Microsoft Edge Browser Web Browser based on Chromium
Recent Microsoft Edge Browser Security Advisories
| Advisory | Title | Published |
|---|---|---|
| CVE-2023-36026 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | November 16, 2023 |
| CVE-2023-36008 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | November 16, 2023 |
| CVE-2023-36027 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | November 10, 2023 |
| CVE-2023-36014 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | November 9, 2023 |
| CVE-2023-36024 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | November 9, 2023 |
| CVE-2023-36034 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | November 2, 2023 |
| CVE-2023-36029 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | November 2, 2023 |
| CVE-2023-36022 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | November 2, 2023 |
| CVE-2023-36409 | Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | October 20, 2023 |
| CVE-2023-36559 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | October 13, 2023 |
Known Exploited Microsoft Edge Browser Vulnerabilities
The following Microsoft Edge Browser vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| Microsoft Edge Memory Corruption Vulnerability | The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site. CVE-2016-7201 | March 28, 2022 |
| Microsoft Edge Memory Corruption Vulnerability | The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site. CVE-2016-7200 | March 28, 2022 |
By the Year
In 2023 there have been 6 vulnerabilities in Microsoft Edge Browser with an average score of 5.7 out of ten. Last year Edge Browser had 2 security vulnerabilities published. That is, 4 more vulnerabilities have already been reported in 2023 as compared to last year. Last year, the average CVE base score was greater by 3.25
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2023 | 6 | 5.70 |
| 2022 | 2 | 8.95 |
| 2021 | 28 | 7.97 |
| 2020 | 4 | 7.40 |
| 2019 | 0 | 0.00 |
| 2018 | 21 | 6.43 |
It may take a day or so for new Edge Browser vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Edge Browser Security Vulnerabilities
Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVE-2023-36029
4.3 - Medium
- November 03, 2023
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1
CVE-2023-5217
8.8 - High
- September 28, 2023
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Memory Corruption
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2
CVE-2023-4863
8.8 - High
- September 12, 2023
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
Memory Corruption
Microsoft Edge for iOS Spoofing Vulnerability
CVE-2023-36883
4.3 - Medium
- July 14, 2023
Microsoft Edge for iOS Spoofing Vulnerability
Microsoft Edge (Chromium-based) Tampering Vulnerability
CVE-2023-28301
3.7 - Low
- April 11, 2023
Microsoft Edge (Chromium-based) Tampering Vulnerability
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
CVE-2023-28284
4.3 - Medium
- April 11, 2023
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVE-2022-44708
8.3 - High
- December 13, 2022
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121
CVE-2022-4135
9.6 - Critical
- November 25, 2022
Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Memory Corruption
Microsoft Edge (Chromium-based) Tampering Vulnerability
CVE-2021-38669
8.8 - High
- September 15, 2021
Microsoft Edge (Chromium-based) Tampering Vulnerability
Chromium: CVE-2021-30612 Use after free in WebRTC
CVE-2021-30612
8.8 - High
- September 03, 2021
Chromium: CVE-2021-30612 Use after free in WebRTC
Dangling pointer
Chromium: CVE-2021-30624 Use after free in Autofill
CVE-2021-30624
8.8 - High
- September 03, 2021
Chromium: CVE-2021-30624 Use after free in Autofill
Dangling pointer
Chromium: CVE-2021-30623 Use after free in Bookmarks
CVE-2021-30623
8.8 - High
- September 03, 2021
Chromium: CVE-2021-30623 Use after free in Bookmarks
Dangling pointer
Chromium: CVE-2021-30622 Use after free in WebApp Installs
CVE-2021-30622
8.8 - High
- September 03, 2021
Chromium: CVE-2021-30622 Use after free in WebApp Installs
Dangling pointer
Chromium: CVE-2021-30621 UI Spoofing in Autofill
CVE-2021-30621
6.5 - Medium
- September 03, 2021
Chromium: CVE-2021-30621 UI Spoofing in Autofill
Authentication Bypass by Spoofing
Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink
CVE-2021-30620
8.8 - High
- September 03, 2021
Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink
Chromium: CVE-2021-30619 UI Spoofing in Autofill
CVE-2021-30619
6.5 - Medium
- September 03, 2021
Chromium: CVE-2021-30619 UI Spoofing in Autofill
Authentication Bypass by Spoofing
Chromium: CVE-2021-30618 Inappropriate implementation in DevTools
CVE-2021-30618
8.8 - High
- September 03, 2021
Chromium: CVE-2021-30618 Inappropriate implementation in DevTools
Chromium: CVE-2021-30617 Policy bypass in Blink
CVE-2021-30617
6.5 - Medium
- September 03, 2021
Chromium: CVE-2021-30617 Policy bypass in Blink
Chromium: CVE-2021-30616 Use after free in Media
CVE-2021-30616
8.8 - High
- September 03, 2021
Chromium: CVE-2021-30616 Use after free in Media
Dangling pointer
Chromium: CVE-2021-30615 Cross-origin data leak in Navigation
CVE-2021-30615
6.5 - Medium
- September 03, 2021
Chromium: CVE-2021-30615 Cross-origin data leak in Navigation
Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip
CVE-2021-30614
8.8 - High
- September 03, 2021
Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip
Memory Corruption
Chromium: CVE-2021-30613 Use after free in Base internals
CVE-2021-30613
8.8 - High
- September 03, 2021
Chromium: CVE-2021-30613 Use after free in Base internals
Dangling pointer
Chromium: CVE-2021-30611 Use after free in WebRTC
CVE-2021-30611
8.8 - High
- September 03, 2021
Chromium: CVE-2021-30611 Use after free in WebRTC
Dangling pointer
Chromium: CVE-2021-30610 Use after free in Extensions API
CVE-2021-30610
8.8 - High
- September 03, 2021
Chromium: CVE-2021-30610 Use after free in Extensions API
Dangling pointer
Chromium: CVE-2021-30609 Use after free in Sign-In
CVE-2021-30609
8.8 - High
- September 03, 2021
Chromium: CVE-2021-30609 Use after free in Sign-In
Dangling pointer
Chromium: CVE-2021-30608 Use after free in Web Share
CVE-2021-30608
8.8 - High
- September 03, 2021
Chromium: CVE-2021-30608 Use after free in Web Share
Dangling pointer
Chromium: CVE-2021-30607 Use after free in Permissions
CVE-2021-30607
8.8 - High
- September 03, 2021
Chromium: CVE-2021-30607 Use after free in Permissions
Dangling pointer
Chromium: CVE-2021-30606 Use after free in Blink
CVE-2021-30606
8.8 - High
- September 03, 2021
Chromium: CVE-2021-30606 Use after free in Blink
Dangling pointer
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVE-2021-26436
8.1 - High
- September 02, 2021
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36930.
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVE-2021-36930
8.1 - High
- September 02, 2021
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26436.
Improper Privilege Management
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVE-2021-33741
8.2 - High
- June 08, 2021
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
CVE-2021-24113
5.4 - Medium
- February 25, 2021
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Microsoft Edge for Android Information Disclosure Vulnerability
CVE-2021-24100
4.4 - Medium
- February 25, 2021
Microsoft Edge for Android Information Disclosure Vulnerability
Information Disclosure
Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182
CVE-2021-21157
8.8 - High
- February 22, 2021
Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Dangling pointer
Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96
CVE-2021-21141
6.5 - Medium
- February 09, 2021
Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass file extension policy via a crafted HTML page.
Injection
Uninitialized use in USB in Google Chrome prior to 88.0.4324.96
CVE-2021-21140
6.8 - Medium
- February 09, 2021
Uninitialized use in USB in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially perform out of bounds memory access via via a USB device.
Buffer Overflow
Microsoft Edge for Android Spoofing Vulnerability
CVE-2020-17153
6.1 - Medium
- December 10, 2020
Microsoft Edge for Android Spoofing Vulnerability
Improper Input Validation
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183
CVE-2020-16009
8.8 - High
- November 03, 2020
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Memory Corruption
A remote code execution vulnerability exists in the way
CVE-2020-16884
8.8 - High
- September 11, 2020
A remote code execution vulnerability exists in the way that the IEToEdge Browser Helper Object (BHO) plugin on Internet Explorer handles objects in memory, aka 'Internet Explorer Browser Helper Object (BHO) Memory Corruption Vulnerability'.
Buffer Overflow
An elevation of privilege vulnerability exists in Microsoft Edge (Chromium-based) when the Feedback extension improperly validates input
CVE-2020-1195
5.9 - Medium
- May 21, 2020
An elevation of privilege vulnerability exists in Microsoft Edge (Chromium-based) when the Feedback extension improperly validates input, aka 'Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability'.
Improper Privilege Management
A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability
CVE-2018-8388
4.3 - Medium
- August 15, 2018
A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8383.
Authentication Bypass by Spoofing
A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content, aka "Microsoft Edge Spoofing Vulnerability
CVE-2018-8383
4.3 - Medium
- August 15, 2018
A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8388.
Authentication Bypass by Spoofing
A security feature bypass vulnerability exists when Microsoft Edge improperly handles redirect requests
CVE-2018-8358
4.3 - Medium
- August 15, 2018
A security feature bypass vulnerability exists when Microsoft Edge improperly handles redirect requests, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft Edge.
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers
CVE-2018-1022
7.5 - High
- May 09, 2018
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.
Memory Corruption
An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory
CVE-2018-1021
4.3 - Medium
- May 09, 2018
An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8123.
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers
CVE-2018-0954
7.5 - High
- May 09, 2018
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.
Memory Corruption
An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory
CVE-2018-1025
4.3 - Medium
- May 09, 2018
An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory, aka "Microsoft Browser Information Disclosure Vulnerability." This affects Internet Explorer 11, Microsoft Edge.
A remote code execution vulnerability exists in the way
CVE-2018-8137
7.5 - High
- May 09, 2018
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8139.
Memory Corruption
A remote code execution vulnerability exists in the way
CVE-2018-0953
7.5 - High
- May 09, 2018
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.
Memory Corruption
A remote code execution vulnerability exists in the way
CVE-2018-0951
7.5 - High
- May 09, 2018
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.
Memory Corruption
A remote code execution vulnerability exists in the way
CVE-2018-0946
7.5 - High
- May 09, 2018
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.
Memory Corruption
A remote code execution vulnerability exists in the way
CVE-2018-0945
7.5 - High
- May 09, 2018
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.
Memory Corruption
A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins
CVE-2018-8112
4.3 - Medium
- May 09, 2018
A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft Edge.
Origin Validation Error
An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory
CVE-2018-8123
4.3 - Medium
- May 09, 2018
An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-1021.
Information Disclosure
A remote code execution vulnerability exists in the way
CVE-2018-8128
7.5 - High
- May 09, 2018
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8137, CVE-2018-8139.
Memory Corruption
A remote code execution vulnerability exists in the way
CVE-2018-8130
7.5 - High
- May 09, 2018
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0943, CVE-2018-8133, CVE-2018-8145, CVE-2018-8177.
Memory Corruption
A remote code execution vulnerability exists in the way
CVE-2018-8133
7.5 - High
- May 09, 2018
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0943, CVE-2018-8130, CVE-2018-8145, CVE-2018-8177.
Object Type Confusion
A remote code execution vulnerability exists in the way
CVE-2018-8177
7.5 - High
- May 09, 2018
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-0943, CVE-2018-8130, CVE-2018-8133, CVE-2018-8145.
Memory Corruption
A remote code execution vulnerability exists in the way
CVE-2018-8178
7.5 - High
- May 09, 2018
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka "Microsoft Browser Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge.
Memory Corruption
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory
CVE-2018-8179
7.5 - High
- May 09, 2018
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge.
Memory Corruption
A remote code execution vulnerability exists in the way
CVE-2018-0943
7.5 - High
- May 09, 2018
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8130, CVE-2018-8133, CVE-2018-8145, CVE-2018-8177.
Memory Corruption
Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge
CVE-2016-3201
6.5 - Medium
- June 16, 2016
Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge allow remote attackers to obtain sensitive information from process memory via a crafted PDF document, aka "Windows PDF Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3215.
Information Disclosure
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Microsoft Windows 8.1 or by Microsoft? Click the Watch button to subscribe.
