Microsoft Security Response Center

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 140.0.3485.81 09/19/2025 140.0.7339.186

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 140.0.3485.81 09/19/2025 140.0.7339.186

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.

**According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?** A user could be tricked into entering credentials or responding to a pop up after opening a specially crafted file or clicking on a link, typically by way of an enticement in an email or URL.

Cleartext storage of sensitive information in Microsoft PC Manager allows an unauthorized attacker to bypass a security feature locally.

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 140.0.3485.66 09/11/2025 140.0.7339.133

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 140.0.3485.66 09/11/2025 140.0.7339.133

Ai command injection in Agentic AI and Visual Studio Code allows an unauthorized attacker to execute code over a network.