255 matches found
CVE-2020-16009
CVE-2020-16009 is a Google Chrome/Chromium V8 type-confusion vulnerability that could allow remote code execution via a crafted HTML page. Root cause: type confusion in V8 before 86.0.4240.183. Affected product family includes Google Chrome and other Chromium-based browsers; Debian security advis...
CVE-2022-4135
CVE-2022-4135 affects Google Chrome/Chromium GPU code. It is a heap buffer overflow in the GPU path prior to Chrome 107.0.5304.121 that could allow a remote attacker (with renderer access) to escape the sandbox via a crafted HTML page. Chrome confirms exploitation in the wild; a stable-channel pa...
CVE-2017-0037
CVE-2017-0037 affects Microsoft Internet Explorer 10/11 and Microsoft Edge via a type confusion in mshtml.dll (Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement), enabling remote code execution through crafted CSS/JS sequences. Connected sources note public exploitation acti...
CVE-2023-36883
CVE-2023-36883 concerns a spoofing vulnerability in Microsoft Edge for iOS. The initial description identifies the issue as a spoofing vulnerability affecting Edge on iOS, but does not provide details on root cause, affected versions beyond the platform, or concrete exploitation methods. CVSS met...
CVE-2021-21157
CVE-2021-21157 : Use-after-free in the Web Sockets component of Chromium/ Google Chrome on Linux prior to 88.0.4324.182. The underlying issue is a use-after-free that could allow a remote attacker to potentially execute arbitrary code via a crafted HTML page, with impact described as heap corrupt...
CVE-2022-44708
CVE-2022-44708 is a Microsoft Edge (Chromium-based) Elevation of Privilege vulnerability. The initial document lists Edge Chromium-based Elevation of Privilege (CVE-2022-44708) with a CVSS v3.1 base score of 8.3 (High), attack vector Network, attack complexity High, privileges required None, user...
CVE-2025-47967
CVE-2025-47967 affects Microsoft Edge (Chromium-based) for Android. The vulnerability arises from insufficient user interface warnings for dangerous operations, enabling an unauthorized attacker to perform a network spoofing attack. According to the CVE details, the impact is a partial integrity ...
CVE-2024-7971
CVE-2024-7971 is a Type Confusion in Google Chrome’s V8 engine that allows remote heap corruption via a crafted HTML page. Affected software is Google Chrome (and Chromium-based browsers) prior to version 128.0.6613.84. The root cause is a V8 type confusion issue, enabling exploitation when proce...
CVE-2017-0228
Connected documents describe a remote code execution vulnerability in the JavaScript engine/memory handling path used by Microsoft Edge and the ChakraCore engine (Scripting Engine Memory Corruption). The advisories identify exploitation via memory corruption in object handling, affecting Edge/Cha...
CVE-2017-0238
CVE-2017-0238 is linked to memory-corruption in the JavaScript engine used by Microsoft Edge/ChakraCore. The connected advisories describe a remote code execution path when handling in-memory objects, affecting Edge/ChakraCore. Mitigation guidance in the docs points to applying Security Updates t...
CVE-2024-26246
CVE-2024-26246 affects Microsoft Edge (Chromium-based). The vulnerability is described as a Security Feature Bypass in Edge, with the affected component being Edge’s Chromium-based browser. The available data indicate a Low base severity (CVSS 3.1: 3.9), with confidentiality impact High and no in...
CVE-2024-26167
CVE-2024-26167 corresponds to a Microsoft Edge for Android spoofing vulnerability. Affected product: Microsoft Edge for Android (Chromium-based). Vulnerable item: user interface (UI) spoofing vulnerability in Edge for Android. Root cause is described as spoofing in the Edge browser, enabling a re...
CVE-2024-38082
CVE-2024-38082 affects Microsoft Edge (Chromium-based). The provided data describes a spoofing vulnerability in Edge with a CVSS v3.1 base score of 4.7 (Medium). Details show an external network vector requiring user interaction (AV:N, UI:R) and a changed scope (S:C) with no confidentiality impac...
CVE-2021-21140
CVE-2021-21140 affects Chromium/Google Chrome USB stack: uninitialized memory use in the USB implementation could allow a local attacker to cause out-of-bounds access. The vulnerability is associated with Chrome/Chromium builds before 88.0.4324.96. In affected advisories, remediation is to upgrad...
CVE-2016-7202
CVE-2016-7202 refers to a memory corruption vulnerability in the Chakra JavaScript scripting engine used by Microsoft Edge/IE (the “Scripting Engine Memory Corruption Vulnerability”). The connected advisories describe RCE/DoS opportunities via crafted web content, with ChakraCore as the adversari...
CVE-2023-36029
CVE-2023-36029 applies to Microsoft Edge (Chromium-based) and is described as a spoofing vulnerability. The vulnerability is labeled with a Network attack vector, low to moderate impact (Integrity impact: Low; Confidentiality/Availability: None) and requires user interaction for exploitation, wit...
CVE-2017-0224
CVE-2017-0224 describes a remote code execution in Microsoft Edge via the scripting engine memory corruption when handling objects in memory. Connected advisories (GHSA entries) confirm a Chakra/Edge scripting engine memory corruption vulnerability with similar implications, reinforcing that the ...
CVE-2024-38093
CVE-2024-38093 is corroborated by multiple connected sources as a Microsoft Edge (Chromium-based) spoofing vulnerability. The OpenVAS entry describes Edge as prone to multiple spoofing vulnerabilities and explicitly lists CVE-2024-38093 among them, but does not provide affected version ranges or ...
CVE-2016-7242
Affected software: Chakra JavaScript engine (ChakraCore) used by Microsoft Edge. Vulnerability type/impact: memory corruption that can allow remote attackers to execute arbitrary code or cause a denial of service via a crafted web site. Root cause/notes: described in the CVE as a memory-corruptio...
CVE-2016-7243
CVE-2016-7243 concerns the Chakra JavaScript engine in Microsoft Edge (ChakraCore) and allows remote attackers to execute arbitrary code or cause memory corruption via a crafted web site. Connected advisories confirm this as a ChakraCore RCE vulnerability distinct from other CVEs in the same fami...
CVE-2016-7240
CVE-2016-7240 refers to a ChakraCore/Microsoft Edge memory corruption vulnerability in the Chakra JavaScript engine that can lead to remote code execution or memory corruption via a crafted web site. The connected advisories (GHSA entries) describe it as a ChakraCore RCE vulnerability and disting...
CVE-2016-7208
Technical details about CVE-2016-7208 are not publicly provided in the supplied Connected documents. The available sources describe a ChakraCore memory corruption issue affecting Microsoft Edge , but no product/version/patch specifics are included. Monitor for updates.
CVE-2021-21141
CVE-2021-21141 affects Chromium-based browsers (Chrome/Chromium) up to version 88.0.4324.96, due to insufficient policy enforcement in the File System API. This allows a remote attacker to bypass the file-extension policy via a crafted HTML page. The issue is mitigated by upgrading to 88.0.4324.9...
CVE-2024-26247
CVE-2024-26247 is a Microsoft Edge (Chromium-based) security feature bypass vulnerability. Affected component: Edge’s Chromium-based browser; root cause: bypass of security features as described in multiple sources. Impact: ensures bypass with a CVSSv3.1 base score of 4.7 (Network, no confidentia...
CVE-2016-7203
CVE-2016-7203 concerns the Chakra JavaScript engine in Microsoft Edge, described as a memory corruption vulnerability that could allow remote code execution or a denial of service via a crafted website. Public details in the initial entry note the issue as distinct from other CVEs in the same fam...
CVE-2017-0231
Public technical details for CVE-2017-0231 are not provided in the connected documents. They only state a SmartScreen spoofing issue in Microsoft browsers; no affected products, versions, or remediation are specified. Monitor for updates.
CVE-2024-26188
CVE-2024-26188 (Microsoft Edge, Chromium-based) — Spoofing vulnerability affecting Edge for desktop/mobile (Chromium-based). Affected component: browser UI spoofing vector, with underlying issue described as spoofing vulnerability in Edge’s Chromium-based engine. CVSS 3.1: Network attack, no priv...
CVE-2024-29057
Microsoft Edge (Chromium-based) is affected by CVE-2024-29057, described as a spoofing vulnerability that can spoof user interface elements. The data indicates network-based access with low attack complexity and user interaction required, yielding a MEDIUM severity (CVSS 3.1: 4.3) and potential U...
CVE-2024-30057
CVE-2024-30057 — Microsoft Edge for iOS Spoofing Vulnerability Affected software: Microsoft Edge for iOS (and Edge Chromium-based variants listed in related advisories). What’s vulnerable: An unspecified spoofing vulnerability in Edge for iOS that can be exploited to spoof the user interface. The...
CVE-2022-23258
CVE-2022-23258: Microsoft Edge for Android spoofing vulnerability has concrete public details in connected documents. Affected product: Microsoft Edge for Android (Chromium-based). The issue is described as a UI spoofing vulnerability that could mislead users; underlying cause relates to spoofing...
CVE-2023-28301
CVE-2023-28301 refers to a Tampering Vulnerability in Microsoft Edge (Chromium-based). The provided documents identify the affected product as Microsoft Edge for Chromium-based builds, with remediation noted as updating to version 112.0.1722.34 or later (per Nessus plugin data). The exact root ca...
CVE-2024-26196
CVE-2024-26196 is a Chromium-based Microsoft Edge for Android information-disclosure vulnerability. The CVE entry describes an information disclosure flaw in Edge for Android; CVSSv3.1 base score 4.3 (Medium) with network attack vector, no privileges required, user interaction required, and impac...
CVE-2024-38208
CVE-2024-38208 is linked to a spoofing vulnerability in Microsoft Edge for Android. Connected sources describe a remote spoofing risk that could mislead users by spoofing the browser UI. Affected product: Microsoft Edge for Android (Chromium-based). The core issue is described as a spoofing vulne...
CVE-2024-41879
Adobe Acrobat Reader (versions 127.2651.105 and earlier) is affected by an out-of-bounds write vulnerability that can lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction (victim opens a malicious file); public exploits exist for this CVE. A ...
CVE-2023-28284
CVE-2023-28284 concerns Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability. Affected product: Edge (Chromium-based). The available data describe the issue as a Security Feature Bypass, with a CVSSv3 base score of 4.3 (Medium) and an attack vector of Network, requiring user inte...
CVE-2024-38103
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability (CVE-2024-38103) is documented in the CVE entry with a MEDIUM base score (CVSS 3.1) and edge network-based exposure. Connected documents corroborate that this CVE is part of a family of Edge vulnerabilities reported in 2024 (e.g...
CVE-2017-0236
The connected documentation confirms CVE-2017-0236 is a remote code execution vulnerability in Microsoft Edge’s Chakra JavaScript engine related to memory handling of objects, described as a Scripting Engine Memory Corruption vulnerability. The issue is triggered during rendering in memory, enabl...
CVE-2017-0234
CVE-2017-0234 corresponds to a remote code execution in the Chakra JavaScript engine used by Microsoft Edge, triggered by memory handling when rendering objects. Connected advisories confirm a ChakraCore/Edge scripting-engine memory corruption issue; exploitation would arise from the engine’s han...
CVE-2017-8750
CVE-2017-8750 is a memory corruption vulnerability in Microsoft Browsers (Internet Explorer and Edge) that allows remote code execution in the context of the current user when objects in memory are accessed improperly. Affected software includes Internet Explorer on Windows 7 SP1, Windows Server ...
CVE-2024-38222
Technical details for CVE-2024-38222 are not publicly provided in the connected documents; sources only identify an information disclosure vulnerability in Microsoft Edge (Chromium-based). Monitor official Microsoft advisories for specifics and patch guidance.
CVE-2016-7190
CVE-2016-7190 affects the Chakra JavaScript engine in Microsoft Edge. A memory corruption vulnerability triggered by a crafted web site can lead to remote code execution or a denial of service. Public references tie this family to MS16-119. Mitigation available via patching Edge/Windows as descri...
CVE-2017-0002
Microsoft Edge: CVE-2017-0002 is a Same Origin Policy bypass in Edge involving about:blank and data: URLs. A remote attacker could entice a user to a malicious page to bypass origin checks and disclose information across domains, effectively elevating access within affected Edge versions. Multipl...
CVE-2017-11843
CVE-2017-11843 affects ChakraCore and Microsoft Edge; described as a memory-corruption vulnerability in the scripting engine that lets an attacker gain the current user’s rights by manipulating in-memory objects. GHSA advisories indicate impact on Windows 10 (versions 1703 and 1709) and Windows S...
CVE-2017-11791
CVE-2017-11791 is described in the provided documents as an information-disclosure vulnerability affecting the scripting engine in ChakraCore/Internet Explorer. The vulnerability arises from how objects are handled in memory and is reported for Internet Explorer and ChakraCore components on Windo...
CVE-2017-8741
CVE-2017-8741 affects Internet Explorer/Edge rendering engines in Windows platforms; the vulnerability arises from how scripting engines render objects in memory, enabling an attacker to execute arbitrary code in the context of the current user. The Nessus-derived details describe a remote-code-e...
CVE-2018-0872
ChakraCore RCE vulnerability affecting ChakraCore and Windows components. The connected advisories describe a memory-correlation flaw in the Chakra scripting engine that enables remote code execution when handling objects in memory, impacting ChakraCore with Windows 10 versions (including 1703/17...
CVE-2017-0229
CVE-2017-0229 is linked to a remote code execution in Microsoft Edge via memory-corruption flaws in the scripting engine (Edge/Chakra) when handling in-memory objects. The connected advisories describe a ChakraCore/Edge RCE vulnerability with memory-corruption in the JavaScript engine, including...
CVE-2017-11837
CVE-2017-11837 affects ChakraCore/Edge scripting engine memory handling. Root cause: memory corruption when manipulating JavaScript objects in memory, enabling an attacker to execute code with the current user’s privileges. Affected products include ChakraCore and Microsoft Edge on Windows 10 (17...
CVE-2018-0891
The vulnerability is a ChakraCore/information-disclosure issue in the scripting engine. Public details show that ChakraCore and related components in Microsoft Edge/IE could disclose memory-resident objects due to scripting engine memory handling, affecting ChakraCore-based runtimes and Edge/IE o...
CVE-2016-7194
CVE-2016-7194 concerns the Chakra JavaScript engine used by Microsoft Edge. The connected advisories indicate a remote code execution / memory corruption vulnerability in ChakraCore, exploitable via a crafted web site, and note that this family includes CVE-2016-3386, CVE-2016-3389, and CVE-2016-...