Microsoft Edge Chromium vulnerabilities

CVE-2026-45495 [CRITICAL] CWE-35 CVE-2026-45495: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

CVE-2026-45494 [MEDIUM] CWE-79 CVE-2026-45494: Microsoft Edge (Chromium-based) Spoofing Vulnerability Microsoft Edge (Chromium-based) Spoofing Vulnerability

CVE-2026-45492 [MEDIUM] CWE-20 CVE-2026-45492: Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypa Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.

CVE-2026-41107 [HIGH] CWE-73 CVE-2026-41107: External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized atta External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.

CVE-2026-42838 [MEDIUM] CWE-74 CVE-2026-42838: Improper neutralization of special elements in output used by a downstream component ('injection') i Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-0385 [MEDIUM] CWE-451 CVE-2026-0385: Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability

CVE-2026-0102 [LOW] CWE-359 CVE-2026-0102: Under specific conditions, a malicious webpage may trigger autofill population after two consecutive Under specific conditions, a malicious webpage may trigger autofill population after two consecutive taps, potentially without clear or intentional user consent. This could result in disclosure of stored autofill data such as addresses, email, or phone number metadata.

CVE-2026-21223 [HIGH] CWE-269 CVE-2026-21223: Improper privilege management in Microsoft Edge (Chromium-based) allows an authorized attacker to by Improper privilege management in Microsoft Edge (Chromium-based) allows an authorized attacker to bypass a security feature locally.

CVE-2025-65046 [LOW] CWE-451 CVE-2025-65046: Microsoft Edge (Chromium-based) Spoofing Vulnerability Microsoft Edge (Chromium-based) Spoofing Vulnerability

CVE-2025-14174 [HIGH] CWE-787 CVE-2025-14174: Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remot Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

CVE-2025-60711 [MEDIUM] CWE-693 CVE-2025-60711: Protection mechanism failure in Microsoft Edge (Chromium-based) allows an unauthorized attacker to e Protection mechanism failure in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

CVE-2025-59251 [HIGH] CWE-121 CVE-2025-59251: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

CVE-2025-53791 [MEDIUM] CWE-284 CVE-2025-53791: Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.

CVE-2025-47182 [MEDIUM] CWE-20 CVE-2025-47182: Improper input validation in Microsoft Edge (Chromium-based) allows an authorized attacker to bypass Improper input validation in Microsoft Edge (Chromium-based) allows an authorized attacker to bypass a security feature locally.

CVE-2025-47963 [MEDIUM] CWE-451 CVE-2025-47963: No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

CVE-2025-47964 [MEDIUM] CWE-451 CVE-2025-47964: Microsoft Edge (Chromium-based) Spoofing Vulnerability Microsoft Edge (Chromium-based) Spoofing Vulnerability

CVE-2025-49713 [HIGH] CWE-843 CVE-2025-49713: Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) all Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

CVE-2025-49741 [HIGH] CWE-268 CVE-2025-49741: No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.

CVE-2025-5419 [HIGH] CWE-125 CVE-2025-5419: Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2025-29834 [HIGH] CWE-125 CVE-2025-29834: Out-of-bounds read in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute cod Out-of-bounds read in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.