Microsoft Edge Browser Web Browser based on Chromium
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Microsoft Edge Browser.
Recent Microsoft Edge Browser Security Advisories
| Advisory | Title | Published |
|---|---|---|
| CVE-2025-49713 | CVE-2025-49713 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | July 2, 2025 |
| CVE-2025-49741 | CVE-2025-49741 Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | July 2, 2025 |
| CVE-2025-47963 | CVE-2025-47963 Microsoft Edge (Chromium-based) Spoofing Vulnerability | June 26, 2025 |
| CVE-2025-47964 | CVE-2025-47964 Microsoft Edge (Chromium-based) Spoofing Vulnerability | June 26, 2025 |
| CVE-2025-47182 | CVE-2025-47182 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | June 26, 2025 |
| CVE-2025-47181 | CVE-2025-47181 Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability | May 23, 2025 |
| CVE-2025-29796 | CVE-2025-29796 Microsoft Edge for iOS Spoofing Vulnerability | April 4, 2025 |
| CVE-2025-29815 | CVE-2025-29815 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | April 4, 2025 |
| CVE-2025-25001 | CVE-2025-25001 Microsoft Edge for iOS Spoofing Vulnerability | April 4, 2025 |
| CVE-2025-25000 | CVE-2025-25000 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | April 4, 2025 |
Known Exploited Microsoft Edge Browser Vulnerabilities
The following Microsoft Edge Browser vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| Microsoft Edge Memory Corruption Vulnerability |
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site. CVE-2016-7201 Exploit Probability: 90.1% |
March 28, 2022 |
| Microsoft Edge Memory Corruption Vulnerability |
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site. CVE-2016-7200 Exploit Probability: 89.9% |
March 28, 2022 |
Of the known exploited vulnerabilities above, 2 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings.
By the Year
In 2025 there have been 3 vulnerabilities in Microsoft Edge Browser with an average score of 4.8 out of ten. Last year, in 2024 Edge Browser had 17 security vulnerabilities published. Right now, Edge Browser is on track to have less security vulnerabilities in 2025 than it did last year. Last year, the average CVE base score was greater by 0.57
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 3 | 4.77 |
| 2024 | 17 | 5.34 |
| 2023 | 11 | 5.61 |
| 2022 | 4 | 7.43 |
| 2021 | 29 | 7.61 |
| 2020 | 36 | 6.72 |
| 2019 | 74 | 7.02 |
| 2018 | 89 | 7.18 |
It may take a day or so for new Edge Browser vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Edge Browser Security Vulnerabilities
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based)
CVE-2025-25001
4.3 - Medium
- April 04, 2025
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
XSS
User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS
CVE-2025-29796
4.7 - Medium
- April 04, 2025
User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network.
User Interface (UI) Misrepresentation of Critical Information
Microsoft Edge for IOS and Android Spoofing Vulnerability
CVE-2025-21253
5.3 - Medium
- February 06, 2025
Microsoft Edge for IOS and Android Spoofing Vulnerability
User Interface (UI) Misrepresentation of Critical Information
Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVE-2024-49041
4.3 - Medium
- December 06, 2024
Microsoft Edge (Chromium-based) Spoofing Vulnerability
The UI Performs the Wrong Action
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
CVE-2024-49025
4.3 - Medium
- November 14, 2024
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
Privacy violation
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
CVE-2024-38222
6.5 - Medium
- September 12, 2024
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
Incorrect Default Permissions
Acrobat Reader versions 127.0.2651.105 and earlier are affected by an out-of-bounds write vulnerability
CVE-2024-41879
7.8 - High
- August 26, 2024
Acrobat Reader versions 127.0.2651.105 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Microsoft Edge for Android Spoofing Vulnerability
CVE-2024-38208
6.1 - Medium
- August 22, 2024
Microsoft Edge for Android Spoofing Vulnerability
XSS
Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page
CVE-2024-7971
9.6 - Critical
- August 21, 2024
Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Object Type Confusion
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
CVE-2024-38103
5.9 - Medium
- July 25, 2024
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVE-2024-38156
6.1 - Medium
- July 19, 2024
Microsoft Edge (Chromium-based) Spoofing Vulnerability
XSS
Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVE-2024-38082
4.7 - Medium
- June 20, 2024
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVE-2024-38093
4.3 - Medium
- June 20, 2024
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Microsoft Edge for iOS Spoofing Vulnerability
CVE-2024-30057
5.4 - Medium
- June 13, 2024
Microsoft Edge for iOS Spoofing Vulnerability
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
CVE-2024-26247
4.7 - Medium
- March 22, 2024
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVE-2024-29057
4.3 - Medium
- March 22, 2024
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability
CVE-2024-26196
4.3 - Medium
- March 21, 2024
Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
CVE-2024-26246
3.9 - Low
- March 14, 2024
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Microsoft Edge for Android Spoofing Vulnerability
CVE-2024-26167
4.3 - Medium
- March 07, 2024
Microsoft Edge for Android Spoofing Vulnerability
Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVE-2024-26188
4.3 - Medium
- February 23, 2024
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVE-2023-36029
4.3 - Medium
- November 03, 2023
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1
CVE-2023-5217
8.8 - High
- September 28, 2023
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Memory Corruption
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2
CVE-2023-4863
8.8 - High
- September 12, 2023
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
Memory Corruption
ChakraCore branch master cbb9b was discovered to contain a segmentation violation
CVE-2023-37140
5.5 - Medium
- July 18, 2023
ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function Js::DiagScopeVariablesWalker::GetChildrenCount().
Resource Exhaustion
ChakraCore branch master cbb9b was discovered to contain a segmentation violation
CVE-2023-37143
5.5 - Medium
- July 18, 2023
ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function BackwardPass::IsEmptyLoopAfterMemOp().
Resource Exhaustion
ChakraCore branch master cbb9b was discovered to contain a segmentation violation
CVE-2023-37142
5.5 - Medium
- July 18, 2023
ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function Js::EntryPointInfo::HasInlinees().
Resource Exhaustion
ChakraCore branch master cbb9b was discovered to contain a segmentation violation
CVE-2023-37141
5.5 - Medium
- July 18, 2023
ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function Js::ProfilingHelpers::ProfiledNewScArray().
Resource Exhaustion
ChakraCore branch master cbb9b was discovered to contain a stack overflow vulnerability
CVE-2023-37139
5.5 - Medium
- July 18, 2023
ChakraCore branch master cbb9b was discovered to contain a stack overflow vulnerability via the function Js::ScopeSlots::IsDebuggerScopeSlotArray().
Memory Corruption
Microsoft Edge for iOS Spoofing Vulnerability
CVE-2023-36883
4.3 - Medium
- July 14, 2023
Microsoft Edge for iOS Spoofing Vulnerability
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
CVE-2023-28284
4.3 - Medium
- April 11, 2023
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Microsoft Edge (Chromium-based) Tampering Vulnerability
CVE-2023-28301
3.7 - Low
- April 11, 2023
Microsoft Edge (Chromium-based) Tampering Vulnerability
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVE-2022-44708
8.3 - High
- December 13, 2022
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121
CVE-2022-4135
9.6 - Critical
- November 25, 2022
Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Memory Corruption
Microsoft Edge for Android Spoofing Vulnerability
CVE-2022-23258
4.3 - Medium
- January 25, 2022
Microsoft Edge for Android Spoofing Vulnerability
There is an ASSERTION (pFuncBody->GetYieldRegister() == oldYieldRegister) failed in Js::DebugContext::RundownSourcesAndReparse in ChakraCore version 1.12.0.0-beta.
CVE-2020-23315
7.5 - High
- January 20, 2022
There is an ASSERTION (pFuncBody->GetYieldRegister() == oldYieldRegister) failed in Js::DebugContext::RundownSourcesAndReparse in ChakraCore version 1.12.0.0-beta.
Microsoft Edge (Chromium-based) Tampering Vulnerability
CVE-2021-38669
6.4 - Medium
- September 15, 2021
Microsoft Edge (Chromium-based) Tampering Vulnerability
Chromium: CVE-2021-30611 Use after free in WebRTC
CVE-2021-30611
8.8 - High
- September 03, 2021
Chromium: CVE-2021-30611 Use after free in WebRTC
Dangling pointer
Chromium: CVE-2021-30621 UI Spoofing in Autofill
CVE-2021-30621
6.5 - Medium
- September 03, 2021
Chromium: CVE-2021-30621 UI Spoofing in Autofill
Authentication Bypass by Spoofing
Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink
CVE-2021-30620
8.8 - High
- September 03, 2021
Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink
Chromium: CVE-2021-30619 UI Spoofing in Autofill
CVE-2021-30619
6.5 - Medium
- September 03, 2021
Chromium: CVE-2021-30619 UI Spoofing in Autofill
Authentication Bypass by Spoofing
Chromium: CVE-2021-30618 Inappropriate implementation in DevTools
CVE-2021-30618
8.8 - High
- September 03, 2021
Chromium: CVE-2021-30618 Inappropriate implementation in DevTools
Chromium: CVE-2021-30617 Policy bypass in Blink
CVE-2021-30617
6.5 - Medium
- September 03, 2021
Chromium: CVE-2021-30617 Policy bypass in Blink
Chromium: CVE-2021-30616 Use after free in Media
CVE-2021-30616
8.8 - High
- September 03, 2021
Chromium: CVE-2021-30616 Use after free in Media
Dangling pointer
Chromium: CVE-2021-30615 Cross-origin data leak in Navigation
CVE-2021-30615
6.5 - Medium
- September 03, 2021
Chromium: CVE-2021-30615 Cross-origin data leak in Navigation
Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip
CVE-2021-30614
8.8 - High
- September 03, 2021
Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip
Memory Corruption
Chromium: CVE-2021-30613 Use after free in Base internals
CVE-2021-30613
8.8 - High
- September 03, 2021
Chromium: CVE-2021-30613 Use after free in Base internals
Dangling pointer
Chromium: CVE-2021-30612 Use after free in WebRTC
CVE-2021-30612
8.8 - High
- September 03, 2021
Chromium: CVE-2021-30612 Use after free in WebRTC
Dangling pointer
Chromium: CVE-2021-30623 Use after free in Bookmarks
CVE-2021-30623
8.8 - High
- September 03, 2021
Chromium: CVE-2021-30623 Use after free in Bookmarks
Dangling pointer
Chromium: CVE-2021-30606 Use after free in Blink
CVE-2021-30606
8.8 - High
- September 03, 2021
Chromium: CVE-2021-30606 Use after free in Blink
Dangling pointer
Chromium: CVE-2021-30622 Use after free in WebApp Installs
CVE-2021-30622
8.8 - High
- September 03, 2021
Chromium: CVE-2021-30622 Use after free in WebApp Installs
Dangling pointer
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Microsoft Edge Chromium or by Microsoft? Click the Watch button to subscribe.
