.

Multiple vulnerabilities exist in Microsoft Edge (Chromium-based) due to spoofing, inappropriate implementation issues in multiple components (such as Passwords, WebRTC, Downloads, Split View, DevTools, Google Updater); race conditions and type confusion in V8; use-after-free in Media Stream and Digital Credentials; and bad cast in Loader component. A remote attacker could exploit these vulnerabilities by persuading a victim to visit a specially crafted or malicious webpage.

Successful exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code, bypass security restrictions, perform spoofing attacks, gain elevated privileges, cause denial of service condition or access to sensitive information on the targeted system.

Solution

Apply the security updates released by Microsoft:

https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security#december-4-2025

Vendor Information

Microsoft

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13630

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13631

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13632

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13633

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13634

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13635

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13636

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13637

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13638

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13639

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13640

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13720

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13721

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62223

References