Microsoft Edge Chromium
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Microsoft Edge Chromium.
By the Year
In 2026 there have been 1 vulnerability in Microsoft Edge Chromium with an average score of 5.1 out of ten. Last year, in 2025 Edge Chromium had 26 security vulnerabilities published. Right now, Edge Chromium is on track to have less security vulnerabilities in 2026 than it did last year. Last year, the average CVE base score was greater by 1.33
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 1 | 5.10 |
| 2025 | 26 | 6.43 |
| 2024 | 49 | 6.35 |
| 2023 | 58 | 6.65 |
| 2022 | 34 | 7.14 |
| 2021 | 49 | 7.59 |
| 2020 | 1 | 8.80 |
It may take a day or so for new Edge Chromium vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Edge Chromium Security Vulnerabilities
Jan 2026: Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
CVE-2026-21223
5.1 - Medium
- January 16, 2026
Microsoft Edge Elevation Service exposes a privileged COM interface that inadequately validates the privileges of the calling process. A standard (nonadministrator) local user can invoke the IElevatorEdge interface method LaunchUpdateCmdElevatedAndWait, causing the service to execute privileged update commands as LocalSystem. This allows a nonadministrator to enable or disable Windows VirtualizationBased Security (VBS) by modifying protected system registry keys under HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard. Disabling VBS weakens critical platform protections such as Credential Guard, Hypervisorprotected Code Integrity (HVCI), and the Secure Kernel, resulting in a security feature bypass.
Improper Privilege Management
Dec 2025: Microsoft Edge (Chromium-based) for Mac Spoofing Vulnerability
CVE-2025-62223
4.3 - Medium
- December 05, 2025
User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network.
User Interface (UI) Misrepresentation of Critical Information
Oct 2025: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVE-2025-60711
6.3 - Medium
- October 31, 2025
Protection mechanism failure in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
Protection Mechanism Failure
Sep 2025: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVE-2025-59251
7.6 - High
- September 24, 2025
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Stack Overflow
Sep 2025: Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability
CVE-2025-47967
4.7 - Medium
- September 16, 2025
Insufficient ui warning of dangerous operations in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.
Insufficient UI Warning of Dangerous Operations
Sep 2025: Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
CVE-2025-53791
4.7 - Medium
- September 05, 2025
Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.
Authorization
Improper Input Val. bypasses local Microsoft Edge Chromium Sec. Feat (auth)
CVE-2025-47182
5.6 - Medium
- July 11, 2025
Improper input validation in Microsoft Edge (Chromium-based) allows an authorized attacker to bypass a security feature locally.
Improper Input Validation
Microsoft Edge Unauth Network Spoofing (CVE-2025-47963)
CVE-2025-47963
6.5 - Medium
- July 11, 2025
No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
Microsoft Edge Chromium Spoofing CVE-2025-47964
CVE-2025-47964
4.3 - Medium
- July 11, 2025
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Edge Chromium Type Confusion RCE
CVE-2025-49713
8.8 - High
- July 02, 2025
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
Object Type Confusion
Microsoft Edge (Chromium) Info Disclosure via Network
CVE-2025-49741
7.5 - High
- July 01, 2025
No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.
Privilege Chaining
Out-of-Bounds heap corruption in V8 (Chrome <137.0.7151.68)
CVE-2025-5419
8.8 - High
- June 03, 2025
Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Memory Corruption
Microsoft Edge UI misrepresents critical data, enabling network spoofing
CVE-2025-29825
6.5 - Medium
- May 02, 2025
User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
User Interface (UI) Misrepresentation of Critical Information
CVE-2025-29834: OOB Read in MS Edge (Chromium) Enables Remote Code Exec
CVE-2025-29834
7.5 - High
- April 12, 2025
Out-of-bounds read in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
Out-of-bounds Read
Microsoft Edge (Chromium) Type Confusion RCE
CVE-2025-25000
8.8 - High
- April 04, 2025
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
Object Type Confusion
Use-After-Free in Microsoft Edge (Chromium) Enables Network Code Exec
CVE-2025-29815
7.6 - High
- April 04, 2025
Use after free in Microsoft Edge (Chromium-based) allows an authorized attacker to execute code over a network.
Dangling pointer
Mar 2025: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVE-2025-29806
6.5 - Medium
- March 23, 2025
No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
Object Type Confusion
Mar 2025: Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVE-2025-26643
5.4 - Medium
- March 07, 2025
The UI performs the wrong action in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
The UI Performs the Wrong Action
Feb 2025: Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
CVE-2025-21401
4.5 - Medium
- February 15, 2025
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Open Redirect
Feb 2025: Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVE-2025-21267
4.4 - Medium
- February 06, 2025
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Improperly Implemented Security Check for Standard
Feb 2025: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVE-2025-21279
6.5 - Medium
- February 06, 2025
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Object Type Confusion
Feb 2025: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVE-2025-21283
6.5 - Medium
- February 06, 2025
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Insufficient Granularity of Address Regions Protected by Register Locks
Feb 2025: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVE-2025-21342
8.8 - High
- February 06, 2025
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Object Type Confusion
Feb 2025: Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVE-2025-21404
4.3 - Medium
- February 06, 2025
Microsoft Edge (Chromium-based) Spoofing Vulnerability
The UI Performs the Wrong Action
Feb 2025: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVE-2025-21408
8.8 - High
- February 06, 2025
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Object Type Confusion
Microsoft Edge Chromium UI Spoofing Vulnerability
CVE-2025-21262
5.4 - Medium
- January 24, 2025
User Interface (UI) Misrepresentation of Critical Information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network
User Interface (UI) Misrepresentation of Critical Information
Microsoft Edge (Chromium) EoP via Rendering Engine Vulnerability
CVE-2025-21185
6.5 - Medium
- January 17, 2025
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Authorization
Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVE-2024-49041
4.3 - Medium
- December 06, 2024
Microsoft Edge (Chromium-based) Spoofing Vulnerability
The UI Performs the Wrong Action
Microsoft Edge (Chromium-based) Spoofing Vulnerability CVE-2024-49054
CVE-2024-49054
- November 22, 2024
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Insufficient UI Warning of Dangerous Operations
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
CVE-2024-49025
4.3 - Medium
- November 14, 2024
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
Privacy violation
Microsoft Edge (Chromium) Spoofing Vulnerability
CVE-2024-43577
4.3 - Medium
- October 18, 2024
Microsoft Edge (Chromium-based) Spoofing Vulnerability
The UI Performs the Wrong Action
Microsoft Edge Chromium RCE Vulnerability
CVE-2024-49023
5.3 - Medium
- October 18, 2024
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Dangling pointer
Microsoft Edge Chromium RCE CVE-2024-43596
CVE-2024-43596
8.8 - High
- October 17, 2024
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Object Type Confusion
CVE-2024-43595 Microsoft Edge (Chromium) RCE via Remote Exploit
CVE-2024-43595
8.8 - High
- October 17, 2024
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Microsoft Edge Chromium RCE Vulnerability
CVE-2024-43587
8.1 - High
- October 17, 2024
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Heap-based Buffer Overflow
MS Edge (Chromium-based) Spoofing Vulnerability
CVE-2024-43580
5.4 - Medium
- October 17, 2024
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Insufficient UI Warning of Dangerous Operations
Microsoft Edge Chromium RCE Vulnerability CVE-2024-43579
CVE-2024-43579
8.3 - High
- October 17, 2024
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVE-2024-43578
8.3 - High
- October 17, 2024
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Microsoft Edge Remote Code Execution via Chromium-based Vulnerability
CVE-2024-43566
9.8 - Critical
- October 17, 2024
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Integer Overflow or Wraparound
Microsoft Edge (Chromium) RCE Vulnerability
CVE-2024-43496
8.8 - High
- September 19, 2024
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Memory Corruption
Microsoft Edge RCE (Chromium) CVE-2024-43489
CVE-2024-43489
8.8 - High
- September 19, 2024
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Object Type Confusion
Spoofing Vulnerability in Microsoft Edge (Chromium)
CVE-2024-38221
4.3 - Medium
- September 19, 2024
Microsoft Edge (Chromium-based) Spoofing Vulnerability
XSS
Microsoft Edge HTML Memory Corruption CVE-2024-38207
CVE-2024-38207
6.3 - Medium
- August 23, 2024
Microsoft Edge (HTML-based) Memory Corruption Vulnerability
Memory Corruption
Microsoft Edge Chromium RCE via Network Service Exposure
CVE-2024-38210
7.8 - High
- August 22, 2024
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Out-of-bounds Read
Microsoft Edge Chromium RCE Vulnerability
CVE-2024-38209
7.8 - High
- August 22, 2024
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Object Type Confusion
Google Chrome V8 Heap Corruption via Crafted HTML before 128.0.6613.84
CVE-2024-7965
8.8 - High
- August 21, 2024
Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Improperly Implemented Security Check for Standard
Edge Chromium Elevation of Privilege via Browser Exploit
CVE-2024-43472
8.3 - High
- August 16, 2024
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Dangling pointer
Microsoft Edge HTML Memory Corruption Vulnerability
CVE-2024-38218
7.8 - High
- August 12, 2024
Microsoft Edge (HTML-based) Memory Corruption Vulnerability
Memory Corruption
Microsoft Edge (Chromium) RCE via Remote Code Execution
CVE-2024-38219
9 - Critical
- August 12, 2024
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Object Type Confusion
Jul 2024: Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
CVE-2024-38103
5.9 - Medium
- July 25, 2024
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
Privacy violation
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Microsoft Edge Chromium or by Microsoft? Click the Watch button to subscribe.
