Multiple vulnerabilities in Microsoft Browser

Описание

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to spoof user interface, cause denial of service, execute arbitrary code, bypass security restrictions.

Below is a complete list of vulnerabilities:

1. Incorrect security UI vulnerability in Omnibox can be exploited to spoof user interface.
2. Race condition vulnerability in Storage can be exploited to cause denial of service.
3. Inappropriate implementation vulnerability in V8 can be exploited remotely to execute arbitrary code
4. Policy bypass vulnerability in Extensions can be exploited to bypass security restrictions.
5. Race condition vulnerability in V8 can be exploited to cause denial of service.
6. Inappropriate implementation vulnerability in V8 can be exploited to cause denial of service.
7. Inappropriate implementation vulnerability in App-Bound Encryption can be exploited to cause denial of service.
8. Inappropriate implementation vulnerability in Extensions can be exploited to cause denial of service.
9. Use after free vulnerability in PageInfo can be exploited to cause denial of service or execute arbitrary code.
10. Incorrect security UI vulnerability in Fullscreen UI can be exploited to spoof user interface.
11. Type Confusion vulnerability in V8 can be exploited to cause denial of service.
12. Inappropriate implementation vulnerability in Autofill can be exploited to cause denial of service.
13. Use after free vulnerability in Ozone can be exploited to cause denial of service or execute arbitrary code.
14. Out of bounds read vulnerability in V8 can be exploited to cause denial of service.
15. Incorrect security UI vulnerability in SplitView can be exploited to spoof user interface.
16. Out of bounds read vulnerability in WebXR can be exploited to cause denial of service.
17. Object lifecycle vulnerability in Media can be exploited to cause denial of service or spoof user interface.
18. A remote code execution vulnerability in Microsoft Edge (Chromium-based) can be exploited remotely to execute arbitrary code.

Первичный источник обнаружения

• CVE-2025-12435
  CVE-2025-12434
  CVE-2025-12036
  CVE-2025-12436
  CVE-2025-12432
  CVE-2025-12429
  CVE-2025-12439
  CVE-2025-12431
  CVE-2025-12437
  CVE-2025-12444
  CVE-2025-12428
  CVE-2025-12440
  CVE-2025-12433
  CVE-2025-12447
  CVE-2025-12438
  CVE-2025-12441
  CVE-2025-12445
  CVE-2025-12446
  CVE-2025-12443
  CVE-2025-12430
  CVE-2025-60711
  

Эксплуатация

Public exploits exist for this vulnerability.

Связанные продукты

• Microsoft-Edge

Список CVE

• CVE-2025-12036
  unknown
• CVE-2025-12428
  unknown
• CVE-2025-12429
  unknown
• CVE-2025-12430
  unknown
• CVE-2025-12431
  unknown
• CVE-2025-12432
  unknown
• CVE-2025-12433
  unknown
• CVE-2025-12434
  unknown
• CVE-2025-12435
  unknown
• CVE-2025-12436
  unknown
• CVE-2025-12437
  unknown
• CVE-2025-12438
  unknown
• CVE-2025-12439
  unknown
• CVE-2025-12440
  unknown
• CVE-2025-12441
  unknown
• CVE-2025-12443
  unknown
• CVE-2025-12444
  unknown
• CVE-2025-12445
  unknown
• CVE-2025-12446
  unknown
• CVE-2025-12447
  unknown
• CVE-2025-60711
  high

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com