Microsoft Edge Fixes Actively Exploited Chromium Vulnerability
Microsoft has released a critical security update for Edge Stable Channel on July 1, 2025, addressing a severe vulnerability that cybercriminals have actively exploited.
The latest Microsoft Edge Stable Channel Version 138.0.3351.65 incorporates crucial security patches from the Chromium project, including an urgent fix for CVE-2025-6554, which security researchers have confirmed is being exploited in real-world attacks targeting users worldwide.
Key Takeaways
1. Microsoft Edge 138.0.3351.65 released July 1, 2025, with urgent security patches.
2. CVE-2025-6554 vulnerability is being exploited by cybercriminals in real-world attacks.
3. Update patches for both Chromium vulnerability (CVE-2025-6554) and Edge-specific issue (CVE-2025-49713).
Critical Zero-Day Vulnerability Patched
The most significant security fix in this update addresses CVE-2025-6554, a vulnerability that the Chromium security team has flagged as having active exploits circulating in the wild.
This classification indicates that malicious actors are already leveraging this security flaw to compromise systems, making immediate patching essential for all Microsoft Edge users.
The vulnerability affects the underlying Chromium engine that powers Microsoft Edge, potentially allowing attackers to execute arbitrary code or gain unauthorized access to sensitive user data.
Zero-day vulnerabilities like CVE-2025-6554 represent some of the most dangerous security threats because they are discovered and exploited by attackers before developers can create and distribute patches.
The fact that this vulnerability has been actively exploited underscores the urgency of applying this security update immediately.
Users who delay installing this patch remain vulnerable to sophisticated attacks that could compromise their personal information, corporate data, or system integrity.
Beyond the critical Chromium vulnerability fix, Microsoft has also addressed CVE-2025-49713, a security issue specific to Microsoft Edge’s implementation.
This additional patch demonstrates Microsoft’s commitment to securing both the underlying Chromium foundation and its proprietary enhancements to the browser.
| CVEs | Description | Impact | CVSS 3.1 Score |
| CVE-2025-6554 | Chromium vulnerability with active exploits in the wild, allowing potential arbitrary code execution | Microsoft Edge (versions prior to 138.0.3351.65), Chromium-based browsers | 8.1 (High) |
| CVE-2025-49713 | Microsoft Edge-specific security vulnerability | Microsoft Edge (versions prior to 138.0.3351.65) | 8.8 (High) |
Update Now
Microsoft strongly recommends that all users update their Microsoft Edge browser to version 138.0.3351.65 or later immediately.
Users can verify their current version and install updates by navigating to edge://settings/help in their browser.
The update process is automated and requires minimal user intervention, making it accessible for users of all technical skill levels to protect themselves against these actively exploited vulnerabilities.
Investigate live malware behavior, trace every step of an attack, and make faster, smarter security decisions -> Try ANY.RUN now
Source link
