Indian Government's High Security Alert: Microsoft Edge Vulnerabilities Pose Risks to Businesses and Users.

Aug 28, 2025
617 views
2 min read

The Indian Computer Emergency Response Team (CERT-In), a division of the Ministry of Electronics and Information Technology, has issued a high-severity warning regarding multiple vulnerabilities in Microsoft Edge. This alert impacts a wide array of users, including individuals and businesses relying on the browser for various online activities.

Nature of the Vulnerabilities

CERT-In has identified several security flaws in Microsoft Edge (Chromium-based) versions prior to 129.0.2792.79. These vulnerabilities stem from various underlying issues, including:

Insufficient data validation in Mojo
Inappropriate implementation in the V8 JavaScript engine
Integer overflow in the Layout component
Inappropriate implementation in UI and Autofill
Type Confusion in V8
Incorrect security UI in Downloads
Out-of-bounds Write issue
Improper neutralization of input during web page generation
Object corruption in V8 and WebAssembly
Use after free V8, Downloads and QUIC
Out of bounds read in fonts

Potential Impact

Successful exploitation of these vulnerabilities could have severe consequences:

Remote Code Execution: Attackers could execute arbitrary code on a targeted system.
Security Bypass: Cybercriminals could bypass security restrictions.
Data Theft: Sensitive user data could be stolen.
UI Spoofing: Attackers could perform UI spoofing.
Memory Corruption: Exploitation of stack & heap corruption on the targeted system.
Denial of Service (DoS): Attackers could cause denial of service conditions.
Elevated Privileges: Hackers could gain elevated privileges.
Sensitive Information Disclosure: Attackers could obtain sensitive information.
System Spoofing: Triggering spoofing attacks.

How the Attacks Work

Attackers could exploit these weaknesses by tricking users into visiting specially crafted websites or opening compromised HTML pages. By sending a specially crafted request to the targeted system, cybercriminals can gain unauthorized access and control.

Recommended Actions

To mitigate these risks, CERT-In and Microsoft strongly urge users to take the following actions:

Update Microsoft Edge: Immediately update the browser to the latest version (129.0.2792.79 or later) to incorporate the necessary security patches. To update, go to Microsoft Edge, then open 'Help And Feedback' and then click on 'About Microsoft Edge'.
Install Security Patches: Ensure that all security patches released by Microsoft are installed promptly.
Limit Administrative Access: Limit administrative access to essential accounts.
Enable Multi-Factor Authentication: Implement multi-factor authentication for enhanced security.
Maintain Secure Backups: Regularly back up important data to prevent data loss.
Monitor Networks: Closely monitor networks for any unusual activity.

Severity and Target

CERT-In has assigned a high-severity rating to this security warning, emphasizing the urgency of the situation. The target audience includes security teams, IT administrators, and all individuals and organizations that rely on Microsoft Edge for their daily operations. Experts suggest that these vulnerabilities could trigger serious consequences, including large-scale data breaches, ransomware campaigns, and prolonged operational downtime. Security professionals have described the advisory as one of the most severe of the year.

Written By

Ishaan Gupta

Ishaan Gupta is a driven journalist, eager to make his mark in the dynamic media scene, and a passionate sports enthusiast. With a recent journalism degree, Ishaan possesses a keen interest in technology and business innovations across Southeast Asia. He's committed to delivering well-researched, insightful articles that inform and engage readers, aiming to uncover the stories shaping the region's future. His dedication to sports also fuels his competitive drive for impactful reporting.