Microsoft has rolled out a new update for the Edge browser in the Stable Channel. Version 125.0.2535.85 is now available with fixes for seven Chromium vulnerabilities of high severity. This is a security-only update, and it does not contain any new features or notable changes.
Here are the vulnerabilities Microsoft patched in Edge 125.0.2535.85:
-
CVE-2024-5493: Heap buffer overflow in WebRTC in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
-
CVE-2024-5494: Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
-
CVE-2024-5495: Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
-
CVE-2024-5496: Use after free in Media Session in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
-
CVE-2024-5497: Out-of-bounds memory access in Keyboard Inputs in Google Chrome prior to 125.0.6422.141 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
-
CVE-2024-5498: Use after free in Presentation API in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
-
CVE-2024-5499: Out of bounds write in Streams API in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
To force-install the latest Microsoft Edge update, head to Menu > Help and Feedback > About Microsoft Edge. Alternatively, go to edge://settings/help. Release notes for the initial Edge 125 feature update are available here.