Microsoft Edge Patches Critical RCE Zero-Day (CVE-2025-61927) Exploited in Attacks
Microsoft's October 2025 Patch Tuesday included a critical security update for Microsoft Edge (Chromium-based), addressing CVE-2025-61927. This remote code execution (RCE) vulnerability, identified as a "Happy DOM Security Flaw," allows for virtual machine (VM) context escape and is confirmed to be under active exploitation. The update is crucial for all users across Windows, macOS, and Linux platforms to mitigate the severe risk posed by this flaw and other security issues patched this month.
Microsoft Edge Security Update
Vulnerability Overview
- CVE ID(s): CVE-2025-61927
- Severity: Critical (CVSS 3.1: 9.8)
- Vulnerability Type: Remote Code Execution (RCE), VM Context Escape
- Affected Component: Microsoft Edge (Chromium-based), specifically a "Happy DOM Security Flaw"
- Affected Versions: Versions prior to the October 2025 Patch Tuesday update
- Platforms: Windows, macOS, Linux
- Exploitation Status: Actively exploited as a zero-day
Technical Details
CVE-2025-61927 stems from a "Happy DOM Security Flaw" within the Chromium-based rendering engine used by Microsoft Edge. This vulnerability is particularly dangerous as it enables a VM Context Escape, allowing an attacker to break out of the browser's sandbox environment. Upon successful exploitation, an attacker could achieve remote code execution on the underlying system with the privileges of the affected user. The precise mechanism of the "Happy DOM" flaw involves specific manipulations of the Document Object Model that lead to memory corruption, bypassing security boundaries designed to isolate browser processes.
The active exploitation of this zero-day underscores its appeal to threat actors, likely indicating sophisticated attack chains designed to compromise user systems silently. Such vulnerabilities are often chained with other exploits to achieve higher privileges or persistence, making prompt patching essential.
Patch Information
- Fixed Version: Microsoft Edge versions released with the October 2025 Patch Tuesday updates. Users should update to the latest available version.
- Release Date: October 14, 2025
- Rollout Status: Generally available through automatic updates.
- Update Method: Users should ensure their Microsoft Edge browser is configured for automatic updates or manually check for and apply updates via Edge's settings menu (
Settings > About Microsoft Edge).
Other Notable Edge Patches
In addition to the critical CVE-2025-61927, Microsoft's October Patch Tuesday also addressed other security vulnerabilities affecting Edge:
- CVE-2025-61928: A Remote Code Execution vulnerability in Microsoft Edge (Chromium-based), rated Moderate.
- CVE-2025-61929: A Spoofing vulnerability in Microsoft Edge (Chromium-based), rated Moderate.
These additional patches contribute to the overall security hardening of the browser, demonstrating Microsoft's ongoing efforts to address a wide array of potential attack vectors within its browser ecosystem. The comprehensive nature of the October 2025 Patch Tuesday, which fixed approximately 172 vulnerabilities across various Microsoft products, including six zero-days under active exploitation, highlights the persistent threat landscape requiring diligent update management.
References
- The October 2025 Security Update Review - Zero Day Initiative (ZDI)
- Happy DOM Security Flaw (CVE-2025-61927) Enables VM Context Escape and Remote Code Execution - The Cyber Express
- Microsoft October 2025 Patch Tuesday fixes 6 zero-days, 172 flaws - BleepingComputer
- Patch Tuesday, October 2025 βEnd of 10β Edition - KrebsOnSecurity