Edge Browser Microsoft Edge Browser Web Browser based on Chromium

Do you want an email whenever new security vulnerabilities are reported in Microsoft Edge Browser?

Recent Microsoft Edge Browser Security Advisories

Advisory Title Published
CVE-2021-42307 Microsoft Edge (Chromium-based) Information Disclosure Vulnerability October 21, 2021
CVE-2021-36930 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability September 14, 2021
CVE-2021-26436 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability September 14, 2021
CVE-2021-38641 Microsoft Edge for Android Spoofing Vulnerability September 14, 2021
CVE-2021-38642 Microsoft Edge for iOS Spoofing Vulnerability September 14, 2021
CVE-2021-38669 Microsoft Edge (Chromium-based) Tampering Vulnerability September 9, 2021
CVE-2021-26439 Microsoft Edge for Android Information Disclosure Vulnerability September 2, 2021
CVE-2021-36928 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability July 22, 2021
CVE-2021-36929 Microsoft Edge (Chromium-based) Information Disclosure Vulnerability July 22, 2021
CVE-2021-36931 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability July 22, 2021

By the Year

In 2021 there have been 9 vulnerabilities in Microsoft Edge Browser with an average score of 7.2 out of ten. Last year Edge Browser had 3 security vulnerabilities published. That is, 6 more vulnerabilities have already been reported in 2021 as compared to last year. However, the average CVE base score of the vulnerabilities in 2021 is greater by 0.22.

Year Vulnerabilities Average Score
2021 9 7.16
2020 3 6.93
2019 0 0.00
2018 21 6.43

It may take a day or so for new Edge Browser vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Microsoft Edge Browser Security Vulnerabilities

Microsoft Edge (Chromium-based) Tampering Vulnerability

CVE-2021-38669 8.8 - High - September 15, 2021

Microsoft Edge (Chromium-based) Tampering Vulnerability

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2021-26436 8.1 - High - September 02, 2021

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36930.

Improper Privilege Management

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2021-36930 8.1 - High - September 02, 2021

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26436.

Improper Privilege Management

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2021-33741 7.5 - High - June 08, 2021

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Improper Privilege Management

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

CVE-2021-24113 5.4 - Medium - February 25, 2021

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

Microsoft Edge for Android Information Disclosure Vulnerability

CVE-2021-24100 4.4 - Medium - February 25, 2021

Microsoft Edge for Android Information Disclosure Vulnerability

Information Disclosure

Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182

CVE-2021-21157 8.8 - High - February 22, 2021

Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Uninitialized use in USB in Google Chrome prior to 88.0.4324.96

CVE-2021-21140 6.8 - Medium - February 09, 2021

Uninitialized use in USB in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially perform out of bounds memory access via via a USB device.

Buffer Overflow

Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96

CVE-2021-21141 6.5 - Medium - February 09, 2021

Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass file extension policy via a crafted HTML page.

authentification

Microsoft Edge for Android Spoofing Vulnerability

CVE-2020-17153 6.1 - Medium - December 10, 2020

Microsoft Edge for Android Spoofing Vulnerability

Improper Input Validation

A remote code execution vulnerability exists in the way

CVE-2020-16884 8.8 - High - September 11, 2020

A remote code execution vulnerability exists in the way that the IEToEdge Browser Helper Object (BHO) plugin on Internet Explorer handles objects in memory, aka 'Internet Explorer Browser Helper Object (BHO) Memory Corruption Vulnerability'.

Buffer Overflow

An elevation of privilege vulnerability exists in Microsoft Edge (Chromium-based) when the Feedback extension improperly validates input

CVE-2020-1195 5.9 - Medium - May 21, 2020

An elevation of privilege vulnerability exists in Microsoft Edge (Chromium-based) when the Feedback extension improperly validates input, aka 'Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability'.

Improper Privilege Management

A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability

CVE-2018-8388 4.3 - Medium - August 15, 2018

A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8383.

Authentication Bypass by Spoofing

A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content, aka "Microsoft Edge Spoofing Vulnerability

CVE-2018-8383 4.3 - Medium - August 15, 2018

A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8388.

Authentication Bypass by Spoofing

A security feature bypass vulnerability exists when Microsoft Edge improperly handles redirect requests

CVE-2018-8358 4.3 - Medium - August 15, 2018

A security feature bypass vulnerability exists when Microsoft Edge improperly handles redirect requests, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft Edge.

A remote code execution vulnerability exists in the way

CVE-2018-8178 7.5 - High - May 09, 2018

A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka "Microsoft Browser Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge.

Memory Corruption

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory

CVE-2018-8179 7.5 - High - May 09, 2018

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge.

Memory Corruption

A remote code execution vulnerability exists in the way

CVE-2018-0943 7.5 - High - May 09, 2018

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8130, CVE-2018-8133, CVE-2018-8145, CVE-2018-8177.

Memory Corruption

A remote code execution vulnerability exists in the way

CVE-2018-8177 7.5 - High - May 09, 2018

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-0943, CVE-2018-8130, CVE-2018-8133, CVE-2018-8145.

Memory Corruption

A remote code execution vulnerability exists in the way

CVE-2018-8137 7.5 - High - May 09, 2018

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8139.

Memory Corruption

A remote code execution vulnerability exists in the way

CVE-2018-8133 7.5 - High - May 09, 2018

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0943, CVE-2018-8130, CVE-2018-8145, CVE-2018-8177.

Object Type Confusion

A remote code execution vulnerability exists in the way

CVE-2018-8130 7.5 - High - May 09, 2018

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0943, CVE-2018-8133, CVE-2018-8145, CVE-2018-8177.

Memory Corruption

A remote code execution vulnerability exists in the way

CVE-2018-8128 7.5 - High - May 09, 2018

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8137, CVE-2018-8139.

Memory Corruption

An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory

CVE-2018-8123 4.3 - Medium - May 09, 2018

An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-1021.

Information Disclosure

A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins

CVE-2018-8112 4.3 - Medium - May 09, 2018

A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft Edge.

Origin Validation Error

An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory

CVE-2018-1025 4.3 - Medium - May 09, 2018

An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory, aka "Microsoft Browser Information Disclosure Vulnerability." This affects Internet Explorer 11, Microsoft Edge.

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers

CVE-2018-1022 7.5 - High - May 09, 2018

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.

Memory Corruption

An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory

CVE-2018-1021 4.3 - Medium - May 09, 2018

An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8123.

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers

CVE-2018-0954 7.5 - High - May 09, 2018

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.

Memory Corruption

A remote code execution vulnerability exists in the way

CVE-2018-0953 7.5 - High - May 09, 2018

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.

Memory Corruption

A remote code execution vulnerability exists in the way

CVE-2018-0951 7.5 - High - May 09, 2018

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.

Memory Corruption

A remote code execution vulnerability exists in the way

CVE-2018-0946 7.5 - High - May 09, 2018

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.

Memory Corruption

A remote code execution vulnerability exists in the way

CVE-2018-0945 7.5 - High - May 09, 2018

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.

Memory Corruption

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Microsoft Edge Browser or by Microsoft? Click the Watch button to subscribe.

Microsoft
Vendor

Microsoft Edge Browser
Web Browser based on Chromium

subscribe