Chromium: CVE-2025-5958 Use after free in Media
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-5958
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-5958
Chromium: CVE-2025-5959 Type Confusion in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-5959
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-5959
CVE-2025-21264 Visual Studio Code Security Feature Bypass Vulnerability
In the Security Updates Table, added Microsoft Visual Studio CoPilot Chat Extension as it is also affected by this vulnerability. Microsoft recommends that customers install the update to be fully protected from the vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21264
In the Security Updates Table, added Microsoft Visual Studio CoPilot Chat Extension as it is also affected by this vulnerability. Microsoft recommends that customers install the update to be fully protected from the vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21264
CVE-2025-33053 Internet Shortcut Files Remote Code Execution Vulnerability
Corrected the CVE description and title. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33053
Corrected the CVE description and title. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33053
CVE-2025-47963 Microsoft Edge (Chromium-based) Spoofing Vulnerability
No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47963
No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47963
Chromium: CVE-2025-6557 Insufficient data validation in DevTools
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-6557
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-6557
Chromium: CVE-2025-6556 Insufficient policy enforcement in Loader
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-6556
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-6556
CVE-2025-47964 Microsoft Edge (Chromium-based) Spoofing Vulnerability
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47964
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47964
Chromium: CVE-2025-6555 Use after free in Animation
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-6555
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-6555
CVE-2025-47182 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Improper input validation in Microsoft Edge (Chromium-based) allows an authorized attacker to bypass a security feature locally.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47182
Improper input validation in Microsoft Edge (Chromium-based) allows an authorized attacker to bypass a security feature locally.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47182
Chromium: CVE-2025-6554 Type Confusion in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information. Google is aware that an exploit for CVE-2025-6554 exists in the wild.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-6554
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information. Google is aware that an exploit for CVE-2025-6554 exists in the wild.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-6554
CVE-2025-49741 Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49741
No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49741
CVE-2025-49713 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49713
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49713
CVE-2025-32726 Visual Studio Code Elevation of Privilege Vulnerability
Added an acknowledgement. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32726
Added an acknowledgement. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32726
CVE-2022-23278 Microsoft Defender for Endpoint Spoofing Vulnerability
Updated links to security updates. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23278
Updated links to security updates. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23278
CVE-2022-33637 Microsoft Defender for Endpoint Tampering Vulnerability
Updated links to security updates. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33637
Updated links to security updates. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33637
CVE-2024-43614 Microsoft Defender for Endpoint for Linux Spoofing Vulnerability
Updated links to security updates. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43614
Updated links to security updates. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43614
CVE-2024-49000 SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49000 re-released to address a regression introduced in the original updates to both Security update for SQL 2016 Azure Connect Feature Pack and Security update for SQL Server 2016 SP3 RTM+GDR. Customers affected by the regression should install the security updates released on July 8, 2025. See the updated information in the Security Updates table.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49000
CVE-2024-49000 re-released to address a regression introduced in the original updates to both Security update for SQL 2016 Azure Connect Feature Pack and Security update for SQL Server 2016 SP3 RTM+GDR. Customers affected by the regression should install the security updates released on July 8, 2025. See the updated information in the Security Updates table.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49000
CVE-2025-47161 Microsoft Defender for Endpoint Elevation of Privilege Vulnerability
Updated links to security updates. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47161
Updated links to security updates. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47161
CVE-2025-26684 Microsoft Defender Elevation of Privilege Vulnerability
Updated links to security updates. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26684
Updated links to security updates. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26684
CVE-2025-33069 Windows App Control for Business Security Feature Bypass Vulnerability
Added acknowledgements. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33069
Added acknowledgements. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33069