Microsoft Edge Fixes Actively Exploited Chromium Vulnerability

Microsoft has released a critical security update for the Microsoft Edge Stable Channel, version 138.0.3351.65, on July 1, 2025, addressing multiple high-risk vulnerabilities, including CVE-2025-6554 and CVE-2025-49713.

These vulnerabilities, reported by the Chromium project and Microsoft’s internal security teams, are being actively exploited in the wild, posing significant threats such as remote code execution, data manipulation, and information disclosure.

The most severe of these, CVE-2025-6554, can be exploited by remote attackers to manipulate data or gain unauthorized access to sensitive information.

Attackers can entice users to visit malicious websites or open specially crafted content, potentially resulting in full system compromise.

The risk level for this vulnerability is rated High due to confirmed exploitation in the wild, prompting urgent recommendations from security authorities for immediate patching.

Type Confusion Vulnerability: CVE-2025-49713

Another critical flaw, CVE-2025-49713, stems from a type confusion error in Edge’s handling of certain resources.

Type confusion occurs when a program misinterprets the type of an object, leading to unpredictable behavior and security gaps.

In this case, attackers can exploit the flaw to execute arbitrary code remotely, simply by luring users to compromised or malicious sites.

Successful exploitation of CVE-2025-49713 can result in:

• Remote Code Execution: Attackers can run arbitrary code, potentially installing malware or exfiltrating sensitive data.
• System Compromise: Depending on user privileges, attackers may gain full control over the affected device.

The technical details of the vulnerability are captured in the CVE identifier and associated advisories:

textCVE-2025-49713: Type confusion in Microsoft Edge (Chromium-based)
Impact: Remote Code Execution
Severity: High
Affected versions: Microsoft Edge prior to 138.0.3351.65

Immediate Mitigation and Best Practices

Security agencies and Microsoft strongly advise all users and administrators to update Microsoft Edge to version 138.0.3351.65 or later without delay.

The update incorporates the latest Chromium security fixes and addresses all known exploits related to these CVEs.

Additional recommendations include:

• Enable automatic updates for browsers.
• Avoid visiting untrusted websites or opening unsolicited links.
• Utilize enhanced security features within Edge for added protection.

For further technical guidance, users are directed to Microsoft’s Security Update Guide and the official release notes.

Failure to apply these updates could expose systems to severe cyber threats, including malware infections, data breaches, and loss of system integrity.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant updates