Indian Government Issues High-Severity Warning for Microsoft Edge Users Over Security Bypass Flaw
On January 14, 2026, India’s Computer Emergency Response Team (CERT-In) issued a high-severity alert for users of Microsoft Edge, warning of a security bypass vulnerability that could lead to data theft. The flaw, identified in the Chromium-based version of the browser, stems from insufficient policy enforcement in the WebView tag.
Attackers could exploit this vulnerability by tricking users into visiting a malicious webpage, potentially bypassing device security and extracting sensitive information. The risk affects individuals and businesses using Microsoft Edge versions prior to 143.0.3650.139.
Microsoft has released an update to patch the issue, urging users to install the latest version via the browser’s built-in update mechanism. The vulnerability underscores the ongoing threat of social engineering tactics, where attackers manipulate users into clicking malicious links.
CERT-In’s advisory aligns with Microsoft’s January 2026 security release, highlighting the need for immediate updates to mitigate exposure. The flaw serves as a reminder of the persistent risks in widely used browsers, even those built on secure frameworks like Chromium.
Microsoft cybersecurity rating report: https://www.rankiteo.com/company/microsoft
"id": "MIC1768365015",
"linkid": "microsoft",
"type": "Vulnerability",
"date": "1/2026",
"severity": "25",
"impact": "1",
"explanation": "Attack without any consequences"{'affected_entities': [{'customers_affected': 'Millions',
'location': 'India, Global',
'name': 'Microsoft Edge Users',
'type': 'Individuals and Businesses'}],
'attack_vector': 'Specially crafted webpage',
'customer_advisories': 'Users advised to update Microsoft Edge to the latest '
'version.',
'data_breach': {'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Personal details, sensitive '
'information'},
'date_publicly_disclosed': '2026-01-14',
'description': 'The Indian Computer Emergency Response Team (CERT-In) has '
'warned users about a security bypass vulnerability in '
'Microsoft Edge (Chromium-based) that could lead to data '
'theft. The vulnerability exists due to insufficient policy '
'enforcement in the WebView tag, allowing remote attackers to '
'exploit it by persuading victims to visit a specially crafted '
'webpage.',
'impact': {'data_compromised': 'Personal details, sensitive data',
'identity_theft_risk': 'High',
'systems_affected': 'Microsoft Edge (Chromium-based) versions '
'prior to 143.0.3650.139'},
'post_incident_analysis': {'corrective_actions': 'Browser update to patch the '
'vulnerability',
'root_causes': 'Insufficient policy enforcement in '
'the WebView tag'},
'recommendations': 'Update Microsoft Edge to the latest version immediately '
'to mitigate the risk.',
'references': [{'date_accessed': '2026-01-14', 'source': 'News18.com'},
{'date_accessed': '2026-01-14', 'source': 'CERT-In'},
{'date_accessed': '2026-01',
'source': 'Microsoft Release Notes'}],
'regulatory_compliance': {'regulatory_notifications': 'CERT-In advisory'},
'response': {'communication_strategy': 'Public advisory via CERT-In and '
'Microsoft release notes',
'containment_measures': 'Update to Microsoft Edge version '
'143.0.3650.139 or later',
'remediation_measures': 'Browser update'},
'stakeholder_advisories': 'Public advisory issued by CERT-In and Microsoft.',
'title': 'Indian Govt Warns Microsoft Edge Users About ‘Security Bypass’ Risk',
'type': 'Security Bypass',
'vulnerability_exploited': 'Insufficient policy enforcement in the WebView '
'tag'}