Description
Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to spoof user interface, cause denial of service, execute arbitrary code, bypass security restrictions.
Below is a complete list of vulnerabilities:
- Incorrect security UI vulnerability in Omnibox can be exploited to spoof user interface.
- Race condition vulnerability in Storage can be exploited to cause denial of service.
- Inappropriate implementation vulnerability in V8 can be exploited remotely to execute arbitrary code
- Policy bypass vulnerability in Extensions can be exploited to bypass security restrictions.
- Race condition vulnerability in V8 can be exploited to cause denial of service.
- Inappropriate implementation vulnerability in V8 can be exploited to cause denial of service.
- Inappropriate implementation vulnerability in App-Bound Encryption can be exploited to cause denial of service.
- Inappropriate implementation vulnerability in Extensions can be exploited to cause denial of service.
- Use after free vulnerability in PageInfo can be exploited to cause denial of service or execute arbitrary code.
- Incorrect security UI vulnerability in Fullscreen UI can be exploited to spoof user interface.
- Type Confusion vulnerability in V8 can be exploited to cause denial of service.
- Inappropriate implementation vulnerability in Autofill can be exploited to cause denial of service.
- Use after free vulnerability in Ozone can be exploited to cause denial of service or execute arbitrary code.
- Out of bounds read vulnerability in V8 can be exploited to cause denial of service.
- Incorrect security UI vulnerability in SplitView can be exploited to spoof user interface.
- Out of bounds read vulnerability in WebXR can be exploited to cause denial of service.
- Object lifecycle vulnerability in Media can be exploited to cause denial of service or spoof user interface.
- A remote code execution vulnerability in Microsoft Edge (Chromium-based) can be exploited remotely to execute arbitrary code.
Original advisories
- CVE-2025-12434
- CVE-2025-12036
- CVE-2025-12436
- CVE-2025-12432
- CVE-2025-12429
- CVE-2025-12439
- CVE-2025-12431
- CVE-2025-12437
- CVE-2025-12444
- CVE-2025-12428
- CVE-2025-12440
- CVE-2025-12433
- CVE-2025-12447
- CVE-2025-12438
- CVE-2025-12441
- CVE-2025-12445
- CVE-2025-12446
- CVE-2025-12443
- CVE-2025-12430
- CVE-2025-60711
Exploitation
Public exploits exist for this vulnerability.
Related products
CVE list
- CVE-2025-12036 unknown
- CVE-2025-12428 unknown
- CVE-2025-12429 unknown
- CVE-2025-12430 unknown
- CVE-2025-12431 unknown
- CVE-2025-12432 unknown
- CVE-2025-12433 unknown
- CVE-2025-12434 unknown
- CVE-2025-12435 unknown
- CVE-2025-12436 unknown
- CVE-2025-12437 unknown
- CVE-2025-12438 unknown
- CVE-2025-12439 unknown
- CVE-2025-12440 unknown
- CVE-2025-12441 unknown
- CVE-2025-12443 unknown
- CVE-2025-12444 unknown
- CVE-2025-12445 unknown
- CVE-2025-12446 unknown
- CVE-2025-12447 unknown
- CVE-2025-60711 high
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com
Found an inaccuracy in the description of this vulnerability? Let us know!