Security
Headlines
HeadlinesLatestCVEs

Source

Microsoft Security Response Center

CVE-2025-9132: Chromium: CVE-2025-9132 Out of bounds write in V8

**Why is this Chrome CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. **How can I see the version of the browser?** 1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window 2. Click on **Help and Feedback** 3. Click on **About Microsoft Edge**

Microsoft Security Response Center
Open in Source
#vulnerability#microsoft#chrome#Microsoft Edge (Chromium-based)#Security Vulnerability
CVE-2025-55230: Windows MBT Transport Driver Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2025-53795: Microsoft PC Manager Elevation of Privilege Vulnerability

**Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?** This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency. Please see Toward greater transparency: Unveiling Cloud Service CVEs for more information.

CVE-2025-53763: Azure Databricks Elevation of Privilege Vulnerability

**Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?** This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency. Please see Toward greater transparency: Unveiling Cloud Service CVEs for more information.

CVE-2025-55231: Windows Storage-based Management Service Remote Code Execution Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Storage allows an unauthorized attacker to execute code over a network.

CVE-2025-55229: Windows Certificate Spoofing Vulnerability

Improper verification of cryptographic signature in Windows Certificates allows an unauthorized attacker to perform spoofing over a network.

CVE-2025-8882: Chromium: CVE-2025-8882 Use after free in Aura

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 139.0.3405.102 8/15/2025 139.0.7258.127/.128

CVE-2025-8881: Chromium: CVE-2025-8881 Inappropriate implementation in File Picker

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 139.0.3405.102 8/15/2025 139.0.7258.127/.128

CVE-2025-8880: Chromium: CVE-2025-8880 Race in V8

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 139.0.3405.102 8/15/2025 139.0.7258.127/.128

CVE-2025-8901: Chromium: CVE-2025-8901 Out of bounds write in ANGLE

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 139.0.3405.102 8/15/2025 139.0.7258.127/.128