| VID |
50433 |
| Severity |
30 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The version of Microsoft Edge installed on the remote Windows host is prior to 134.0.3124.51. It is, therefore, affected by multiple vulnerabilities as referenced in the March 7, 2025 advisory.
- No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. (CVE-2025-26643)
- Out of bounds read in V8 in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) (CVE-2025-1914)
- Improper Limitation of a Pathname to a Restricted Directory in DevTools in Google Chrome on Windows prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted Chrome Extension. (Chromium security severity: Medium) (CVE-2025-1915)
- Use after free in Profiles in Google Chrome prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2025-1916)
- Inappropriate implementation in Browser UI in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) (CVE-2025-1917)
* References:
https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#march-7-2025
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-1914
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-1915
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-1916
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-1917
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-1918
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-1919
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-1921
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-1922
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-1923
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26643
* Platforms Affected:
Microsoft Edge versions prior to 134.0.3124.51
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of Microsoft Edge at (134.0.3124.51 or later), as described in the Microsoft Security bulletin at
https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security |
| Related URL |
CVE-2025-1914,CVE-2025-1915,CVE-2025-1916,CVE-2025-1917,CVE-2025-1918,CVE-2025-1919,CVE-2025-1921,CVE-2025-1923,CVE-2025-26643 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
