Edge@* Security Vulnerabilities and Issues — Edge@* CVE List

CVE•added 2022/11/25 1:15 a.m.•1149 views

CVE-2022-4135

Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

9.6CVSS9.3AI score0.00099EPSS

CVE•added 2017/02/26 11:59 p.m.•1037 views

CVE-2017-0037

Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheets ...

8.1CVSS6.4AI score0.91698EPSS

CVE•added 2023/07/14 6:15 p.m.•854 views

CVE-2023-36883

Microsoft Edge for iOS Spoofing Vulnerability

4.3CVSS4.5AI score0.00204EPSS

CVE•added 2021/02/22 10:15 p.m.•818 views

CVE-2021-21157

Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9AI score0.01551EPSS

CVE•added 2022/12/13 7:15 p.m.•714 views

CVE-2022-44708

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

8.3CVSS8.2AI score0.0027EPSS

CVE•added 2024/08/21 9:15 p.m.•397 views

CVE-2024-7971

Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

9.6CVSS6.8AI score0.00632EPSS

CVE•added 2017/05/12 2:29 p.m.•335 views

CVE-2017-0228

A remote code execution vulnerability exists in Microsoft browsers in the way JavaScript engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, CVE-...

7.6CVSS7.8AI score0.55566EPSS

CVE•added 2017/05/12 2:29 p.m.•308 views

CVE-2017-0238

A remote code execution vulnerability exists in Microsoft browsers in the way JavaScript scripting engines handle objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017...

7.6CVSS7.6AI score0.55566EPSS

CVE•added 2024/06/20 8:15 p.m.•252 views

CVE-2024-38082

Microsoft Edge (Chromium-based) Spoofing Vulnerability

4.7CVSS5AI score0.0025EPSS

CVE•added 2024/03/14 11:15 p.m.•250 views

CVE-2024-26246

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

3.9CVSS4.4AI score0.00293EPSS

CVE•added 2024/03/07 9:15 p.m.•248 views

CVE-2024-26167

Microsoft Edge for Android Spoofing Vulnerability

4.3CVSS5.3AI score0.00783EPSS

CVE•added 2021/02/09 2:15 p.m.•229 views

CVE-2021-21140

Uninitialized use in USB in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially perform out of bounds memory access via via a USB device.

6.8CVSS7AI score0.00171EPSS

CVE•added 2023/11/03 1:15 a.m.•226 views

CVE-2023-36029

Microsoft Edge (Chromium-based) Spoofing Vulnerability

4.3CVSS5.3AI score0.0012EPSS

CVE•added 2016/11/10 6:59 a.m.•225 views

CVE-2016-7202

The scripting engines in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," as demonstrated by the Chakra JavaSc...

CVE•added 2017/05/12 2:29 p.m.•217 views

CVE-2017-0224

A remote code execution vulnerability exists in the way JavaScript engines render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, CVE-2017...

7.6CVSS7.3AI score0.55566EPSS

CVE•added 2024/06/20 8:15 p.m.•216 views

CVE-2024-38093

Microsoft Edge (Chromium-based) Spoofing Vulnerability

4.3CVSS4.8AI score0.00516EPSS

CVE•added 2016/11/10 6:59 a.m.•210 views

CVE-2016-7243

The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7201, CV...

CVE•added 2016/11/10 6:59 a.m.•206 views

CVE-2016-7240

CVE•added 2016/11/10 6:59 a.m.•202 views

CVE-2016-7242

CVE•added 2016/11/10 6:59 a.m.•196 views

CVE-2016-7208

CVE•added 2017/05/12 2:29 p.m.•196 views

CVE-2017-0231

A spoofing vulnerability exists when Microsoft browsers render SmartScreen Filter, aka "Microsoft Browser Spoofing Vulnerability."

4.3CVSS5.6AI score0.07743EPSS

CVE•added 2016/11/10 6:59 a.m.•195 views

CVE-2016-7203

CVE•added 2024/03/22 10:15 p.m.•192 views

CVE-2024-26247

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

4.7CVSS4.9AI score0.0057EPSS

CVE•added 2021/02/09 2:15 p.m.•190 views

CVE-2021-21141

Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass file extension policy via a crafted HTML page.

6.5CVSS6.5AI score0.01664EPSS

CVE•added 2024/03/22 10:15 p.m.•184 views

CVE-2024-29057

Microsoft Edge (Chromium-based) Spoofing Vulnerability

4.3CVSS4.8AI score0.00856EPSS

CVE•added 2024/02/23 11:15 p.m.•183 views

CVE-2024-26188

Microsoft Edge (Chromium-based) Spoofing Vulnerability

4.3CVSS4.5AI score0.02461EPSS

CVE•added 2024/06/13 8:15 p.m.•173 views

CVE-2024-30057

Microsoft Edge for iOS Spoofing Vulnerability

5.4CVSS5.1AI score0.00442EPSS

CVE•added 2023/04/11 9:15 p.m.•156 views

CVE-2023-28301

Microsoft Edge (Chromium-based) Tampering Vulnerability

3.7CVSS4.3AI score0.01724EPSS

CVE•added 2022/01/25 10:15 p.m.•152 views

CVE-2022-23258

Microsoft Edge for Android Spoofing Vulnerability

4.3CVSS4.7AI score0.00839EPSS

CVE•added 2024/03/21 2:52 a.m.•147 views

CVE-2024-26196

Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability

4.3CVSS4.2AI score0.01225EPSS

CVE•added 2024/08/22 11:15 p.m.•144 views

CVE-2024-38208

Microsoft Edge for Android Spoofing Vulnerability

6.1CVSS6.2AI score0.00432EPSS

CVE•added 2023/04/11 9:15 p.m.•141 views

CVE-2023-28284

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

4.3CVSS4.8AI score0.00154EPSS

CVE•added 2024/08/26 12:15 p.m.•128 views

CVE-2024-41879

Acrobat Reader versions 127.0.2651.105 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

7.8CVSS7.8AI score0.01605EPSS

CVE•added 2017/05/12 2:29 p.m.•124 views

CVE-2017-0236

A remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-201...

CVE•added 2024/07/25 10:15 p.m.•120 views

CVE-2024-38103

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

5.9CVSS5.4AI score0.00829EPSS

CVE•added 2017/09/13 1:29 a.m.•117 views

CVE-2017-8750

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the ...

7.6CVSS7.1AI score0.24219EPSS

CVE•added 2017/05/12 2:29 p.m.•115 views

CVE-2017-0234

CVE•added 2017/01/10 9:59 p.m.•113 views

CVE-2017-0002

Microsoft Edge allows remote attackers to bypass the Same Origin Policy via vectors involving the about:blank URL and data: URLs, aka "Microsoft Edge Elevation of Privilege Vulnerability."

8.8CVSS8.3AI score0.14732EPSS

CVE•added 2016/10/14 2:59 a.m.•111 views

CVE-2016-7190

The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3386, CVE-2016-3389, and CVE-2016...

7.6CVSS7.6AI score0.78358EPSS

CVE•added 2024/09/12 3:15 a.m.•110 views

CVE-2024-38222

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

6.5CVSS6.1AI score0.0159EPSS

CVE•added 2017/09/13 1:29 a.m.•104 views

CVE-2017-8741

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the con...

7.6CVSS7.2AI score0.76981EPSS

CVE•added 2017/05/12 2:29 p.m.•102 views

CVE-2017-0229

A remote code execution vulnerability exists in Microsoft Edge in the way JavaScript engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, CVE-2017...

CVE•added 2017/11/15 3:29 a.m.•99 views

CVE-2017-11791

ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allo...

3.1CVSS4.7AI score0.17613EPSS

CVE•added 2018/03/14 5:29 p.m.•98 views

CVE-2018-0872

ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2...

7.6CVSS7.2AI score0.85621EPSS

CVE•added 2017/03/17 12:59 a.m.•97 views

CVE-2017-0068

Browsers in Microsoft Edge allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Edge Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0009, CVE-2017-0011, CVE-2017-0017, and CVE-2017-...

4.3CVSS4.2AI score0.28148EPSS

CVE•added 2017/05/12 2:29 p.m.•97 views

CVE-2017-0235