Edge Browser Microsoft Edge Browser Web Browser based on Chromium

  1. Vendors
  2. Microsoft
  3. Edge Browser
Do you want an email whenever new security vulnerabilities are reported in Microsoft Edge Browser?

Recent Microsoft Edge Browser Security Advisories

Advisory Title Published
CVE-2024-38103 CVE-2024-38103 Microsoft Edge (Chromium-based) Information Disclosure Vulnerability July 25, 2024
CVE-2024-39379 CVE-2024-39379 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability July 25, 2024
CVE-2024-38156 CVE-2024-38156 Microsoft Edge (Chromium-based) Spoofing Vulnerability July 17, 2024
CVE-2024-30055 CVE-2024-30055 Microsoft Edge (Chromium-based) Spoofing Vulnerability July 9, 2024
CVE-2024-38083 CVE-2024-38083 Microsoft Edge (Chromium-based) Spoofing Vulnerability July 9, 2024
CVE-2024-30057 CVE-2024-30057 Microsoft Edge for iOS Spoofing Vulnerability July 9, 2024
CVE-2024-30058 CVE-2024-30058 Microsoft Edge (Chromium-based) Spoofing Vulnerability July 9, 2024
CVE-2024-38093 CVE-2024-38093 Microsoft Edge (Chromium-based) Spoofing Vulnerability July 9, 2024
CVE-2024-38082 CVE-2024-38082 Microsoft Edge (Chromium-based) Spoofing Vulnerability July 9, 2024
CVE-2024-34122 CVE-2024-34122 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability July 9, 2024

Known Exploited Microsoft Edge Browser Vulnerabilities

The following Microsoft Edge Browser vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Microsoft Edge Memory Corruption Vulnerability The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site. CVE-2016-7201 March 28, 2022
Microsoft Edge Memory Corruption Vulnerability The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site. CVE-2016-7200 March 28, 2022

By the Year

In 2024 there have been 4 vulnerabilities in Microsoft Edge Browser with an average score of 4.3 out of ten. Last year Edge Browser had 11 security vulnerabilities published. Right now, Edge Browser is on track to have less security vulnerabilities in 2024 than it did last year. Last year, the average CVE base score was greater by 1.31

Year Vulnerabilities Average Score
2024 4 4.30
2023 11 5.61
2022 3 8.47
2021 28 7.73
2020 36 6.72
2019 71 7.45
2018 89 7.18

It may take a day or so for new Edge Browser vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Microsoft Edge Browser Security Vulnerabilities

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

CVE-2024-26247 4.7 - Medium - March 22, 2024

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

Microsoft Edge (Chromium-based) Spoofing Vulnerability

CVE-2024-29057 4.3 - Medium - March 22, 2024

Microsoft Edge (Chromium-based) Spoofing Vulnerability

Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability

CVE-2024-26196 4.3 - Medium - March 21, 2024

Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

CVE-2024-26246 3.9 - Low - March 14, 2024

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

Microsoft Edge (Chromium-based) Spoofing Vulnerability

CVE-2023-36029 4.3 - Medium - November 03, 2023

Microsoft Edge (Chromium-based) Spoofing Vulnerability

Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1

CVE-2023-5217 8.8 - High - September 28, 2023

Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Memory Corruption

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2

CVE-2023-4863 8.8 - High - September 12, 2023

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

Memory Corruption

ChakraCore branch master cbb9b was discovered to contain a stack overflow vulnerability

CVE-2023-37139 5.5 - Medium - July 18, 2023

ChakraCore branch master cbb9b was discovered to contain a stack overflow vulnerability via the function Js::ScopeSlots::IsDebuggerScopeSlotArray().

Memory Corruption

ChakraCore branch master cbb9b was discovered to contain a segmentation violation

CVE-2023-37140 5.5 - Medium - July 18, 2023

ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function Js::DiagScopeVariablesWalker::GetChildrenCount().

Resource Exhaustion

ChakraCore branch master cbb9b was discovered to contain a segmentation violation

CVE-2023-37141 5.5 - Medium - July 18, 2023

ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function Js::ProfilingHelpers::ProfiledNewScArray().

Resource Exhaustion

ChakraCore branch master cbb9b was discovered to contain a segmentation violation

CVE-2023-37142 5.5 - Medium - July 18, 2023

ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function Js::EntryPointInfo::HasInlinees().

Resource Exhaustion

ChakraCore branch master cbb9b was discovered to contain a segmentation violation

CVE-2023-37143 5.5 - Medium - July 18, 2023

ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function BackwardPass::IsEmptyLoopAfterMemOp().

Resource Exhaustion

Microsoft Edge for iOS Spoofing Vulnerability

CVE-2023-36883 4.3 - Medium - July 14, 2023

Microsoft Edge for iOS Spoofing Vulnerability

Microsoft Edge (Chromium-based) Tampering Vulnerability

CVE-2023-28301 3.7 - Low - April 11, 2023

Microsoft Edge (Chromium-based) Tampering Vulnerability

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

CVE-2023-28284 4.3 - Medium - April 11, 2023

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2022-44708 8.3 - High - December 13, 2022

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121

CVE-2022-4135 9.6 - Critical - November 25, 2022

Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Memory Corruption

There is an ASSERTION (pFuncBody->GetYieldRegister() == oldYieldRegister) failed in Js::DebugContext::RundownSourcesAndReparse in ChakraCore version 1.12.0.0-beta.

CVE-2020-23315 7.5 - High - January 20, 2022

There is an ASSERTION (pFuncBody->GetYieldRegister() == oldYieldRegister) failed in Js::DebugContext::RundownSourcesAndReparse in ChakraCore version 1.12.0.0-beta.

Microsoft Edge (Chromium-based) Tampering Vulnerability

CVE-2021-38669 6.4 - Medium - September 15, 2021

Microsoft Edge (Chromium-based) Tampering Vulnerability

Chromium: CVE-2021-30606 Use after free in Blink

CVE-2021-30606 8.8 - High - September 03, 2021

Chromium: CVE-2021-30606 Use after free in Blink

Dangling pointer

Chromium: CVE-2021-30607 Use after free in Permissions

CVE-2021-30607 8.8 - High - September 03, 2021

Chromium: CVE-2021-30607 Use after free in Permissions

Dangling pointer

Chromium: CVE-2021-30608 Use after free in Web Share

CVE-2021-30608 8.8 - High - September 03, 2021

Chromium: CVE-2021-30608 Use after free in Web Share

Dangling pointer

Chromium: CVE-2021-30609 Use after free in Sign-In

CVE-2021-30609 8.8 - High - September 03, 2021

Chromium: CVE-2021-30609 Use after free in Sign-In

Dangling pointer

Chromium: CVE-2021-30610 Use after free in Extensions API

CVE-2021-30610 8.8 - High - September 03, 2021

Chromium: CVE-2021-30610 Use after free in Extensions API

Dangling pointer

Chromium: CVE-2021-30611 Use after free in WebRTC

CVE-2021-30611 8.8 - High - September 03, 2021

Chromium: CVE-2021-30611 Use after free in WebRTC

Dangling pointer

Chromium: CVE-2021-30612 Use after free in WebRTC

CVE-2021-30612 8.8 - High - September 03, 2021

Chromium: CVE-2021-30612 Use after free in WebRTC

Dangling pointer

Chromium: CVE-2021-30613 Use after free in Base internals

CVE-2021-30613 8.8 - High - September 03, 2021

Chromium: CVE-2021-30613 Use after free in Base internals

Dangling pointer

Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip

CVE-2021-30614 8.8 - High - September 03, 2021

Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip

Memory Corruption

Chromium: CVE-2021-30615 Cross-origin data leak in Navigation

CVE-2021-30615 6.5 - Medium - September 03, 2021

Chromium: CVE-2021-30615 Cross-origin data leak in Navigation

Chromium: CVE-2021-30616 Use after free in Media

CVE-2021-30616 8.8 - High - September 03, 2021

Chromium: CVE-2021-30616 Use after free in Media

Dangling pointer

Chromium: CVE-2021-30617 Policy bypass in Blink

CVE-2021-30617 6.5 - Medium - September 03, 2021

Chromium: CVE-2021-30617 Policy bypass in Blink

Chromium: CVE-2021-30618 Inappropriate implementation in DevTools

CVE-2021-30618 8.8 - High - September 03, 2021

Chromium: CVE-2021-30618 Inappropriate implementation in DevTools

Chromium: CVE-2021-30619 UI Spoofing in Autofill

CVE-2021-30619 6.5 - Medium - September 03, 2021

Chromium: CVE-2021-30619 UI Spoofing in Autofill

Authentication Bypass by Spoofing

Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink

CVE-2021-30620 8.8 - High - September 03, 2021

Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink

Chromium: CVE-2021-30621 UI Spoofing in Autofill

CVE-2021-30621 6.5 - Medium - September 03, 2021

Chromium: CVE-2021-30621 UI Spoofing in Autofill

Authentication Bypass by Spoofing

Chromium: CVE-2021-30622 Use after free in WebApp Installs

CVE-2021-30622 8.8 - High - September 03, 2021

Chromium: CVE-2021-30622 Use after free in WebApp Installs

Dangling pointer

Chromium: CVE-2021-30623 Use after free in Bookmarks

CVE-2021-30623 8.8 - High - September 03, 2021

Chromium: CVE-2021-30623 Use after free in Bookmarks

Dangling pointer

Chromium: CVE-2021-30624 Use after free in Autofill

CVE-2021-30624 8.8 - High - September 03, 2021

Chromium: CVE-2021-30624 Use after free in Autofill

Dangling pointer

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2021-26436 6.1 - Medium - September 02, 2021

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2021-36930 5.3 - Medium - September 02, 2021

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Improper Privilege Management

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2021-33741 8.2 - High - June 08, 2021

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

CVE-2021-24113 5.4 - Medium - February 25, 2021

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

Microsoft Edge for Android Information Disclosure Vulnerability

CVE-2021-24100 5 - Medium - February 25, 2021

Microsoft Edge for Android Information Disclosure Vulnerability

Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182

CVE-2021-21157 8.8 - High - February 22, 2021

Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96

CVE-2021-21141 6.5 - Medium - February 09, 2021

Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass file extension policy via a crafted HTML page.

Injection

Uninitialized use in USB in Google Chrome prior to 88.0.4324.96

CVE-2021-21140 6.8 - Medium - February 09, 2021

Uninitialized use in USB in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially perform out of bounds memory access via via a USB device.

Buffer Overflow

Microsoft Edge for Android Spoofing Vulnerability

CVE-2020-17153 4.3 - Medium - December 10, 2020

Microsoft Edge for Android Spoofing Vulnerability

Chakra Scripting Engine Memory Corruption Vulnerability

CVE-2020-17131 4.2 - Medium - December 10, 2020

Chakra Scripting Engine Memory Corruption Vulnerability

Memory Corruption

Chakra Scripting Engine Memory Corruption Vulnerability

CVE-2020-17054 4.2 - Medium - November 11, 2020

Chakra Scripting Engine Memory Corruption Vulnerability

Memory Corruption

Chakra Scripting Engine Memory Corruption Vulnerability

CVE-2020-17048 4.2 - Medium - November 11, 2020

Chakra Scripting Engine Memory Corruption Vulnerability

Memory Corruption

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183

CVE-2020-16009 8.8 - High - November 03, 2020

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

<p>A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory

CVE-2020-1057 4.2 - Medium - September 11, 2020

<p>A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.</p> <p>If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>The security update addresses the vulnerability by modifying how the ChakraCore scripting engine handles objects in memory.</p>

Memory Corruption

<p>A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory

CVE-2020-0878 4.2 - Medium - September 11, 2020

<p>A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>An attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft browsers, and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically via an enticement in email or instant message, or by getting them to open an email attachment.</p> <p>The security update addresses the vulnerability by modifying how Microsoft browsers handle objects in memory.</p>

Memory Corruption

<p>A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory

CVE-2020-1172 4.2 - Medium - September 11, 2020

<p>A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.</p> <p>If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>The security update addresses the vulnerability by modifying how the ChakraCore scripting engine handles objects in memory.</p>

Memory Corruption

<p>A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory

CVE-2020-1180 4.2 - Medium - September 11, 2020

<p>A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.</p> <p>If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>The security update addresses the vulnerability by modifying how the ChakraCore scripting engine handles objects in memory.</p>

Memory Corruption

<p>A remote code execution vulnerability exists in the way

CVE-2020-16884 4.2 - Medium - September 11, 2020

<p>A remote code execution vulnerability exists in the way that the IEToEdge Browser Helper Object (BHO) plugin on Internet Explorer handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.</p> <p>In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>The security update addresses the vulnerability by modifying how the IEToEdge BHO plug-in handles objects in memory.</p>

Memory Corruption

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based)

CVE-2020-1555 8.8 - High - August 17, 2020

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge (HTML-based) and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.

Memory Corruption

A remote code execution vulnerability exists in the way

CVE-2020-1219 7.5 - High - June 09, 2020

A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption Vulnerability'.

Buffer Overflow

A remote code execution vulnerability exists in the way

CVE-2020-1073 8.1 - High - June 09, 2020

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'.

Buffer Overflow

A remote code execution vulnerability exists in the way

CVE-2020-1065 7.5 - High - May 21, 2020

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'.

Buffer Overflow

A remote code execution vulnerability exists in the way

CVE-2020-1037 7.5 - High - May 21, 2020

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Chakra Scripting Engine Memory Corruption Vulnerability'.

Buffer Overflow

An elevation of privilege vulnerability exists in Microsoft Edge (Chromium-based) when the Feedback extension improperly validates input

CVE-2020-1195 5.9 - Medium - May 21, 2020

An elevation of privilege vulnerability exists in Microsoft Edge (Chromium-based) when the Feedback extension improperly validates input, aka 'Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability'.

Improper Privilege Management

A remote code execution vulnerability exists in the way

CVE-2020-0970 7.5 - High - April 15, 2020

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0968.

Buffer Overflow

A remote code execution vulnerability exists in the way

CVE-2020-0969 7.5 - High - April 15, 2020

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Chakra Scripting Engine Memory Corruption Vulnerability'.

Buffer Overflow

A remote code execution vulnerability exists in the way

CVE-2020-0848 7.5 - High - March 12, 2020

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833.

Buffer Overflow

A remote code execution vulnerability exists in the way

CVE-2020-0831 7.5 - High - March 12, 2020

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.

Buffer Overflow

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers

CVE-2020-0830 7.5 - High - March 12, 2020

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.

Buffer Overflow

A remote code execution vulnerability exists in the way

CVE-2020-0829 7.5 - High - March 12, 2020

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.

Buffer Overflow

A remote code execution vulnerability exists in the way

CVE-2020-0828 7.5 - High - March 12, 2020

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.

Buffer Overflow

A remote code execution vulnerability exists in the way

CVE-2020-0827 7.5 - High - March 12, 2020

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.

Buffer Overflow

A remote code execution vulnerability exists in the way

CVE-2020-0826 7.5 - High - March 12, 2020

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.

Buffer Overflow

A remote code execution vulnerability exists in the way

CVE-2020-0825 7.5 - High - March 12, 2020

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.

Buffer Overflow

A remote code execution vulnerability exists in the way

CVE-2020-0823 7.5 - High - March 12, 2020

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.

Buffer Overflow

An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory

CVE-2020-0813 7.5 - High - March 12, 2020

An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the userâs computer or data.To exploit the vulnerability, an attacker must know the memory address of where the object was created.The update addresses the vulnerability by changing the way certain functions handle objects in memory., aka 'Scripting Engine Information Disclosure Vulnerability'.

Information Disclosure

A remote code execution vulnerability exists in the way

CVE-2020-0812 7.5 - High - March 12, 2020

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based)L, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0811.

Buffer Overflow

A remote code execution vulnerability exists in the way

CVE-2020-0811 7.5 - High - March 12, 2020

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based)L, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0812.

Buffer Overflow

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers

CVE-2020-0768 7.5 - High - March 12, 2020

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.

Buffer Overflow

A remote code execution vulnerability exists in the way

CVE-2020-0767 7.5 - High - February 11, 2020

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0674, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713.

Buffer Overflow

A remote code execution vulnerability exists in the way

CVE-2020-0713 7.5 - High - February 11, 2020

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0674, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0767.

Buffer Overflow

A remote code execution vulnerability exists in the way

CVE-2020-0712 7.5 - High - February 11, 2020

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0674, CVE-2020-0710, CVE-2020-0711, CVE-2020-0713, CVE-2020-0767.

Buffer Overflow

A remote code execution vulnerability exists in the way

CVE-2020-0711 7.5 - High - February 11, 2020

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0674, CVE-2020-0710, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767.

Buffer Overflow

A remote code execution vulnerability exists in the way

CVE-2020-0710 7.5 - High - February 11, 2020

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0674, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767.

Buffer Overflow

A remote code execution vulnerability exists in the way

CVE-2019-1428 7.5 - High - November 12, 2019

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1426, CVE-2019-1427, CVE-2019-1429.

Memory Corruption

A remote code execution vulnerability exists in the way

CVE-2019-1427 7.5 - High - November 12, 2019

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1426, CVE-2019-1428, CVE-2019-1429.

Memory Corruption

A remote code execution vulnerability exists in the way

CVE-2019-1426 7.5 - High - November 12, 2019

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1427, CVE-2019-1428, CVE-2019-1429.

Memory Corruption

A remote code execution vulnerability exists in the way

CVE-2019-1308 7.5 - High - October 10, 2019

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1307, CVE-2019-1335, CVE-2019-1366.

Memory Corruption

A remote code execution vulnerability exists in the way

CVE-2019-1307 7.5 - High - October 10, 2019

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1308, CVE-2019-1335, CVE-2019-1366.

Memory Corruption

A remote code execution vulnerability exists in the way

CVE-2019-1366 7.5 - High - October 10, 2019

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1307, CVE-2019-1308, CVE-2019-1335.

Memory Corruption

A remote code execution vulnerability exists in the way

CVE-2019-1335 7.5 - High - October 10, 2019

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1307, CVE-2019-1308, CVE-2019-1366.

Memory Corruption

A remote code execution vulnerability exists in the way

CVE-2019-1300 7.5 - High - September 11, 2019

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1138, CVE-2019-1217, CVE-2019-1237, CVE-2019-1298.

Memory Corruption

A remote code execution vulnerability exists in the way

CVE-2019-1298 7.5 - High - September 11, 2019

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1138, CVE-2019-1217, CVE-2019-1237, CVE-2019-1300.

Memory Corruption

A remote code execution vulnerability exists in the way

CVE-2019-1237 7.5 - High - September 11, 2019

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1138, CVE-2019-1217, CVE-2019-1298, CVE-2019-1300.

Memory Corruption

A remote code execution vulnerability exists in the way

CVE-2019-1217 7.5 - High - September 11, 2019

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1138, CVE-2019-1237, CVE-2019-1298, CVE-2019-1300.

Memory Corruption

A remote code execution vulnerability exists in the way

CVE-2019-1138 7.5 - High - September 11, 2019

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1217, CVE-2019-1237, CVE-2019-1298, CVE-2019-1300.

Memory Corruption

A remote code execution vulnerability exists in the way

CVE-2019-1103 7.5 - High - July 15, 2019

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1062, CVE-2019-1092, CVE-2019-1106, CVE-2019-1107.

Memory Corruption

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers

CVE-2019-1001 7.5 - High - July 15, 2019

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1004, CVE-2019-1056, CVE-2019-1059.

Memory Corruption

A remote code execution vulnerability exists in the way

CVE-2019-1062 7.5 - High - July 15, 2019

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1092, CVE-2019-1103, CVE-2019-1106, CVE-2019-1107.

Memory Corruption

A remote code execution vulnerability exists in the way

CVE-2019-1092 7.5 - High - July 15, 2019

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1062, CVE-2019-1103, CVE-2019-1106, CVE-2019-1107.

Memory Corruption

A remote code execution vulnerability exists in the way

CVE-2019-1106 7.5 - High - July 15, 2019

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1062, CVE-2019-1092, CVE-2019-1103, CVE-2019-1107.

Memory Corruption

A remote code execution vulnerability exists in the way

CVE-2019-1107 7.5 - High - July 15, 2019

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1062, CVE-2019-1092, CVE-2019-1103, CVE-2019-1106.

Memory Corruption

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Microsoft Edge Browser or by Microsoft? Click the Watch button to subscribe.

Microsoft
Vendor

Microsoft Edge Browser
Web Browser based on Chromium

subscribe