CVE-2025-21401 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Published February 21, 2025
Updated acknowledgment. This is an informational change only.
Microsoft Security Response Center Blog Alerts
Chromium: CVE-2025-1426 Heap buffer overflow in GPU
Published February 21, 2025
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.
Chromium: CVE-2025-1006 Use after free in Network
Published February 21, 2025
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.
CVE-2025-24989 Microsoft Power Pages Elevation of Privilege Vulnerability
Published February 19, 2025
An improper access control vulnerability in Power Pages allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control.
This vulnerability **has already been mitigated in the service** and all affected cusomters have been notified. This update addressed the registration control bypass. Affected customers have been given instructions on reviewing their sites for potential exploitation and clean up methods. If you’ve not been notified this vulnerability does not affect you.
CVE-2025-21355 Microsoft Bing Remote Code Execution Vulnerability
Published February 19, 2025
Missing Authentication for Critical Function in Microsoft Bing allows an unauthorized attacker to execute code over a network
Chromium: CVE -2025-0998 Out of bounds memory access in V8
Published February 14, 2025
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.
Chromium: CVE -2025-0997 Use after free in Navigation
Published February 14, 2025
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.
Chromium: CVE -2025-0995 Use after free in V8
Published February 14, 2025
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.
Chromium: CVE -2025-0996 Inappropriate implementation in Browser UI
Published February 14, 2025
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.
CVE-2025-24042 Visual Studio Code JS Debug Extension Elevation of Privilege Vulnerability
Published February 11, 2025
Information published.
