Microsoft Edge users are facing new warnings from the Indian government regarding security vulnerabilities that could put their data at risk. The Indian Computer Emergency Response Team (CERT-In), the government's cybersecurity agency, has issued alerts about flaws in the Microsoft Edge browser that could allow hackers to steal data and execute malicious code on users' systems.

Vulnerabilities and Potential Impact

CERT-In has identified multiple vulnerabilities that cybercriminals could exploit. These vulnerabilities stem from issues such as insufficient data validation, inappropriate implementation in the V8 JavaScript engine, and integer overflows. Exploiting these flaws could allow attackers to bypass security measures and gain unauthorized access to targeted systems. A hacker could exploit the vulnerabilities in Microsoft Edge by sending a specially crafted request to the targeted system, potentially leading to data theft and the execution of arbitrary code.

Technical Details of the Vulnerabilities

Specifically, CERT-In has highlighted the following vulnerabilities: * Integer Overflow: An integer overflow in the Edge layout could be exploited. * Insufficient Data Validation: Insufficient data validation in Mojo could be leveraged by attackers. * Inappropriate Implementation: An inappropriate implementation in V8, the JavaScript engine, could be exploited to execute arbitrary code.

Recommended Actions for Users

CERT-In has strongly advised Microsoft Edge users to take immediate action to protect their systems. The primary recommendation is to update the Edge browser to the latest version. Updating the browser will patch the identified vulnerabilities, preventing attackers from exploiting them. CERT-In also recommends staying informed about security updates and practicing good online safety habits to guard against cyber threats.

Recent Alerts and Affected Versions

In October 2024, CERT-In issued an urgent alert advising users to update to version 129.0.2792.79 or later. Versions prior to this were found to have critical security flaws. More recently, in November 2025, CERT-In issued another alert regarding high-risk vulnerabilities affecting Microsoft Edge, along with other Microsoft products like Windows 10, Windows 11, and Microsoft Office. This alert specifically mentioned a vulnerability in Edge versions older than 142.0.3595.80 related to the V8 JavaScript engine.

CERT-In's Role and Responsibility

CERT-In is the national agency responsible for responding to cyber incidents and promoting cybersecurity in India. Established under Section 70B of the Information Technology Act, 2000, CERT-In plays a crucial role in safeguarding the country's digital infrastructure and advising users on how to protect themselves from cyber threats. The agency regularly issues alerts and advisories about vulnerabilities affecting various software and hardware products, urging users to take necessary precautions.

By promptly updating their Microsoft Edge browsers and remaining vigilant about potential threats, users can significantly reduce their risk of falling victim to cyberattacks.