Chromium: CVE-2025-8576 Use after free in Extensions
Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8576
Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8576
Chromium: CVE-2025-8578 Use after free in Cast
Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8578
Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8578
Chromium: CVE-2025-8580 Inappropriate implementation in Filesystems
Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8580
Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8580
Chromium: CVE-2025-8581 Inappropriate implementation in Extensions
Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8581
Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8581
Chromium: CVE-2025-8582 Insufficient validation of untrusted input in DOM
Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8582
Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8582
CVE-2025-29954 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
Added an acknowledgement. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29954
Added an acknowledgement. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29954
Chromium: CVE-2025-8879 Heap buffer overflow in libaom
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8879
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8879
Chromium: CVE-2025-8880 Race in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8880
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8880
Chromium: CVE-2025-8901 Out of bounds write in ANGLE
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8901
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8901
Chromium: CVE-2025-8881 Inappropriate implementation in File Picker
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8881
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8881
Chromium: CVE-2025-8882 Use after free in Aura
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8882
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8882
CVE-2025-53740 Microsoft Office Remote Code Execution Vulnerability
Acknowledgement added. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53740
Acknowledgement added. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53740
CVE-2025-49716 Windows Netlogon Denial of Service Vulnerability
Updated first FAQ to state that CVE-2020-0674 has now been issued to address this vulnerability. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49716
Updated first FAQ to state that CVE-2020-0674 has now been issued to address this vulnerability. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49716
CVE-2025-49718 Microsoft SQL Server Information Disclosure Vulnerability
Updated product information in the Software Update table. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49718
Updated product information in the Software Update table. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49718
CVE-2025-49717 Microsoft SQL Server Remote Code Execution Vulnerability
Updated product information in the Software Update table. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49717
Updated product information in the Software Update table. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49717
CVE-2025-55231 Windows Storage-based Management Service Remote Code Execution Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Storage allows an unauthorized attacker to execute code over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55231
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Storage allows an unauthorized attacker to execute code over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55231
CVE-2025-55229 Windows Certificate Spoofing Vulnerability
Improper verification of cryptographic signature in Windows Certificates allows an unauthorized attacker to perform spoofing over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55229
Improper verification of cryptographic signature in Windows Certificates allows an unauthorized attacker to perform spoofing over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55229
CVE-2025-55230 Windows MBT Transport Driver Elevation of Privilege Vulnerability
Untrusted pointer dereference in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55230
Untrusted pointer dereference in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55230
CVE-2025-53795 Microsoft PC Manager Elevation of Privilege Vulnerability
Improper authorization in Microsoft PC Manager allows an unauthorized attacker to elevate privileges over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53795
Improper authorization in Microsoft PC Manager allows an unauthorized attacker to elevate privileges over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53795
CVE-2025-53763 Azure Databricks Elevation of Privilege Vulnerability
Improper access control in Azure Databricks allows an unauthorized attacker to elevate privileges over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53763
Improper access control in Azure Databricks allows an unauthorized attacker to elevate privileges over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53763
Chromium: CVE-2025-9132 Out of bounds write in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-9132
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-9132