The Indian government has issued a high-severity security alert for Microsoft Edge users, warning of multiple vulnerabilities that could allow remote system attacks.
Key Takeaways
- CERT-In rates the Edge vulnerability as high severity
- Affects Microsoft Edge Stable versions prior to 129.0.2792.52
- Attackers can exploit via specially crafted web pages
- Update immediately to patch security flaws
The Indian Computer Emergency Response Team (CERT-In) has classified the security risk as high severity, indicating serious concerns about potential data theft and system control exploitation.
What Is The Edge Security Issue?
CERT-In has identified multiple critical vulnerabilities in Chromium-based Microsoft Edge. The security alert states:
“Multiple vulnerabilities exist in Microsoft Edge Stable (Chromium-based) due to Heap Incorrect security UI in Omnibox, SplitView, Fullscreen UI; Policy bypass in Extensions; Inappropriate implementation in V8, Autofill, App-Bound Encryption, Extensions; Out of bounds read in V8; Use after free in Ozone, PageInfo; Race in Storage, V8; Object lifecycle issue in Media and Type Confusion in V8. A remote attacker could exploit these vulnerabilities by persuading a victim to visit a specially crafted web page.”
The timing is particularly concerning given Microsoft’s recent introduction of AI agent features in Edge, which handle significant user data.
Who Is At Risk?
The security alert confirms that both individual users and businesses using affected Edge versions are vulnerable to targeted attacks. The risk applies specifically to Microsoft Edge Stable Channel (Chromium-based) versions prior to 129.0.2792.52.
How To Update Microsoft Edge
To secure your system, immediately update Edge by following these steps:
- Click the three-dot menu in the top-right corner
- Hover over Help and Feedback
- Select About Microsoft Edge
The browser will automatically check for and install the latest security update.
