Edge Browser Microsoft Edge Browser Web Browser based on Chromium

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Microsoft Edge Browser.

Recent Microsoft Edge Browser Security Advisories

Advisory Title Published
CVE-2025-49713 CVE-2025-49713 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability July 2, 2025
CVE-2025-49741 CVE-2025-49741 Microsoft Edge (Chromium-based) Information Disclosure Vulnerability July 2, 2025
CVE-2025-47963 CVE-2025-47963 Microsoft Edge (Chromium-based) Spoofing Vulnerability June 26, 2025
CVE-2025-47964 CVE-2025-47964 Microsoft Edge (Chromium-based) Spoofing Vulnerability June 26, 2025
CVE-2025-47182 CVE-2025-47182 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability June 26, 2025
CVE-2025-47181 CVE-2025-47181 Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability May 23, 2025
CVE-2025-29796 CVE-2025-29796 Microsoft Edge for iOS Spoofing Vulnerability April 4, 2025
CVE-2025-29815 CVE-2025-29815 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability April 4, 2025
CVE-2025-25001 CVE-2025-25001 Microsoft Edge for iOS Spoofing Vulnerability April 4, 2025
CVE-2025-25000 CVE-2025-25000 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability April 4, 2025

Known Exploited Microsoft Edge Browser Vulnerabilities

The following Microsoft Edge Browser vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Microsoft Edge Memory Corruption Vulnerability The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.
CVE-2016-7201 Exploit Probability: 90.1%
March 28, 2022
Microsoft Edge Memory Corruption Vulnerability The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.
CVE-2016-7200 Exploit Probability: 89.9%
March 28, 2022

Of the known exploited vulnerabilities above, 2 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings.

By the Year

In 2025 there have been 3 vulnerabilities in Microsoft Edge Browser with an average score of 4.8 out of ten. Last year, in 2024 Edge Browser had 17 security vulnerabilities published. Right now, Edge Browser is on track to have less security vulnerabilities in 2025 than it did last year. Last year, the average CVE base score was greater by 0.57




Year Vulnerabilities Average Score
2025 3 4.77
2024 17 5.34
2023 11 5.61
2022 4 7.43
2021 29 7.61
2020 36 6.72
2019 74 7.02
2018 89 7.18

It may take a day or so for new Edge Browser vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Microsoft Edge Browser Security Vulnerabilities

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based)

CVE-2025-25001 4.3 - Medium - April 04, 2025

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

XSS

User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS

CVE-2025-29796 4.7 - Medium - April 04, 2025

User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network.

User Interface (UI) Misrepresentation of Critical Information

Microsoft Edge for IOS and Android Spoofing Vulnerability

CVE-2025-21253 5.3 - Medium - February 06, 2025

Microsoft Edge for IOS and Android Spoofing Vulnerability

User Interface (UI) Misrepresentation of Critical Information

Microsoft Edge (Chromium-based) Spoofing Vulnerability

CVE-2024-49041 4.3 - Medium - December 06, 2024

Microsoft Edge (Chromium-based) Spoofing Vulnerability

The UI Performs the Wrong Action

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

CVE-2024-49025 4.3 - Medium - November 14, 2024

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

Privacy violation

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

CVE-2024-38222 6.5 - Medium - September 12, 2024

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

Incorrect Default Permissions

Acrobat Reader versions 127.0.2651.105 and earlier are affected by an out-of-bounds write vulnerability

CVE-2024-41879 7.8 - High - August 26, 2024

Acrobat Reader versions 127.0.2651.105 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption

Microsoft Edge for Android Spoofing Vulnerability

CVE-2024-38208 6.1 - Medium - August 22, 2024

Microsoft Edge for Android Spoofing Vulnerability

XSS

Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page

CVE-2024-7971 9.6 - Critical - August 21, 2024

Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Object Type Confusion

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

CVE-2024-38103 5.9 - Medium - July 25, 2024

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

Microsoft Edge (Chromium-based) Spoofing Vulnerability

CVE-2024-38156 6.1 - Medium - July 19, 2024

Microsoft Edge (Chromium-based) Spoofing Vulnerability

XSS

Microsoft Edge (Chromium-based) Spoofing Vulnerability

CVE-2024-38082 4.7 - Medium - June 20, 2024

Microsoft Edge (Chromium-based) Spoofing Vulnerability

Microsoft Edge (Chromium-based) Spoofing Vulnerability

CVE-2024-38093 4.3 - Medium - June 20, 2024

Microsoft Edge (Chromium-based) Spoofing Vulnerability

Microsoft Edge for iOS Spoofing Vulnerability

CVE-2024-30057 5.4 - Medium - June 13, 2024

Microsoft Edge for iOS Spoofing Vulnerability

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

CVE-2024-26247 4.7 - Medium - March 22, 2024

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

Microsoft Edge (Chromium-based) Spoofing Vulnerability

CVE-2024-29057 4.3 - Medium - March 22, 2024

Microsoft Edge (Chromium-based) Spoofing Vulnerability

Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability

CVE-2024-26196 4.3 - Medium - March 21, 2024

Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

CVE-2024-26246 3.9 - Low - March 14, 2024

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

Microsoft Edge for Android Spoofing Vulnerability

CVE-2024-26167 4.3 - Medium - March 07, 2024

Microsoft Edge for Android Spoofing Vulnerability

Microsoft Edge (Chromium-based) Spoofing Vulnerability

CVE-2024-26188 4.3 - Medium - February 23, 2024

Microsoft Edge (Chromium-based) Spoofing Vulnerability

Microsoft Edge (Chromium-based) Spoofing Vulnerability

CVE-2023-36029 4.3 - Medium - November 03, 2023

Microsoft Edge (Chromium-based) Spoofing Vulnerability

Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1

CVE-2023-5217 8.8 - High - September 28, 2023

Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Memory Corruption

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2

CVE-2023-4863 8.8 - High - September 12, 2023

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

Memory Corruption

ChakraCore branch master cbb9b was discovered to contain a segmentation violation

CVE-2023-37140 5.5 - Medium - July 18, 2023

ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function Js::DiagScopeVariablesWalker::GetChildrenCount().

Resource Exhaustion

ChakraCore branch master cbb9b was discovered to contain a segmentation violation

CVE-2023-37143 5.5 - Medium - July 18, 2023

ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function BackwardPass::IsEmptyLoopAfterMemOp().

Resource Exhaustion

ChakraCore branch master cbb9b was discovered to contain a segmentation violation

CVE-2023-37142 5.5 - Medium - July 18, 2023

ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function Js::EntryPointInfo::HasInlinees().

Resource Exhaustion

ChakraCore branch master cbb9b was discovered to contain a segmentation violation

CVE-2023-37141 5.5 - Medium - July 18, 2023

ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function Js::ProfilingHelpers::ProfiledNewScArray().

Resource Exhaustion

ChakraCore branch master cbb9b was discovered to contain a stack overflow vulnerability

CVE-2023-37139 5.5 - Medium - July 18, 2023

ChakraCore branch master cbb9b was discovered to contain a stack overflow vulnerability via the function Js::ScopeSlots::IsDebuggerScopeSlotArray().

Memory Corruption

Microsoft Edge for iOS Spoofing Vulnerability

CVE-2023-36883 4.3 - Medium - July 14, 2023

Microsoft Edge for iOS Spoofing Vulnerability

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

CVE-2023-28284 4.3 - Medium - April 11, 2023

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

Microsoft Edge (Chromium-based) Tampering Vulnerability

CVE-2023-28301 3.7 - Low - April 11, 2023

Microsoft Edge (Chromium-based) Tampering Vulnerability

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2022-44708 8.3 - High - December 13, 2022

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121

CVE-2022-4135 9.6 - Critical - November 25, 2022

Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Memory Corruption

Microsoft Edge for Android Spoofing Vulnerability

CVE-2022-23258 4.3 - Medium - January 25, 2022

Microsoft Edge for Android Spoofing Vulnerability

There is an ASSERTION (pFuncBody->GetYieldRegister() == oldYieldRegister) failed in Js::DebugContext::RundownSourcesAndReparse in ChakraCore version 1.12.0.0-beta.

CVE-2020-23315 7.5 - High - January 20, 2022

There is an ASSERTION (pFuncBody->GetYieldRegister() == oldYieldRegister) failed in Js::DebugContext::RundownSourcesAndReparse in ChakraCore version 1.12.0.0-beta.

Microsoft Edge (Chromium-based) Tampering Vulnerability

CVE-2021-38669 6.4 - Medium - September 15, 2021

Microsoft Edge (Chromium-based) Tampering Vulnerability

Chromium: CVE-2021-30611 Use after free in WebRTC

CVE-2021-30611 8.8 - High - September 03, 2021

Chromium: CVE-2021-30611 Use after free in WebRTC

Dangling pointer

Chromium: CVE-2021-30621 UI Spoofing in Autofill

CVE-2021-30621 6.5 - Medium - September 03, 2021

Chromium: CVE-2021-30621 UI Spoofing in Autofill

Authentication Bypass by Spoofing

Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink

CVE-2021-30620 8.8 - High - September 03, 2021

Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink

Chromium: CVE-2021-30619 UI Spoofing in Autofill

CVE-2021-30619 6.5 - Medium - September 03, 2021

Chromium: CVE-2021-30619 UI Spoofing in Autofill

Authentication Bypass by Spoofing

Chromium: CVE-2021-30618 Inappropriate implementation in DevTools

CVE-2021-30618 8.8 - High - September 03, 2021

Chromium: CVE-2021-30618 Inappropriate implementation in DevTools

Chromium: CVE-2021-30617 Policy bypass in Blink

CVE-2021-30617 6.5 - Medium - September 03, 2021

Chromium: CVE-2021-30617 Policy bypass in Blink

Chromium: CVE-2021-30616 Use after free in Media

CVE-2021-30616 8.8 - High - September 03, 2021

Chromium: CVE-2021-30616 Use after free in Media

Dangling pointer

Chromium: CVE-2021-30615 Cross-origin data leak in Navigation

CVE-2021-30615 6.5 - Medium - September 03, 2021

Chromium: CVE-2021-30615 Cross-origin data leak in Navigation

Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip

CVE-2021-30614 8.8 - High - September 03, 2021

Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip

Memory Corruption

Chromium: CVE-2021-30613 Use after free in Base internals

CVE-2021-30613 8.8 - High - September 03, 2021

Chromium: CVE-2021-30613 Use after free in Base internals

Dangling pointer

Chromium: CVE-2021-30612 Use after free in WebRTC

CVE-2021-30612 8.8 - High - September 03, 2021

Chromium: CVE-2021-30612 Use after free in WebRTC

Dangling pointer

Chromium: CVE-2021-30623 Use after free in Bookmarks

CVE-2021-30623 8.8 - High - September 03, 2021

Chromium: CVE-2021-30623 Use after free in Bookmarks

Dangling pointer

Chromium: CVE-2021-30606 Use after free in Blink

CVE-2021-30606 8.8 - High - September 03, 2021

Chromium: CVE-2021-30606 Use after free in Blink

Dangling pointer

Chromium: CVE-2021-30622 Use after free in WebApp Installs

CVE-2021-30622 8.8 - High - September 03, 2021

Chromium: CVE-2021-30622 Use after free in WebApp Installs

Dangling pointer

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Microsoft Edge Chromium or by Microsoft? Click the Watch button to subscribe.

Microsoft
Vendor

Microsoft Edge Browser
Web Browser based on Chromium

subscribe