Microsoft Edge Browser Web Browser based on Chromium
Recent Microsoft Edge Browser Security Advisories
| Advisory | Title | Published |
|---|---|---|
| CVE-2024-29991 | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | April 19, 2024 |
| CVE-2024-29987 | Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | April 18, 2024 |
| CVE-2024-29986 | Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability | April 18, 2024 |
| CVE-2024-29049 | Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability | April 4, 2024 |
| CVE-2024-29981 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | April 4, 2024 |
| CVE-2024-26247 | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | March 22, 2024 |
| CVE-2024-29057 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | March 21, 2024 |
| CVE-2024-26246 | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | March 14, 2024 |
| CVE-2024-26163 | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | March 14, 2024 |
| CVE-2024-26167 | Microsoft Edge for Android Spoofing Vulnerability | March 7, 2024 |
Known Exploited Microsoft Edge Browser Vulnerabilities
The following Microsoft Edge Browser vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| Microsoft Edge Memory Corruption Vulnerability | The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site. CVE-2016-7201 | March 28, 2022 |
| Microsoft Edge Memory Corruption Vulnerability | The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site. CVE-2016-7200 | March 28, 2022 |
By the Year
In 2024 there have been 4 vulnerabilities in Microsoft Edge Browser with an average score of 4.3 out of ten. Last year Edge Browser had 6 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Edge Browser in 2024 could surpass last years number. Last year, the average CVE base score was greater by 1.40
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 4 | 4.30 |
| 2023 | 6 | 5.70 |
| 2022 | 2 | 8.95 |
| 2021 | 28 | 7.73 |
| 2020 | 4 | 5.80 |
| 2019 | 0 | 0.00 |
| 2018 | 21 | 6.43 |
It may take a day or so for new Edge Browser vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Edge Browser Security Vulnerabilities
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
CVE-2024-26247
4.7 - Medium
- March 22, 2024
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVE-2024-29057
4.3 - Medium
- March 22, 2024
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability
CVE-2024-26196
4.3 - Medium
- March 21, 2024
Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
CVE-2024-26246
3.9 - Low
- March 14, 2024
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVE-2023-36029
4.3 - Medium
- November 03, 2023
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1
CVE-2023-5217
8.8 - High
- September 28, 2023
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Memory Corruption
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2
CVE-2023-4863
8.8 - High
- September 12, 2023
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
Memory Corruption
Microsoft Edge for iOS Spoofing Vulnerability
CVE-2023-36883
4.3 - Medium
- July 14, 2023
Microsoft Edge for iOS Spoofing Vulnerability
Microsoft Edge (Chromium-based) Tampering Vulnerability
CVE-2023-28301
3.7 - Low
- April 11, 2023
Microsoft Edge (Chromium-based) Tampering Vulnerability
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
CVE-2023-28284
4.3 - Medium
- April 11, 2023
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVE-2022-44708
8.3 - High
- December 13, 2022
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121
CVE-2022-4135
9.6 - Critical
- November 25, 2022
Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Memory Corruption
Microsoft Edge (Chromium-based) Tampering Vulnerability
CVE-2021-38669
6.4 - Medium
- September 15, 2021
Microsoft Edge (Chromium-based) Tampering Vulnerability
Chromium: CVE-2021-30615 Cross-origin data leak in Navigation
CVE-2021-30615
6.5 - Medium
- September 03, 2021
Chromium: CVE-2021-30615 Cross-origin data leak in Navigation
Chromium: CVE-2021-30624 Use after free in Autofill
CVE-2021-30624
8.8 - High
- September 03, 2021
Chromium: CVE-2021-30624 Use after free in Autofill
Dangling pointer
Chromium: CVE-2021-30623 Use after free in Bookmarks
CVE-2021-30623
8.8 - High
- September 03, 2021
Chromium: CVE-2021-30623 Use after free in Bookmarks
Dangling pointer
Chromium: CVE-2021-30622 Use after free in WebApp Installs
CVE-2021-30622
8.8 - High
- September 03, 2021
Chromium: CVE-2021-30622 Use after free in WebApp Installs
Dangling pointer
Chromium: CVE-2021-30621 UI Spoofing in Autofill
CVE-2021-30621
6.5 - Medium
- September 03, 2021
Chromium: CVE-2021-30621 UI Spoofing in Autofill
Authentication Bypass by Spoofing
Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink
CVE-2021-30620
8.8 - High
- September 03, 2021
Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink
Chromium: CVE-2021-30619 UI Spoofing in Autofill
CVE-2021-30619
6.5 - Medium
- September 03, 2021
Chromium: CVE-2021-30619 UI Spoofing in Autofill
Authentication Bypass by Spoofing
Chromium: CVE-2021-30618 Inappropriate implementation in DevTools
CVE-2021-30618
8.8 - High
- September 03, 2021
Chromium: CVE-2021-30618 Inappropriate implementation in DevTools
Chromium: CVE-2021-30617 Policy bypass in Blink
CVE-2021-30617
6.5 - Medium
- September 03, 2021
Chromium: CVE-2021-30617 Policy bypass in Blink
Chromium: CVE-2021-30616 Use after free in Media
CVE-2021-30616
8.8 - High
- September 03, 2021
Chromium: CVE-2021-30616 Use after free in Media
Dangling pointer
Chromium: CVE-2021-30606 Use after free in Blink
CVE-2021-30606
8.8 - High
- September 03, 2021
Chromium: CVE-2021-30606 Use after free in Blink
Dangling pointer
Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip
CVE-2021-30614
8.8 - High
- September 03, 2021
Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip
Memory Corruption
Chromium: CVE-2021-30613 Use after free in Base internals
CVE-2021-30613
8.8 - High
- September 03, 2021
Chromium: CVE-2021-30613 Use after free in Base internals
Dangling pointer
Chromium: CVE-2021-30612 Use after free in WebRTC
CVE-2021-30612
8.8 - High
- September 03, 2021
Chromium: CVE-2021-30612 Use after free in WebRTC
Dangling pointer
Chromium: CVE-2021-30611 Use after free in WebRTC
CVE-2021-30611
8.8 - High
- September 03, 2021
Chromium: CVE-2021-30611 Use after free in WebRTC
Dangling pointer
Chromium: CVE-2021-30610 Use after free in Extensions API
CVE-2021-30610
8.8 - High
- September 03, 2021
Chromium: CVE-2021-30610 Use after free in Extensions API
Dangling pointer
Chromium: CVE-2021-30609 Use after free in Sign-In
CVE-2021-30609
8.8 - High
- September 03, 2021
Chromium: CVE-2021-30609 Use after free in Sign-In
Dangling pointer
Chromium: CVE-2021-30608 Use after free in Web Share
CVE-2021-30608
8.8 - High
- September 03, 2021
Chromium: CVE-2021-30608 Use after free in Web Share
Dangling pointer
Chromium: CVE-2021-30607 Use after free in Permissions
CVE-2021-30607
8.8 - High
- September 03, 2021
Chromium: CVE-2021-30607 Use after free in Permissions
Dangling pointer
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVE-2021-36930
5.3 - Medium
- September 02, 2021
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Improper Privilege Management
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVE-2021-26436
6.1 - Medium
- September 02, 2021
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVE-2021-33741
8.2 - High
- June 08, 2021
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
CVE-2021-24113
5.4 - Medium
- February 25, 2021
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Microsoft Edge for Android Information Disclosure Vulnerability
CVE-2021-24100
5 - Medium
- February 25, 2021
Microsoft Edge for Android Information Disclosure Vulnerability
Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182
CVE-2021-21157
8.8 - High
- February 22, 2021
Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Dangling pointer
Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96
CVE-2021-21141
6.5 - Medium
- February 09, 2021
Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass file extension policy via a crafted HTML page.
Injection
Uninitialized use in USB in Google Chrome prior to 88.0.4324.96
CVE-2021-21140
6.8 - Medium
- February 09, 2021
Uninitialized use in USB in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially perform out of bounds memory access via via a USB device.
Buffer Overflow
Microsoft Edge for Android Spoofing Vulnerability
CVE-2020-17153
4.3 - Medium
- December 10, 2020
Microsoft Edge for Android Spoofing Vulnerability
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183
CVE-2020-16009
8.8 - High
- November 03, 2020
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Memory Corruption
<p>A remote code execution vulnerability exists in the way
CVE-2020-16884
4.2 - Medium
- September 11, 2020
<p>A remote code execution vulnerability exists in the way that the IEToEdge Browser Helper Object (BHO) plugin on Internet Explorer handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.</p> <p>In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>The security update addresses the vulnerability by modifying how the IEToEdge BHO plug-in handles objects in memory.</p>
Memory Corruption
An elevation of privilege vulnerability exists in Microsoft Edge (Chromium-based) when the Feedback extension improperly validates input
CVE-2020-1195
5.9 - Medium
- May 21, 2020
An elevation of privilege vulnerability exists in Microsoft Edge (Chromium-based) when the Feedback extension improperly validates input, aka 'Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability'.
Improper Privilege Management
A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability
CVE-2018-8388
4.3 - Medium
- August 15, 2018
A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8383.
Authentication Bypass by Spoofing
A security feature bypass vulnerability exists when Microsoft Edge improperly handles redirect requests
CVE-2018-8358
4.3 - Medium
- August 15, 2018
A security feature bypass vulnerability exists when Microsoft Edge improperly handles redirect requests, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft Edge.
A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content, aka "Microsoft Edge Spoofing Vulnerability
CVE-2018-8383
4.3 - Medium
- August 15, 2018
A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8388.
Authentication Bypass by Spoofing
A remote code execution vulnerability exists in the way
CVE-2018-0946
7.5 - High
- May 09, 2018
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.
Memory Corruption
A remote code execution vulnerability exists in the way
CVE-2018-0951
7.5 - High
- May 09, 2018
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.
Memory Corruption
A remote code execution vulnerability exists in the way
CVE-2018-8177
7.5 - High
- May 09, 2018
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-0943, CVE-2018-8130, CVE-2018-8133, CVE-2018-8145.
Memory Corruption
A remote code execution vulnerability exists in the way
CVE-2018-0953
7.5 - High
- May 09, 2018
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.
Memory Corruption
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers
CVE-2018-0954
7.5 - High
- May 09, 2018
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.
Memory Corruption
An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory
CVE-2018-1021
4.3 - Medium
- May 09, 2018
An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8123.
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers
CVE-2018-1022
7.5 - High
- May 09, 2018
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.
Memory Corruption
An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory
CVE-2018-1025
4.3 - Medium
- May 09, 2018
An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory, aka "Microsoft Browser Information Disclosure Vulnerability." This affects Internet Explorer 11, Microsoft Edge.
A remote code execution vulnerability exists in the way
CVE-2018-0945
7.5 - High
- May 09, 2018
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.
Memory Corruption
A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins
CVE-2018-8112
4.3 - Medium
- May 09, 2018
A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft Edge.
Origin Validation Error
An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory
CVE-2018-8123
4.3 - Medium
- May 09, 2018
An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-1021.
Information Disclosure
A remote code execution vulnerability exists in the way
CVE-2018-8128
7.5 - High
- May 09, 2018
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8137, CVE-2018-8139.
Memory Corruption
A remote code execution vulnerability exists in the way
CVE-2018-8130
7.5 - High
- May 09, 2018
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0943, CVE-2018-8133, CVE-2018-8145, CVE-2018-8177.
Memory Corruption
A remote code execution vulnerability exists in the way
CVE-2018-8133
7.5 - High
- May 09, 2018
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0943, CVE-2018-8130, CVE-2018-8145, CVE-2018-8177.
Object Type Confusion
A remote code execution vulnerability exists in the way
CVE-2018-8137
7.5 - High
- May 09, 2018
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8139.
Memory Corruption
A remote code execution vulnerability exists in the way
CVE-2018-8178
7.5 - High
- May 09, 2018
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka "Microsoft Browser Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge.
Memory Corruption
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory
CVE-2018-8179
7.5 - High
- May 09, 2018
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge.
Memory Corruption
A remote code execution vulnerability exists in the way
CVE-2018-0943
7.5 - High
- May 09, 2018
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8130, CVE-2018-8133, CVE-2018-8145, CVE-2018-8177.
Memory Corruption
Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge
CVE-2016-3201
6.5 - Medium
- June 16, 2016
Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge allow remote attackers to obtain sensitive information from process memory via a crafted PDF document, aka "Windows PDF Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3215.
Information Disclosure
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Microsoft Windows 8.1 or by Microsoft? Click the Watch button to subscribe.
