Microsoft releases Edge 125.0.2535.85 to Stable Channel and brings fixes for 7 Chromium vulnerabilities
The update came out on June 3, 2024
3 min. read
Published on
Share this article
Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more
Microsoft Edge 125.0.2535.85 was released to the Stable channel, and several bugs and performance issues were fixed. The update also included fixes to seven Chromium vulnerabilities
Here is the changelog mentioned in the release notes for Edge 125.0.2535.85 :
Fixed various bugs and performance issues.
Stable channel security updates are listed here.
Announcement
Microsoft Defender Application Guard extension deprecation. Because Application Guard is deprecated, there won’t be a migration to Edge Manifest V3. The corresponding extensions and associated Windows Store app will not be available after May 2024. This affects the following browsers: Application Guard Extension – Chrome and Application Guard Extension – Firefox. If you want to block unprotected browsers until you’re ready to retire MDAG usage in your enterprise, we recommend using AppLocker policies or Microsoft Edge management service. For more information, see Microsoft Edge and Microsoft Defender Application Guard, Deprecated features in the Windows client – What’s new in Windows, and Microsoft Defender Application Guard – Windows Security.
Here are the security vulnerabilities that were fixed in the Edge 125.0.2535.85 update with their detailed description:
| Security vulnerabilities | Description | Chromium security severity |
| CVE-2024-5493 | Heap buffer overflow in WebRTC in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to exploit heap corruption via a crafted HTML page potentially. | High |
| CVE-2024-5494 | Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to exploit heap corruption via a crafted HTML page potentially. | High |
| CVE-2024-5495 | Use after free in Dawn in Google Chrome before 125.0.6422.141 allowed a remote attacker to exploit heap corruption via a crafted HTML page potentially | High |
| CVE-2024-5496 | Use after free in Media Session in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | High |
| CVE-2024-5497 | Out-of-bounds memory access in Keyboard Inputs in Google Chrome prior to 125.0.6422.141 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page | High |
| CVE-2024-5498 | Use after free in Presentation API in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page | High |
| CVE-2024-5499 | Out of bounds write in Streams API in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | High |
To install the latest Microsoft Edge update, go to Menu>Help and Feedback > About Microsoft Edge. You can also launch Edge and type edge://settings/help in the address bar.
You can also download Microsoft Edge Edge 125.0.2535.85 (64-bit) 170.0 MB or (32-bit) 155.0 MB from the official website. To learn about Microsoft 125 and the features included, read this guide.
What do you think about Microsoft Edge 125.0.2535.85? Share your opinions with our readers in the comments section below.
User forum
0 messages