Edge Chromium
by Microsoft
CVEs (223)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-0990 | 0.01 | — | 0.05 | Jun 12, 2019 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current… | |||
| CVE-2019-0988 | 0.01 | — | 0.06 | Jun 12, 2019 | A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who… | |||
| CVE-2026-0102 | 0.00 | — | 0.00 | Feb 17, 2026 | Under specific conditions, a malicious webpage may trigger autofill population after two consecutive taps, potentially without clear or intentional user consent. This could result in disclosure of stored autofill data such as addresses, email, or phone number metadata. | |||
| CVE-2026-0391 | 0.00 | — | 0.01 | Feb 5, 2026 | User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. | |||
| CVE-2026-21223 | 0.00 | — | 0.00 | Jan 16, 2026 | Improper privilege management in Microsoft Edge (Chromium-based) allows an authorized attacker to bypass a security feature locally. | |||
| CVE-2025-62223 | 0.00 | — | 0.00 | Dec 5, 2025 | User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network. | |||
| CVE-2025-60711 | 0.00 | — | 0.00 | Oct 31, 2025 | Protection mechanism failure in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | |||
| CVE-2025-59251 | 0.00 | — | 0.00 | Sep 24, 2025 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | |||
| CVE-2025-47967 | 0.00 | — | 0.00 | Sep 16, 2025 | Insufficient ui warning of dangerous operations in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. | |||
| CVE-2025-53791 | 0.00 | — | 0.00 | Sep 5, 2025 | Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network. | |||
| CVE-2025-47963 | 0.00 | — | 0.01 | Jul 11, 2025 | No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | |||
| CVE-2025-47964 | 0.00 | — | 0.00 | Jul 11, 2025 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | |||
| CVE-2025-47182 | 0.00 | — | 0.00 | Jul 11, 2025 | Improper input validation in Microsoft Edge (Chromium-based) allows an authorized attacker to bypass a security feature locally. | |||
| CVE-2025-49713 | 0.00 | — | 0.01 | Jul 2, 2025 | Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | |||
| CVE-2025-47181 | 0.00 | — | 0.00 | May 22, 2025 | Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-29825 | 0.00 | — | 0.01 | May 2, 2025 | User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | |||
| CVE-2025-29834 | 0.00 | — | 0.01 | Apr 12, 2025 | Out-of-bounds read in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | |||
| CVE-2025-29815 | 0.00 | — | 0.01 | Apr 4, 2025 | Use after free in Microsoft Edge (Chromium-based) allows an authorized attacker to execute code over a network. | |||
| CVE-2025-25001 | 0.00 | — | 0.01 | Apr 4, 2025 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | |||
| CVE-2025-25000 | 0.00 | — | 0.01 | Apr 3, 2025 | Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. |
- CVE-2019-0990Jun 12, 2019risk 0.01cvss —epss 0.05
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current…
- CVE-2019-0988Jun 12, 2019risk 0.01cvss —epss 0.06
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who…
- CVE-2026-0102Feb 17, 2026risk 0.00cvss —epss 0.00
Under specific conditions, a malicious webpage may trigger autofill population after two consecutive taps, potentially without clear or intentional user consent. This could result in disclosure of stored autofill data such as addresses, email, or phone number metadata.
- CVE-2026-0391Feb 5, 2026risk 0.00cvss —epss 0.01
User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.
- CVE-2026-21223Jan 16, 2026risk 0.00cvss —epss 0.00
Improper privilege management in Microsoft Edge (Chromium-based) allows an authorized attacker to bypass a security feature locally.
- CVE-2025-62223Dec 5, 2025risk 0.00cvss —epss 0.00
User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network.
- CVE-2025-60711Oct 31, 2025risk 0.00cvss —epss 0.00
Protection mechanism failure in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
- CVE-2025-59251Sep 24, 2025risk 0.00cvss —epss 0.00
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
- CVE-2025-47967Sep 16, 2025risk 0.00cvss —epss 0.00
Insufficient ui warning of dangerous operations in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.
- CVE-2025-53791Sep 5, 2025risk 0.00cvss —epss 0.00
Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.
- CVE-2025-47963Jul 11, 2025risk 0.00cvss —epss 0.01
No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
- CVE-2025-47964Jul 11, 2025risk 0.00cvss —epss 0.00
Microsoft Edge (Chromium-based) Spoofing Vulnerability
- CVE-2025-47182Jul 11, 2025risk 0.00cvss —epss 0.00
Improper input validation in Microsoft Edge (Chromium-based) allows an authorized attacker to bypass a security feature locally.
- CVE-2025-49713Jul 2, 2025risk 0.00cvss —epss 0.01
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
- CVE-2025-47181May 22, 2025risk 0.00cvss —epss 0.00
Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) allows an authorized attacker to elevate privileges locally.
- CVE-2025-29825May 2, 2025risk 0.00cvss —epss 0.01
User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
- CVE-2025-29834Apr 12, 2025risk 0.00cvss —epss 0.01
Out-of-bounds read in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
- CVE-2025-29815Apr 4, 2025risk 0.00cvss —epss 0.01
Use after free in Microsoft Edge (Chromium-based) allows an authorized attacker to execute code over a network.
- CVE-2025-25001Apr 4, 2025risk 0.00cvss —epss 0.01
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
- CVE-2025-25000Apr 3, 2025risk 0.00cvss —epss 0.01
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
Page 2 of 12