Edge (Chromium-based)
by Microsoft
CVEs (196)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-49741 | 0.04 | — | 0.08 | Jul 1, 2025 | No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network. | |||
| CVE-2023-33145 | 0.04 | — | 0.07 | Jun 13, 2023 | Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | |||
| CVE-2023-24892 | 0.04 | — | 0.17 | Mar 14, 2023 | Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability | |||
| CVE-2024-21388 | 0.02 | — | 0.24 | Jan 30, 2024 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | |||
| CVE-2024-43566 | 0.01 | — | 0.07 | Oct 17, 2024 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | |||
| CVE-2024-30056 | 0.01 | — | 0.10 | May 25, 2024 | Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | |||
| CVE-2023-21719 | 0.01 | — | 0.11 | Jan 23, 2023 | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | |||
| CVE-2022-24523 | 0.01 | — | 0.07 | Apr 5, 2022 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | |||
| CVE-2021-30615 | 0.01 | — | 0.08 | Sep 3, 2021 | Chromium: CVE-2021-30615 Cross-origin data leak in Navigation | |||
| CVE-2019-1023 | 0.01 | — | 0.12 | Jun 12, 2019 | An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. In a web-based attack scenario, an attacker could host a website in an attempt to exploit the vulnerability. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could trick a user into clicking a link that takes the user to the attacker's site. The security update addresses the vulnerability by changing how the scripting engine handles objects in memory. | |||
| CVE-2019-0990 | 0.01 | — | 0.12 | Jun 12, 2019 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge (HTML-based) and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory. | |||
| CVE-2026-0102 | 0.00 | — | 0.00 | Feb 17, 2026 | Under specific conditions, a malicious webpage may trigger autofill population after two consecutive taps, potentially without clear or intentional user consent. This could result in disclosure of stored autofill data such as addresses, email, or phone number metadata. | |||
| CVE-2026-0391 | 0.00 | — | 0.00 | Feb 5, 2026 | User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. | |||
| CVE-2026-21223 | 0.00 | — | 0.00 | Jan 16, 2026 | Improper privilege management in Microsoft Edge (Chromium-based) allows an authorized attacker to bypass a security feature locally. | |||
| CVE-2025-62223 | 0.00 | — | 0.00 | Dec 5, 2025 | User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network. | |||
| CVE-2025-60711 | 0.00 | — | 0.00 | Oct 31, 2025 | Protection mechanism failure in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | |||
| CVE-2025-59251 | 0.00 | — | 0.00 | Sep 24, 2025 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | |||
| CVE-2025-47967 | 0.00 | — | 0.00 | Sep 16, 2025 | Insufficient ui warning of dangerous operations in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. | |||
| CVE-2025-53791 | 0.00 | — | 0.00 | Sep 5, 2025 | Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network. | |||
| CVE-2025-47963 | 0.00 | — | 0.02 | Jul 11, 2025 | No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. |
- CVE-2025-49741Jul 1, 2025risk 0.04cvss —epss 0.08
No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.
- CVE-2023-33145Jun 13, 2023risk 0.04cvss —epss 0.07
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
- CVE-2023-24892Mar 14, 2023risk 0.04cvss —epss 0.17
Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability
- CVE-2024-21388Jan 30, 2024risk 0.02cvss —epss 0.24
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
- CVE-2024-43566Oct 17, 2024risk 0.01cvss —epss 0.07
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
- CVE-2024-30056May 25, 2024risk 0.01cvss —epss 0.10
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
- CVE-2023-21719Jan 23, 2023risk 0.01cvss —epss 0.11
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
- CVE-2022-24523Apr 5, 2022risk 0.01cvss —epss 0.07
Microsoft Edge (Chromium-based) Spoofing Vulnerability
- CVE-2021-30615Sep 3, 2021risk 0.01cvss —epss 0.08
Chromium: CVE-2021-30615 Cross-origin data leak in Navigation
- CVE-2019-1023Jun 12, 2019risk 0.01cvss —epss 0.12
An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. In a web-based attack scenario, an attacker could host a website in an attempt to exploit the vulnerability. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could trick a user into clicking a link that takes the user to the attacker's site. The security update addresses the vulnerability by changing how the scripting engine handles objects in memory.
- CVE-2019-0990Jun 12, 2019risk 0.01cvss —epss 0.12
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge (HTML-based) and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory.
- CVE-2026-0102Feb 17, 2026risk 0.00cvss —epss 0.00
Under specific conditions, a malicious webpage may trigger autofill population after two consecutive taps, potentially without clear or intentional user consent. This could result in disclosure of stored autofill data such as addresses, email, or phone number metadata.
- CVE-2026-0391Feb 5, 2026risk 0.00cvss —epss 0.00
User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.
- CVE-2026-21223Jan 16, 2026risk 0.00cvss —epss 0.00
Improper privilege management in Microsoft Edge (Chromium-based) allows an authorized attacker to bypass a security feature locally.
- CVE-2025-62223Dec 5, 2025risk 0.00cvss —epss 0.00
User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network.
- CVE-2025-60711Oct 31, 2025risk 0.00cvss —epss 0.00
Protection mechanism failure in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
- CVE-2025-59251Sep 24, 2025risk 0.00cvss —epss 0.00
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
- CVE-2025-47967Sep 16, 2025risk 0.00cvss —epss 0.00
Insufficient ui warning of dangerous operations in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.
- CVE-2025-53791Sep 5, 2025risk 0.00cvss —epss 0.00
Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.
- CVE-2025-47963Jul 11, 2025risk 0.00cvss —epss 0.02
No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
Page 1 of 10