Multiple vulnerabilities in Microsoft Browser

説明

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to spoof user interface, cause denial of service, execute arbitrary code, bypass security restrictions.

Below is a complete list of vulnerabilities:

1. Incorrect security UI vulnerability in Omnibox can be exploited to spoof user interface.
2. Race condition vulnerability in Storage can be exploited to cause denial of service.
3. Inappropriate implementation vulnerability in V8 can be exploited remotely to execute arbitrary code
4. Policy bypass vulnerability in Extensions can be exploited to bypass security restrictions.
5. Race condition vulnerability in V8 can be exploited to cause denial of service.
6. Inappropriate implementation vulnerability in V8 can be exploited to cause denial of service.
7. Inappropriate implementation vulnerability in App-Bound Encryption can be exploited to cause denial of service.
8. Inappropriate implementation vulnerability in Extensions can be exploited to cause denial of service.
9. Use after free vulnerability in PageInfo can be exploited to cause denial of service or execute arbitrary code.
10. Incorrect security UI vulnerability in Fullscreen UI can be exploited to spoof user interface.
11. Type Confusion vulnerability in V8 can be exploited to cause denial of service.
12. Inappropriate implementation vulnerability in Autofill can be exploited to cause denial of service.
13. Use after free vulnerability in Ozone can be exploited to cause denial of service or execute arbitrary code.
14. Out of bounds read vulnerability in V8 can be exploited to cause denial of service.
15. Incorrect security UI vulnerability in SplitView can be exploited to spoof user interface.
16. Out of bounds read vulnerability in WebXR can be exploited to cause denial of service.
17. Object lifecycle vulnerability in Media can be exploited to cause denial of service or spoof user interface.
18. A remote code execution vulnerability in Microsoft Edge (Chromium-based) can be exploited remotely to execute arbitrary code.

オリジナルアドバイザリー

• CVE-2025-12435

• CVE-2025-12434
• CVE-2025-12036
• CVE-2025-12436
• CVE-2025-12432
• CVE-2025-12429
• CVE-2025-12439
• CVE-2025-12431
• CVE-2025-12437
• CVE-2025-12444
• CVE-2025-12428
• CVE-2025-12440
• CVE-2025-12433
• CVE-2025-12447
• CVE-2025-12438
• CVE-2025-12441
• CVE-2025-12445
• CVE-2025-12446
• CVE-2025-12443
• CVE-2025-12430
• CVE-2025-60711

エクスプロイテーション

Public exploits exist for this vulnerability.

関連製品

• Microsoft-Edge

CVEリスト

• CVE-2025-12036
  critical
• CVE-2025-12428
  critical
• CVE-2025-12429
  critical
• CVE-2025-12430
  critical
• CVE-2025-12431
  high
• CVE-2025-12432
  critical
• CVE-2025-12433
  warning
• CVE-2025-12434
  warning
• CVE-2025-12435
  high
• CVE-2025-12436
  high
• CVE-2025-12437
  critical
• CVE-2025-12438
  critical
• CVE-2025-12439
  high
• CVE-2025-12440
  high
• CVE-2025-12441
  warning
• CVE-2025-12443
  warning
• CVE-2025-12444
  warning
• CVE-2025-12445
  high
• CVE-2025-12446
  warning
• CVE-2025-12447
  warning
• CVE-2025-60711
  high

KBリスト

も参照してください

お住まいの地域に広がる脆弱性の統計をご覧ください statistics.securelist.com