Edge Browser Microsoft Edge Browser Web Browser based on Chromium

Do you want an email whenever new security vulnerabilities are reported in Microsoft Edge Browser?

Recent Microsoft Edge Browser Security Advisories

Advisory Title Published
CVE-2023-36026 Microsoft Edge (Chromium-based) Spoofing Vulnerability November 16, 2023
CVE-2023-36008 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability November 16, 2023
CVE-2023-36027 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability November 10, 2023
CVE-2023-36014 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability November 9, 2023
CVE-2023-36024 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability November 9, 2023
CVE-2023-36034 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability November 2, 2023
CVE-2023-36029 Microsoft Edge (Chromium-based) Spoofing Vulnerability November 2, 2023
CVE-2023-36022 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability November 2, 2023
CVE-2023-36409 Microsoft Edge (Chromium-based) Information Disclosure Vulnerability October 20, 2023
CVE-2023-36559 Microsoft Edge (Chromium-based) Spoofing Vulnerability October 13, 2023

Known Exploited Microsoft Edge Browser Vulnerabilities

The following Microsoft Edge Browser vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Microsoft Edge Memory Corruption Vulnerability The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site. CVE-2016-7201 March 28, 2022
Microsoft Edge Memory Corruption Vulnerability The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site. CVE-2016-7200 March 28, 2022

By the Year

In 2023 there have been 6 vulnerabilities in Microsoft Edge Browser with an average score of 5.7 out of ten. Last year Edge Browser had 2 security vulnerabilities published. That is, 4 more vulnerabilities have already been reported in 2023 as compared to last year. Last year, the average CVE base score was greater by 3.25

Year Vulnerabilities Average Score
2023 6 5.70
2022 2 8.95
2021 28 7.97
2020 4 7.40
2019 0 0.00
2018 21 6.43

It may take a day or so for new Edge Browser vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Microsoft Edge Browser Security Vulnerabilities

Microsoft Edge (Chromium-based) Spoofing Vulnerability

CVE-2023-36029 4.3 - Medium - November 03, 2023

Microsoft Edge (Chromium-based) Spoofing Vulnerability

Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1

CVE-2023-5217 8.8 - High - September 28, 2023

Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Memory Corruption

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2

CVE-2023-4863 8.8 - High - September 12, 2023

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

Memory Corruption

Microsoft Edge for iOS Spoofing Vulnerability

CVE-2023-36883 4.3 - Medium - July 14, 2023

Microsoft Edge for iOS Spoofing Vulnerability

Microsoft Edge (Chromium-based) Tampering Vulnerability

CVE-2023-28301 3.7 - Low - April 11, 2023

Microsoft Edge (Chromium-based) Tampering Vulnerability

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

CVE-2023-28284 4.3 - Medium - April 11, 2023

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2022-44708 8.3 - High - December 13, 2022

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121

CVE-2022-4135 9.6 - Critical - November 25, 2022

Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Memory Corruption

Microsoft Edge (Chromium-based) Tampering Vulnerability

CVE-2021-38669 8.8 - High - September 15, 2021

Microsoft Edge (Chromium-based) Tampering Vulnerability

Chromium: CVE-2021-30612 Use after free in WebRTC

CVE-2021-30612 8.8 - High - September 03, 2021

Chromium: CVE-2021-30612 Use after free in WebRTC

Dangling pointer

Chromium: CVE-2021-30624 Use after free in Autofill

CVE-2021-30624 8.8 - High - September 03, 2021

Chromium: CVE-2021-30624 Use after free in Autofill

Dangling pointer

Chromium: CVE-2021-30623 Use after free in Bookmarks

CVE-2021-30623 8.8 - High - September 03, 2021

Chromium: CVE-2021-30623 Use after free in Bookmarks

Dangling pointer

Chromium: CVE-2021-30622 Use after free in WebApp Installs

CVE-2021-30622 8.8 - High - September 03, 2021

Chromium: CVE-2021-30622 Use after free in WebApp Installs

Dangling pointer

Chromium: CVE-2021-30621 UI Spoofing in Autofill

CVE-2021-30621 6.5 - Medium - September 03, 2021

Chromium: CVE-2021-30621 UI Spoofing in Autofill

Authentication Bypass by Spoofing

Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink

CVE-2021-30620 8.8 - High - September 03, 2021

Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink

Chromium: CVE-2021-30619 UI Spoofing in Autofill

CVE-2021-30619 6.5 - Medium - September 03, 2021

Chromium: CVE-2021-30619 UI Spoofing in Autofill

Authentication Bypass by Spoofing

Chromium: CVE-2021-30618 Inappropriate implementation in DevTools

CVE-2021-30618 8.8 - High - September 03, 2021

Chromium: CVE-2021-30618 Inappropriate implementation in DevTools

Chromium: CVE-2021-30617 Policy bypass in Blink

CVE-2021-30617 6.5 - Medium - September 03, 2021

Chromium: CVE-2021-30617 Policy bypass in Blink

Chromium: CVE-2021-30616 Use after free in Media

CVE-2021-30616 8.8 - High - September 03, 2021

Chromium: CVE-2021-30616 Use after free in Media

Dangling pointer

Chromium: CVE-2021-30615 Cross-origin data leak in Navigation

CVE-2021-30615 6.5 - Medium - September 03, 2021

Chromium: CVE-2021-30615 Cross-origin data leak in Navigation

Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip

CVE-2021-30614 8.8 - High - September 03, 2021

Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip

Memory Corruption

Chromium: CVE-2021-30613 Use after free in Base internals

CVE-2021-30613 8.8 - High - September 03, 2021

Chromium: CVE-2021-30613 Use after free in Base internals

Dangling pointer

Chromium: CVE-2021-30611 Use after free in WebRTC

CVE-2021-30611 8.8 - High - September 03, 2021

Chromium: CVE-2021-30611 Use after free in WebRTC

Dangling pointer

Chromium: CVE-2021-30610 Use after free in Extensions API

CVE-2021-30610 8.8 - High - September 03, 2021

Chromium: CVE-2021-30610 Use after free in Extensions API

Dangling pointer

Chromium: CVE-2021-30609 Use after free in Sign-In

CVE-2021-30609 8.8 - High - September 03, 2021

Chromium: CVE-2021-30609 Use after free in Sign-In

Dangling pointer

Chromium: CVE-2021-30608 Use after free in Web Share

CVE-2021-30608 8.8 - High - September 03, 2021

Chromium: CVE-2021-30608 Use after free in Web Share

Dangling pointer

Chromium: CVE-2021-30607 Use after free in Permissions

CVE-2021-30607 8.8 - High - September 03, 2021

Chromium: CVE-2021-30607 Use after free in Permissions

Dangling pointer

Chromium: CVE-2021-30606 Use after free in Blink

CVE-2021-30606 8.8 - High - September 03, 2021

Chromium: CVE-2021-30606 Use after free in Blink

Dangling pointer

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2021-26436 8.1 - High - September 02, 2021

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36930.

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2021-36930 8.1 - High - September 02, 2021

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26436.

Improper Privilege Management

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2021-33741 8.2 - High - June 08, 2021

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

CVE-2021-24113 5.4 - Medium - February 25, 2021

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

Microsoft Edge for Android Information Disclosure Vulnerability

CVE-2021-24100 4.4 - Medium - February 25, 2021

Microsoft Edge for Android Information Disclosure Vulnerability

Information Disclosure

Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182

CVE-2021-21157 8.8 - High - February 22, 2021

Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96

CVE-2021-21141 6.5 - Medium - February 09, 2021

Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass file extension policy via a crafted HTML page.

Injection

Uninitialized use in USB in Google Chrome prior to 88.0.4324.96

CVE-2021-21140 6.8 - Medium - February 09, 2021

Uninitialized use in USB in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially perform out of bounds memory access via via a USB device.

Buffer Overflow

Microsoft Edge for Android Spoofing Vulnerability

CVE-2020-17153 6.1 - Medium - December 10, 2020

Microsoft Edge for Android Spoofing Vulnerability

Improper Input Validation

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183

CVE-2020-16009 8.8 - High - November 03, 2020

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

A remote code execution vulnerability exists in the way

CVE-2020-16884 8.8 - High - September 11, 2020

A remote code execution vulnerability exists in the way that the IEToEdge Browser Helper Object (BHO) plugin on Internet Explorer handles objects in memory, aka 'Internet Explorer Browser Helper Object (BHO) Memory Corruption Vulnerability'.

Buffer Overflow

An elevation of privilege vulnerability exists in Microsoft Edge (Chromium-based) when the Feedback extension improperly validates input

CVE-2020-1195 5.9 - Medium - May 21, 2020

An elevation of privilege vulnerability exists in Microsoft Edge (Chromium-based) when the Feedback extension improperly validates input, aka 'Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability'.

Improper Privilege Management

A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability

CVE-2018-8388 4.3 - Medium - August 15, 2018

A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8383.

Authentication Bypass by Spoofing

A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content, aka "Microsoft Edge Spoofing Vulnerability

CVE-2018-8383 4.3 - Medium - August 15, 2018

A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8388.

Authentication Bypass by Spoofing

A security feature bypass vulnerability exists when Microsoft Edge improperly handles redirect requests

CVE-2018-8358 4.3 - Medium - August 15, 2018

A security feature bypass vulnerability exists when Microsoft Edge improperly handles redirect requests, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft Edge.

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers

CVE-2018-1022 7.5 - High - May 09, 2018

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.

Memory Corruption

An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory

CVE-2018-1021 4.3 - Medium - May 09, 2018

An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8123.

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers

CVE-2018-0954 7.5 - High - May 09, 2018

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.

Memory Corruption

An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory

CVE-2018-1025 4.3 - Medium - May 09, 2018

An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory, aka "Microsoft Browser Information Disclosure Vulnerability." This affects Internet Explorer 11, Microsoft Edge.

A remote code execution vulnerability exists in the way

CVE-2018-8137 7.5 - High - May 09, 2018

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8139.

Memory Corruption

A remote code execution vulnerability exists in the way

CVE-2018-0953 7.5 - High - May 09, 2018

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.

Memory Corruption

A remote code execution vulnerability exists in the way

CVE-2018-0951 7.5 - High - May 09, 2018

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.

Memory Corruption

A remote code execution vulnerability exists in the way

CVE-2018-0946 7.5 - High - May 09, 2018

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.

Memory Corruption

A remote code execution vulnerability exists in the way

CVE-2018-0945 7.5 - High - May 09, 2018

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.

Memory Corruption

A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins

CVE-2018-8112 4.3 - Medium - May 09, 2018

A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft Edge.

Origin Validation Error

An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory

CVE-2018-8123 4.3 - Medium - May 09, 2018

An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-1021.

Information Disclosure

A remote code execution vulnerability exists in the way

CVE-2018-8128 7.5 - High - May 09, 2018

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8137, CVE-2018-8139.

Memory Corruption

A remote code execution vulnerability exists in the way

CVE-2018-8130 7.5 - High - May 09, 2018

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0943, CVE-2018-8133, CVE-2018-8145, CVE-2018-8177.

Memory Corruption

A remote code execution vulnerability exists in the way

CVE-2018-8133 7.5 - High - May 09, 2018

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0943, CVE-2018-8130, CVE-2018-8145, CVE-2018-8177.

Object Type Confusion

A remote code execution vulnerability exists in the way

CVE-2018-8177 7.5 - High - May 09, 2018

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-0943, CVE-2018-8130, CVE-2018-8133, CVE-2018-8145.

Memory Corruption

A remote code execution vulnerability exists in the way

CVE-2018-8178 7.5 - High - May 09, 2018

A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka "Microsoft Browser Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge.

Memory Corruption

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory

CVE-2018-8179 7.5 - High - May 09, 2018

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge.

Memory Corruption

A remote code execution vulnerability exists in the way

CVE-2018-0943 7.5 - High - May 09, 2018

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8130, CVE-2018-8133, CVE-2018-8145, CVE-2018-8177.

Memory Corruption

Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge

CVE-2016-3201 6.5 - Medium - June 16, 2016

Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge allow remote attackers to obtain sensitive information from process memory via a crafted PDF document, aka "Windows PDF Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3215.

Information Disclosure

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Microsoft Windows 8.1 or by Microsoft? Click the Watch button to subscribe.

Microsoft
Vendor

Microsoft Edge Browser
Web Browser based on Chromium

subscribe