Which MS Edge release channel is being used for vulnerability reporting? I’m asking because our users that have version 135.0.3179.85 installed (released April 17, 2025) are still flagged as needing to apply an update. This is the latest available from the Stable channel at the time this post is being written.
https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnote-stable-channel but
I believe I am facing the same issue. According to https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-3066, build 135.0.3179.73 is vulnerable to Chromium: CVE-2025-3066. Yet we have systems running 135.0.3179.85 that are still reporting as vulnerable to CVE-2025-3066. I’m thinking this is a false positive in InsightVM.
I know there are several other people seeing this issue that have support cases open. I believe this is a known defect.