- 66/2025
- High
Microsoft has released an updated Microsoft Edge stable channel “134.0.3124.83” to address multiple vulnerabilities.
The addressed vulnerabilities could allow the attacker to gain elevated privileges or execute arbitrary code and gain access to the affected systems by persuading the victim to visit a specially crafted website.
Sample of the addressed vulnerabilities:
1. Microsoft Edge (Chromium-based) Use After Free in Lens Vulnerability (CVE-2025-2476):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Access
2. Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability (CVE-2025-29795):
- CVSS: 7.8
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Privileges
Vulnerabilities
- CVE-2025-29806
- CVE-2025-29795
- CVE-2025-2476
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.