Short answer
- Microsoft documents CVE-2025-11207 in its Security Update Guide because the bug is in Chromium OSS (the codebase that Microsoft Edge uses). Microsoft publishes these entries to record that the Chromium vulnerability has been addressed in the Microsoft Edge (Chromium‑based) builds and to tell customers which Edge/Chromium build contains the fix.
- The Chromium/Chrome fix for CVE‑2025‑11207 was shipped in the Chrome 141 stable release (desktop builds 141.0.7390.54 / 141.0.7390.55). If your browser is at that version or newer it contains the fix.
1) Microsoft Edge (Chromium-based)
- Open Edge → click the three-dots menu (Settings and more) → Help and feedback → About Microsoft Edge. The About page will show the installed Edge version and automatically check for updates. If an update is available it will download and prompt you to restart.
- For the exact Chromium build that Edge is running, open edge://version in the address bar. That page shows both the Edge application version and the underlying Chromium build string (so you can directly compare the Chromium build to the patched Chromium/Chrome build).
- Open Chrome → click the three-dots menu → Help → About Google Chrome. The About page shows the Chrome version and triggers an update check. Alternatively open chrome://version to see details (including the full build string).
- The public Chrome stable release that includes the CVE fixes is Chrome 141 (desktop: 141.0.7390.54/55). If your browser’s version (or the Chromium build shown on edge://version or chrome://version) is the same or newer, the specific CVE‑2025‑11207 fix is present. Security scanners and vendor advisories also flag versions older than 141.0.7390.54 as vulnerable.
- Microsoft’s guide is saying: “This CVE originates in Chromium OSS (used by Chromium‑based browsers). We track it in our update guide so customers know the Microsoft Edge (Chromium‑based) update that removes the vulnerability.” In short: it’s listed so Edge users know Microsoft has consumed the Chromium fix and shipped an Edge build that is no longer vulnerable.
- If your browser is older than the versions above, update now (About page → let it download → restart). If you manage many machines, use your normal patch-management process (WSUS/Microsoft Update for Edge in enterprise or whichever endpoint-management tool you use) and verify by checking edge://version or chrome://version. Security vendors and advisories list 141.0.7390.54 as the patch baseline.
- Tell you exactly how to find the Chromium build string on your machine and interpret it.
- Walk you through updating Edge or Chrome on Windows/macOS/Linux (or on mobile).
Which browser and OS are you using?
Source: MSRC Security Update Guide - Microsoft Security Response Center
