Edge Chromium Microsoft Edge Chromium

Do you want an email whenever new security vulnerabilities are reported in Microsoft Edge Chromium?

By the Year

In 2021 there have been 47 vulnerabilities in Microsoft Edge Chromium with an average score of 7.9 out of ten. Edge Chromium did not have any published security vulnerabilities last year. That is, 47 more vulnerabilities have already been reported in 2021 as compared to last year.

Year Vulnerabilities Average Score
2021 47 7.89
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Edge Chromium vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Microsoft Edge Chromium Security Vulnerabilities

Microsoft Edge (Chromium-based) Tampering Vulnerability

CVE-2021-38669 8.8 - High - September 15, 2021

Microsoft Edge (Chromium-based) Tampering Vulnerability

Chromium: CVE-2021-30606 Use after free in Blink

CVE-2021-30606 8.8 - High - September 03, 2021

Chromium: CVE-2021-30606 Use after free in Blink

Dangling pointer

Chromium: CVE-2021-30624 Use after free in Autofill

CVE-2021-30624 8.8 - High - September 03, 2021

Chromium: CVE-2021-30624 Use after free in Autofill

Dangling pointer

Chromium: CVE-2021-30623 Use after free in Bookmarks

CVE-2021-30623 8.8 - High - September 03, 2021

Chromium: CVE-2021-30623 Use after free in Bookmarks

Dangling pointer

Chromium: CVE-2021-30622 Use after free in WebApp Installs

CVE-2021-30622 8.8 - High - September 03, 2021

Chromium: CVE-2021-30622 Use after free in WebApp Installs

Dangling pointer

Chromium: CVE-2021-30621 UI Spoofing in Autofill

CVE-2021-30621 6.5 - Medium - September 03, 2021

Chromium: CVE-2021-30621 UI Spoofing in Autofill

Authentication Bypass by Spoofing

Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink

CVE-2021-30620 8.8 - High - September 03, 2021

Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink

Chromium: CVE-2021-30619 UI Spoofing in Autofill

CVE-2021-30619 6.5 - Medium - September 03, 2021

Chromium: CVE-2021-30619 UI Spoofing in Autofill

Authentication Bypass by Spoofing

Chromium: CVE-2021-30618 Inappropriate implementation in DevTools

CVE-2021-30618 8.8 - High - September 03, 2021

Chromium: CVE-2021-30618 Inappropriate implementation in DevTools

Chromium: CVE-2021-30617 Policy bypass in Blink

CVE-2021-30617 6.5 - Medium - September 03, 2021

Chromium: CVE-2021-30617 Policy bypass in Blink

Chromium: CVE-2021-30616 Use after free in Media

CVE-2021-30616 8.8 - High - September 03, 2021

Chromium: CVE-2021-30616 Use after free in Media

Dangling pointer

Chromium: CVE-2021-30615 Cross-origin data leak in Navigation

CVE-2021-30615 6.5 - Medium - September 03, 2021

Chromium: CVE-2021-30615 Cross-origin data leak in Navigation

Exposure of Resource to Wrong Sphere

Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip

CVE-2021-30614 8.8 - High - September 03, 2021

Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip

Memory Corruption

Chromium: CVE-2021-30613 Use after free in Base internals

CVE-2021-30613 8.8 - High - September 03, 2021

Chromium: CVE-2021-30613 Use after free in Base internals

Dangling pointer

Chromium: CVE-2021-30612 Use after free in WebRTC

CVE-2021-30612 8.8 - High - September 03, 2021

Chromium: CVE-2021-30612 Use after free in WebRTC

Dangling pointer

Chromium: CVE-2021-30611 Use after free in WebRTC

CVE-2021-30611 8.8 - High - September 03, 2021

Chromium: CVE-2021-30611 Use after free in WebRTC

Dangling pointer

Chromium: CVE-2021-30610 Use after free in Extensions API

CVE-2021-30610 8.8 - High - September 03, 2021

Chromium: CVE-2021-30610 Use after free in Extensions API

Dangling pointer

Chromium: CVE-2021-30609 Use after free in Sign-In

CVE-2021-30609 8.8 - High - September 03, 2021

Chromium: CVE-2021-30609 Use after free in Sign-In

Dangling pointer

Chromium: CVE-2021-30608 Use after free in Web Share

CVE-2021-30608 8.8 - High - September 03, 2021

Chromium: CVE-2021-30608 Use after free in Web Share

Dangling pointer

Chromium: CVE-2021-30607 Use after free in Permissions

CVE-2021-30607 8.8 - High - September 03, 2021

Chromium: CVE-2021-30607 Use after free in Permissions

Dangling pointer

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

CVE-2021-36929 5.5 - Medium - August 26, 2021

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2021-36931 7.8 - High - August 26, 2021

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36928.

Improper Privilege Management

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2021-36928 7.8 - High - August 26, 2021

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36931.

Improper Privilege Management

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2021-33741 7.5 - High - June 08, 2021

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Improper Privilege Management

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

CVE-2021-24113 5.4 - Medium - February 25, 2021

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182

CVE-2021-21157 8.8 - High - February 22, 2021

Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in Media in Google Chrome prior to 88.0.4324.96

CVE-2021-21119 8.8 - High - February 09, 2021

Use after free in Media in Google Chrome prior to 88.0.4324.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Insufficient data validation in V8 in Google Chrome prior to 88.0.4324.96

CVE-2021-21118 8.8 - High - February 09, 2021

Insufficient data validation in V8 in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

Buffer Overflow

Use after free in WebSQL in Google Chrome prior to 88.0.4324.96

CVE-2021-21120 8.8 - High - February 09, 2021

Use after free in WebSQL in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in Omnibox in Google Chrome on Linux prior to 88.0.4324.96

CVE-2021-21121 9.6 - Critical - February 09, 2021

Use after free in Omnibox in Google Chrome on Linux prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

Dangling pointer

Use after free in Blink in Google Chrome prior to 88.0.4324.96

CVE-2021-21122 8.8 - High - February 09, 2021

Use after free in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Insufficient data validation in File System API in Google Chrome prior to 88.0.4324.96

CVE-2021-21123 6.5 - Medium - February 09, 2021

Insufficient data validation in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.

Improper Input Validation

Potential user after free in Speech Recognizer in Google Chrome on Android prior to 88.0.4324.96

CVE-2021-21124 9.6 - Critical - February 09, 2021

Potential user after free in Speech Recognizer in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

Dangling pointer

Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 88.0.4324.96

CVE-2021-21125 8.1 - High - February 09, 2021

Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.

authentification

Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96

CVE-2021-21126 6.5 - Medium - February 09, 2021

Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension.

authentification

Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96

CVE-2021-21127 8.8 - High - February 09, 2021

Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass content security policy via a crafted Chrome Extension.

authentification

Heap buffer overflow in Blink in Google Chrome prior to 88.0.4324.96

CVE-2021-21128 8.8 - High - February 09, 2021

Heap buffer overflow in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96

CVE-2021-21129 6.5 - Medium - February 09, 2021

Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.

authentification

Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96

CVE-2021-21130 6.5 - Medium - February 09, 2021

Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.

authentification

Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96

CVE-2021-21131 6.5 - Medium - February 09, 2021

Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.

authentification

Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96

CVE-2021-21132 9.6 - Critical - February 09, 2021

Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted Chrome Extension.

Clickjacking

Insufficient policy enforcement in Downloads in Google Chrome prior to 88.0.4324.96

CVE-2021-21133 6.5 - Medium - February 09, 2021

Insufficient policy enforcement in Downloads in Google Chrome prior to 88.0.4324.96 allowed an attacker who convinced a user to download files to bypass navigation restrictions via a crafted HTML page.

authentification

Incorrect security UI in Page Info in Google Chrome on iOS prior to 88.0.4324.96

CVE-2021-21134 6.5 - Medium - February 09, 2021

Incorrect security UI in Page Info in Google Chrome on iOS prior to 88.0.4324.96 allowed a remote attacker to spoof security UI via a crafted HTML page.

Authentication Bypass by Spoofing

Inappropriate implementation in Performance API in Google Chrome prior to 88.0.4324.96

CVE-2021-21135 6.5 - Medium - February 09, 2021

Inappropriate implementation in Performance API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Origin Validation Error

Insufficient policy enforcement in WebView in Google Chrome on Android prior to 88.0.4324.96

CVE-2021-21136 6.5 - Medium - February 09, 2021

Insufficient policy enforcement in WebView in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Origin Validation Error

Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96

CVE-2021-21137 6.5 - Medium - February 09, 2021

Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page.

Information Disclosure

Inappropriate implementation in iframe sandbox in Google Chrome prior to 88.0.4324.96

CVE-2021-21139 6.5 - Medium - February 09, 2021

Inappropriate implementation in iframe sandbox in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

Clickjacking

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Microsoft Edge Chromium or by Microsoft? Click the Watch button to subscribe.

Microsoft
Vendor

subscribe