Microsoft Edge receives urgent security patches for actively exploited zero-day vulnerabilities

Microsoft has released a new minor update for Microsoft Edge , version 136.0.3240.76 , which addresses several bugs, performance issues, and most importantly, critical security vulnerabilities currently being exploited in the wild.

Among the patched flaws is CVE-2025-4664 , labeled as “Insufficient policy enforcement in Loader,” a high-severity issue that could allow attackers to extract sensitive data from other websites. This vulnerability has already been fixed by Google in Chrome, and now Edge follows with an update to close the gap. Another addressed flaw is CVE-2025-4609 , related to incorrect handling in Mojo, though further details remain undisclosed.

Unlike the newer Edge 137 beta , which removes several features, this update doesn’t introduce any functional changes — focusing solely on stability and security fixes. Microsoft also released a similar patch last week to fix issues with the Microsoft Editor spellchecker.

The update rolls out automatically in the background. However, users can manually check for updates by going to edge://settings/help and applying them immediately.