Chromium: CVE-2025-5283 Use after free in libvpx

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-5283

Chromium: CVE-2025-5067 Inappropriate implementation in Tab Strip

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-5067

Chromium: CVE-2025-5066 Inappropriate implementation in Messages

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-5066

CVE-2025-21174 Windows Standards-Based Storage Management Service Denial of Service Vulnerability

In the Security Updates table, corrected the Download and Article links for Windows Server 2012 R2 and Windows Server 2012 R2 (Server Core installation). This is an informational change only.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21174

Chromium: CVE-2025-5419 Out of bounds read and write in V8

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information. Google is aware that an exploit for CVE-2025-5419 exists in the wild.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-5419

Chromium: CVE-2025-5068 Use after free in Blink

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-5068

CVE-2025-21204 Windows Process Activation Elevation of Privilege Vulnerability

Added an FAQ to explain the remediation steps customers need to take to be protected from CVE-2025-21204. This includes a link to a script to aid in completing the remediation steps. This is an informational change only.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21204

CVE-2025-47966 Power Automate Elevation of Privilege Vulnerability

Exposure of sensitive information to an unauthorized actor in Power Automate allows an unauthorized attacker to elevate privileges over a network.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47966

CVE-2025-33073 Windows SMB Client Elevation of Privilege Vulnerability

Acknowledgement added. This is an informational change only.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33073

CVE-2025-32711 M365 Copilot Information Disclosure Vulnerability

Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32711

CVE-2025-47172 Microsoft SharePoint Server Remote Code Execution Vulnerability

Updated acknowledgment. This is an informational change only.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47172

CVE-2024-28923 Secure Boot Security Feature Bypass Vulnerability

Added an acknowledgement. This is an informational change only.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28923

Chromium: CVE-2025-5958 Use after free in Media

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-5958

Chromium: CVE-2025-5959 Type Confusion in V8

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-5959

CVE-2025-21264 Visual Studio Code Security Feature Bypass Vulnerability

In the Security Updates Table, added Microsoft Visual Studio CoPilot Chat Extension as it is also affected by this vulnerability. Microsoft recommends that customers install the update to be fully protected from the vulnerability.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21264

CVE-2025-33053 Internet Shortcut Files Remote Code Execution Vulnerability

Corrected the CVE description and title. This is an informational change only.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33053

CVE-2025-47963 Microsoft Edge (Chromium-based) Spoofing Vulnerability

No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47963

Chromium: CVE-2025-6557 Insufficient data validation in DevTools

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-6557

Chromium: CVE-2025-6556 Insufficient policy enforcement in Loader

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-6556

CVE-2025-47964 Microsoft Edge (Chromium-based) Spoofing Vulnerability

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47964

Chromium: CVE-2025-6555 Use after free in Animation

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-6555