Microsoft Edge Browser Web Browser based on Chromium
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Microsoft Edge Browser.
Recent Microsoft Edge Browser Security Advisories
| Advisory | Title | Published |
|---|---|---|
| CVE-2025-29796 | CVE-2025-29796 Microsoft Edge for iOS Spoofing Vulnerability | April 4, 2025 |
| CVE-2025-29815 | CVE-2025-29815 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | April 4, 2025 |
| CVE-2025-25001 | CVE-2025-25001 Microsoft Edge for iOS Spoofing Vulnerability | April 4, 2025 |
| CVE-2025-25000 | CVE-2025-25000 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | April 4, 2025 |
| CVE-2025-29795 | CVE-2025-29795 Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability | March 21, 2025 |
| CVE-2025-29806 | CVE-2025-29806 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | March 21, 2025 |
| CVE-2025-26643 | CVE-2025-26643 Microsoft Edge (Chromium-based) Spoofing Vulnerability | March 7, 2025 |
| CVE-2025-21401 | CVE-2025-21401 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | February 22, 2025 |
| CVE-2025-21342 | CVE-2025-21342 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | February 6, 2025 |
| CVE-2025-21408 | CVE-2025-21408 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | February 6, 2025 |
Known Exploited Microsoft Edge Browser Vulnerabilities
The following Microsoft Edge Browser vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| Microsoft Edge Memory Corruption Vulnerability |
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site. CVE-2016-7201 Exploit Probability: 90.1% |
March 28, 2022 |
| Microsoft Edge Memory Corruption Vulnerability |
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site. CVE-2016-7200 Exploit Probability: 90.0% |
March 28, 2022 |
Of the known exploited vulnerabilities above, 2 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings.
By the Year
In 2025 there have been 1 vulnerability in Microsoft Edge Browser with an average score of 5.3 out of ten. Last year, in 2024 Edge Browser had 17 security vulnerabilities published. Right now, Edge Browser is on track to have less security vulnerabilities in 2025 than it did last year. Last year, the average CVE base score was greater by 0.04
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 1 | 5.30 |
| 2024 | 17 | 5.34 |
| 2023 | 11 | 5.61 |
| 2022 | 4 | 7.43 |
| 2021 | 29 | 7.61 |
| 2020 | 36 | 6.72 |
| 2019 | 71 | 7.45 |
| 2018 | 89 | 7.18 |
It may take a day or so for new Edge Browser vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Edge Browser Security Vulnerabilities
Microsoft Edge for IOS and Android Spoofing Vulnerability
CVE-2025-21253
5.3 - Medium
- February 06, 2025
Microsoft Edge for IOS and Android Spoofing Vulnerability
User Interface (UI) Misrepresentation of Critical Information
Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVE-2024-49041
4.3 - Medium
- December 06, 2024
Microsoft Edge (Chromium-based) Spoofing Vulnerability
The UI Performs the Wrong Action
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
CVE-2024-49025
4.3 - Medium
- November 14, 2024
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
Privacy violation
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
CVE-2024-38222
6.5 - Medium
- September 12, 2024
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
Incorrect Default Permissions
Acrobat Reader versions 127.0.2651.105 and earlier are affected by an out-of-bounds write vulnerability
CVE-2024-41879
7.8 - High
- August 26, 2024
Acrobat Reader versions 127.0.2651.105 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Microsoft Edge for Android Spoofing Vulnerability
CVE-2024-38208
6.1 - Medium
- August 22, 2024
Microsoft Edge for Android Spoofing Vulnerability
XSS
Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page
CVE-2024-7971
9.6 - Critical
- August 21, 2024
Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Object Type Confusion
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
CVE-2024-38103
5.9 - Medium
- July 25, 2024
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVE-2024-38156
6.1 - Medium
- July 19, 2024
Microsoft Edge (Chromium-based) Spoofing Vulnerability
XSS
Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVE-2024-38082
4.7 - Medium
- June 20, 2024
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVE-2024-38093
4.3 - Medium
- June 20, 2024
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Microsoft Edge for iOS Spoofing Vulnerability
CVE-2024-30057
5.4 - Medium
- June 13, 2024
Microsoft Edge for iOS Spoofing Vulnerability
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
CVE-2024-26247
4.7 - Medium
- March 22, 2024
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVE-2024-29057
4.3 - Medium
- March 22, 2024
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability
CVE-2024-26196
4.3 - Medium
- March 21, 2024
Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
CVE-2024-26246
3.9 - Low
- March 14, 2024
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Microsoft Edge for Android Spoofing Vulnerability
CVE-2024-26167
4.3 - Medium
- March 07, 2024
Microsoft Edge for Android Spoofing Vulnerability
Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVE-2024-26188
4.3 - Medium
- February 23, 2024
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVE-2023-36029
4.3 - Medium
- November 03, 2023
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1
CVE-2023-5217
8.8 - High
- September 28, 2023
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Memory Corruption
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2
CVE-2023-4863
8.8 - High
- September 12, 2023
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
Memory Corruption
ChakraCore branch master cbb9b was discovered to contain a stack overflow vulnerability
CVE-2023-37139
5.5 - Medium
- July 18, 2023
ChakraCore branch master cbb9b was discovered to contain a stack overflow vulnerability via the function Js::ScopeSlots::IsDebuggerScopeSlotArray().
Memory Corruption
ChakraCore branch master cbb9b was discovered to contain a segmentation violation
CVE-2023-37140
5.5 - Medium
- July 18, 2023
ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function Js::DiagScopeVariablesWalker::GetChildrenCount().
Resource Exhaustion
ChakraCore branch master cbb9b was discovered to contain a segmentation violation
CVE-2023-37141
5.5 - Medium
- July 18, 2023
ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function Js::ProfilingHelpers::ProfiledNewScArray().
Resource Exhaustion
ChakraCore branch master cbb9b was discovered to contain a segmentation violation
CVE-2023-37142
5.5 - Medium
- July 18, 2023
ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function Js::EntryPointInfo::HasInlinees().
Resource Exhaustion
ChakraCore branch master cbb9b was discovered to contain a segmentation violation
CVE-2023-37143
5.5 - Medium
- July 18, 2023
ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function BackwardPass::IsEmptyLoopAfterMemOp().
Resource Exhaustion
Microsoft Edge for iOS Spoofing Vulnerability
CVE-2023-36883
4.3 - Medium
- July 14, 2023
Microsoft Edge for iOS Spoofing Vulnerability
Microsoft Edge (Chromium-based) Tampering Vulnerability
CVE-2023-28301
3.7 - Low
- April 11, 2023
Microsoft Edge (Chromium-based) Tampering Vulnerability
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
CVE-2023-28284
4.3 - Medium
- April 11, 2023
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVE-2022-44708
8.3 - High
- December 13, 2022
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121
CVE-2022-4135
9.6 - Critical
- November 25, 2022
Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Memory Corruption
Microsoft Edge for Android Spoofing Vulnerability
CVE-2022-23258
4.3 - Medium
- January 25, 2022
Microsoft Edge for Android Spoofing Vulnerability
There is an ASSERTION (pFuncBody->GetYieldRegister() == oldYieldRegister) failed in Js::DebugContext::RundownSourcesAndReparse in ChakraCore version 1.12.0.0-beta.
CVE-2020-23315
7.5 - High
- January 20, 2022
There is an ASSERTION (pFuncBody->GetYieldRegister() == oldYieldRegister) failed in Js::DebugContext::RundownSourcesAndReparse in ChakraCore version 1.12.0.0-beta.
Microsoft Edge (Chromium-based) Tampering Vulnerability
CVE-2021-38669
6.4 - Medium
- September 15, 2021
Microsoft Edge (Chromium-based) Tampering Vulnerability
Chromium: CVE-2021-30606 Use after free in Blink
CVE-2021-30606
8.8 - High
- September 03, 2021
Chromium: CVE-2021-30606 Use after free in Blink
Dangling pointer
Chromium: CVE-2021-30607 Use after free in Permissions
CVE-2021-30607
8.8 - High
- September 03, 2021
Chromium: CVE-2021-30607 Use after free in Permissions
Dangling pointer
Chromium: CVE-2021-30608 Use after free in Web Share
CVE-2021-30608
8.8 - High
- September 03, 2021
Chromium: CVE-2021-30608 Use after free in Web Share
Dangling pointer
Chromium: CVE-2021-30609 Use after free in Sign-In
CVE-2021-30609
8.8 - High
- September 03, 2021
Chromium: CVE-2021-30609 Use after free in Sign-In
Dangling pointer
Chromium: CVE-2021-30610 Use after free in Extensions API
CVE-2021-30610
8.8 - High
- September 03, 2021
Chromium: CVE-2021-30610 Use after free in Extensions API
Dangling pointer
Chromium: CVE-2021-30611 Use after free in WebRTC
CVE-2021-30611
8.8 - High
- September 03, 2021
Chromium: CVE-2021-30611 Use after free in WebRTC
Dangling pointer
Chromium: CVE-2021-30612 Use after free in WebRTC
CVE-2021-30612
8.8 - High
- September 03, 2021
Chromium: CVE-2021-30612 Use after free in WebRTC
Dangling pointer
Chromium: CVE-2021-30613 Use after free in Base internals
CVE-2021-30613
8.8 - High
- September 03, 2021
Chromium: CVE-2021-30613 Use after free in Base internals
Dangling pointer
Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip
CVE-2021-30614
8.8 - High
- September 03, 2021
Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip
Memory Corruption
Chromium: CVE-2021-30615 Cross-origin data leak in Navigation
CVE-2021-30615
6.5 - Medium
- September 03, 2021
Chromium: CVE-2021-30615 Cross-origin data leak in Navigation
Chromium: CVE-2021-30616 Use after free in Media
CVE-2021-30616
8.8 - High
- September 03, 2021
Chromium: CVE-2021-30616 Use after free in Media
Dangling pointer
Chromium: CVE-2021-30617 Policy bypass in Blink
CVE-2021-30617
6.5 - Medium
- September 03, 2021
Chromium: CVE-2021-30617 Policy bypass in Blink
Chromium: CVE-2021-30618 Inappropriate implementation in DevTools
CVE-2021-30618
8.8 - High
- September 03, 2021
Chromium: CVE-2021-30618 Inappropriate implementation in DevTools
Chromium: CVE-2021-30619 UI Spoofing in Autofill
CVE-2021-30619
6.5 - Medium
- September 03, 2021
Chromium: CVE-2021-30619 UI Spoofing in Autofill
Authentication Bypass by Spoofing
Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink
CVE-2021-30620
8.8 - High
- September 03, 2021
Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink
Chromium: CVE-2021-30621 UI Spoofing in Autofill
CVE-2021-30621
6.5 - Medium
- September 03, 2021
Chromium: CVE-2021-30621 UI Spoofing in Autofill
Authentication Bypass by Spoofing
Chromium: CVE-2021-30622 Use after free in WebApp Installs
CVE-2021-30622
8.8 - High
- September 03, 2021
Chromium: CVE-2021-30622 Use after free in WebApp Installs
Dangling pointer
Chromium: CVE-2021-30623 Use after free in Bookmarks
CVE-2021-30623
8.8 - High
- September 03, 2021
Chromium: CVE-2021-30623 Use after free in Bookmarks
Dangling pointer
Chromium: CVE-2021-30624 Use after free in Autofill
CVE-2021-30624
8.8 - High
- September 03, 2021
Chromium: CVE-2021-30624 Use after free in Autofill
Dangling pointer
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVE-2021-26436
6.1 - Medium
- September 02, 2021
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVE-2021-36930
5.3 - Medium
- September 02, 2021
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Improper Privilege Management
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVE-2021-33741
8.2 - High
- June 08, 2021
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
CVE-2021-24113
5.4 - Medium
- February 25, 2021
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Microsoft Edge for Android Information Disclosure Vulnerability
CVE-2021-24100
5 - Medium
- February 25, 2021
Microsoft Edge for Android Information Disclosure Vulnerability
Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182
CVE-2021-21157
8.8 - High
- February 22, 2021
Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Dangling pointer
Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96
CVE-2021-21141
6.5 - Medium
- February 09, 2021
Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass file extension policy via a crafted HTML page.
Injection
Uninitialized use in USB in Google Chrome prior to 88.0.4324.96
CVE-2021-21140
6.8 - Medium
- February 09, 2021
Uninitialized use in USB in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially perform out of bounds memory access via via a USB device.
Buffer Overflow
Microsoft Edge (HTML-based) Memory Corruption Vulnerability
CVE-2021-1705
4.2 - Medium
- January 12, 2021
Microsoft Edge (HTML-based) Memory Corruption Vulnerability
Microsoft Edge for Android Spoofing Vulnerability
CVE-2020-17153
4.3 - Medium
- December 10, 2020
Microsoft Edge for Android Spoofing Vulnerability
Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2020-17131
4.2 - Medium
- December 10, 2020
Chakra Scripting Engine Memory Corruption Vulnerability
Memory Corruption
Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2020-17054
4.2 - Medium
- November 11, 2020
Chakra Scripting Engine Memory Corruption Vulnerability
Memory Corruption
Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2020-17048
4.2 - Medium
- November 11, 2020
Chakra Scripting Engine Memory Corruption Vulnerability
Memory Corruption
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183
CVE-2020-16009
8.8 - High
- November 03, 2020
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Memory Corruption
<p>A remote code execution vulnerability exists in the way
CVE-2020-16884
4.2 - Medium
- September 11, 2020
<p>A remote code execution vulnerability exists in the way that the IEToEdge Browser Helper Object (BHO) plugin on Internet Explorer handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.</p> <p>In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>The security update addresses the vulnerability by modifying how the IEToEdge BHO plug-in handles objects in memory.</p>
Memory Corruption
<p>A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory
CVE-2020-1180
4.2 - Medium
- September 11, 2020
<p>A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.</p> <p>If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>The security update addresses the vulnerability by modifying how the ChakraCore scripting engine handles objects in memory.</p>
Memory Corruption
<p>A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory
CVE-2020-1172
4.2 - Medium
- September 11, 2020
<p>A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.</p> <p>If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>The security update addresses the vulnerability by modifying how the ChakraCore scripting engine handles objects in memory.</p>
Memory Corruption
<p>A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory
CVE-2020-1057
4.2 - Medium
- September 11, 2020
<p>A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.</p> <p>If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>The security update addresses the vulnerability by modifying how the ChakraCore scripting engine handles objects in memory.</p>
Memory Corruption
<p>A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory
CVE-2020-0878
4.2 - Medium
- September 11, 2020
<p>A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>An attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft browsers, and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically via an enticement in email or instant message, or by getting them to open an email attachment.</p> <p>The security update addresses the vulnerability by modifying how Microsoft browsers handle objects in memory.</p>
Memory Corruption
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based)
CVE-2020-1555
8.8 - High
- August 17, 2020
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge (HTML-based) and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.
Memory Corruption
A remote code execution vulnerability exists in the way
CVE-2020-1219
7.5 - High
- June 09, 2020
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption Vulnerability'.
Buffer Overflow
A remote code execution vulnerability exists in the way
CVE-2020-1073
8.1 - High
- June 09, 2020
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'.
Buffer Overflow
An elevation of privilege vulnerability exists in Microsoft Edge (Chromium-based) when the Feedback extension improperly validates input
CVE-2020-1195
5.9 - Medium
- May 21, 2020
An elevation of privilege vulnerability exists in Microsoft Edge (Chromium-based) when the Feedback extension improperly validates input, aka 'Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability'.
Improper Privilege Management
A remote code execution vulnerability exists in the way
CVE-2020-1065
7.5 - High
- May 21, 2020
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'.
Buffer Overflow
A remote code execution vulnerability exists in the way
CVE-2020-1037
7.5 - High
- May 21, 2020
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Chakra Scripting Engine Memory Corruption Vulnerability'.
Buffer Overflow
A remote code execution vulnerability exists in the way
CVE-2020-0970
7.5 - High
- April 15, 2020
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0968.
Buffer Overflow
A remote code execution vulnerability exists in the way
CVE-2020-0969
7.5 - High
- April 15, 2020
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Chakra Scripting Engine Memory Corruption Vulnerability'.
Buffer Overflow
A remote code execution vulnerability exists in the way
CVE-2020-0848
7.5 - High
- March 12, 2020
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833.
Buffer Overflow
A remote code execution vulnerability exists in the way
CVE-2020-0831
7.5 - High
- March 12, 2020
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.
Buffer Overflow
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers
CVE-2020-0830
7.5 - High
- March 12, 2020
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.
Buffer Overflow
A remote code execution vulnerability exists in the way
CVE-2020-0829
7.5 - High
- March 12, 2020
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.
Buffer Overflow
A remote code execution vulnerability exists in the way
CVE-2020-0828
7.5 - High
- March 12, 2020
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.
Buffer Overflow
A remote code execution vulnerability exists in the way
CVE-2020-0827
7.5 - High
- March 12, 2020
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.
Buffer Overflow
A remote code execution vulnerability exists in the way
CVE-2020-0826
7.5 - High
- March 12, 2020
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.
Buffer Overflow
A remote code execution vulnerability exists in the way
CVE-2020-0825
7.5 - High
- March 12, 2020
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.
Buffer Overflow
A remote code execution vulnerability exists in the way
CVE-2020-0823
7.5 - High
- March 12, 2020
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.
Buffer Overflow
An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory
CVE-2020-0813
7.5 - High
- March 12, 2020
An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the userâs computer or data.To exploit the vulnerability, an attacker must know the memory address of where the object was created.The update addresses the vulnerability by changing the way certain functions handle objects in memory., aka 'Scripting Engine Information Disclosure Vulnerability'.
Information Disclosure
A remote code execution vulnerability exists in the way
CVE-2020-0812
7.5 - High
- March 12, 2020
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based)L, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0811.
Buffer Overflow
A remote code execution vulnerability exists in the way
CVE-2020-0811
7.5 - High
- March 12, 2020
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based)L, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0812.
Buffer Overflow
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers
CVE-2020-0768
7.5 - High
- March 12, 2020
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.
Buffer Overflow
A remote code execution vulnerability exists in the way
CVE-2020-0712
7.5 - High
- February 11, 2020
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0674, CVE-2020-0710, CVE-2020-0711, CVE-2020-0713, CVE-2020-0767.
Buffer Overflow
A remote code execution vulnerability exists in the way
CVE-2020-0710
7.5 - High
- February 11, 2020
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0674, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767.
Buffer Overflow
A remote code execution vulnerability exists in the way
CVE-2020-0711
7.5 - High
- February 11, 2020
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0674, CVE-2020-0710, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767.
Buffer Overflow
A remote code execution vulnerability exists in the way
CVE-2020-0713
7.5 - High
- February 11, 2020
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0674, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0767.
Buffer Overflow
A remote code execution vulnerability exists in the way
CVE-2020-0767
7.5 - High
- February 11, 2020
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0674, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713.
Buffer Overflow
A remote code execution vulnerability exists in the way
CVE-2019-1428
7.5 - High
- November 12, 2019
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1426, CVE-2019-1427, CVE-2019-1429.
Memory Corruption
A remote code execution vulnerability exists in the way
CVE-2019-1426
7.5 - High
- November 12, 2019
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1427, CVE-2019-1428, CVE-2019-1429.
Memory Corruption
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Microsoft Edge Browser or by Microsoft? Click the Watch button to subscribe.
