Microsoft Security Response Center Blog Alerts

Chromium: CVE-2025-5283 Use after free in libvpx

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.

Chromium: CVE-2025-5067 Inappropriate implementation in Tab Strip

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.

Chromium: CVE-2025-5066 Inappropriate implementation in Messages

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.

CVE-2025-47181 Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability

Improper link resolution before file access (‘link following’) in Microsoft Edge (Chromium-based) allows an authorized attacker to elevate privileges locally.

Chromium: CVE-2025-4664 Insufficient policy enforcement in Loader

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information. Google is aware of reports that an exploit for CVE-2025-4664 exists in the wild.

Chromium: CVE-2025-4609 Incorrect handle provided in unspecified circumstances in Mojo

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

CVE-2025-47161 Microsoft Defender for Endpoint Elevation of Privilege Vulnerability

Information published.

CVE-2025-32704 Microsoft Excel Remote Code Execution Vulnerability

Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2025-29840 Windows Media Remote Code Execution Vulnerability

Stack-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.

CVE-2025-32706 Windows Common Log File System Driver Elevation of Privilege Vulnerability

Improper input validation in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

Chromium: CVE-2025-5283 Use after free in libvpx

Chromium: CVE-2025-5067 Inappropriate implementation in Tab Strip

Chromium: CVE-2025-5066 Inappropriate implementation in Messages

CVE-2025-47181 Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability

Chromium: CVE-2025-4664 Insufficient policy enforcement in Loader

Chromium: CVE-2025-4609 Incorrect handle provided in unspecified circumstances in Mojo

CVE-2025-47161 Microsoft Defender for Endpoint Elevation of Privilege Vulnerability

CVE-2025-32704 Microsoft Excel Remote Code Execution Vulnerability

CVE-2025-29840 Windows Media Remote Code Execution Vulnerability

CVE-2025-32706 Windows Common Log File System Driver Elevation of Privilege Vulnerability

Contact Info

Follow Us

Affiliations

More Info