Microsoft Edge Chromium vulnerabilities
205 known vulnerabilities affecting microsoft/edge_chromium.
Total CVEs
205
CISA KEV
9
actively exploited
Public exploits
3
Exploited in wild
7
Severity breakdown
CRITICAL11HIGH97MEDIUM90LOW7
Vulnerabilities
Page 10 of 11
CVE-2021-36929MEDIUMCVSS 5.5fixed in 92.0.902.552021-08-26
CVE-2021-36929 [MEDIUM] CVE-2021-36929: Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
nvd
CVE-2021-33741HIGHCVSS 7.5fixed in 91.0.864.412021-06-08
CVE-2021-33741 [HIGH] CVE-2021-33741: Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
nvd
CVE-2021-21157HIGHCVSS 8.8fixed in 88.0.4324.1822021-02-22
CVE-2021-21157 [HIGH] CWE-416 CVE-2021-21157: Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote atta
Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2021-21124CRITICALCVSS 9.6fixed in 88.0.705.502021-02-09
CVE-2021-21124 [CRITICAL] CWE-416 CVE-2021-21124: Potential user after free in Speech Recognizer in Google Chrome on Android prior to 88.0.4324.96 all
Potential user after free in Speech Recognizer in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
nvd
CVE-2021-21132CRITICALCVSS 9.6fixed in 88.0.705.502021-02-09
CVE-2021-21132 [CRITICAL] CWE-1021 CVE-2021-21132: Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote att
Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted Chrome Extension.
nvd
CVE-2021-21121CRITICALCVSS 9.6fixed in 88.0.705.502021-02-09
CVE-2021-21121 [CRITICAL] CWE-416 CVE-2021-21121: Use after free in Omnibox in Google Chrome on Linux prior to 88.0.4324.96 allowed a remote attacker
Use after free in Omnibox in Google Chrome on Linux prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
nvd
CVE-2021-21127HIGHCVSS 8.8fixed in 88.0.705.502021-02-09
CVE-2021-21127 [HIGH] CVE-2021-21127: Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remot
Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass content security policy via a crafted Chrome Extension.
nvd
CVE-2021-21125HIGHCVSS 8.1fixed in 88.0.705.502021-02-09
CVE-2021-21125 [HIGH] CWE-59 CVE-2021-21125: Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 88.0.4324.96
Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.
nvd
CVE-2021-21120HIGHCVSS 8.8fixed in 88.0.705.502021-02-09
CVE-2021-21120 [HIGH] CWE-416 CVE-2021-21120: Use after free in WebSQL in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potenti
Use after free in WebSQL in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2021-21122HIGHCVSS 8.8fixed in 88.0.705.502021-02-09
CVE-2021-21122 [HIGH] CWE-416 CVE-2021-21122: Use after free in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentia
Use after free in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2021-21128HIGHCVSS 8.8fixed in 88.0.705.502021-02-09
CVE-2021-21128 [HIGH] CWE-787 CVE-2021-21128: Heap buffer overflow in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to po
Heap buffer overflow in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2021-21118HIGHCVSS 8.8fixed in 88.0.705.502021-02-09
CVE-2021-21118 [HIGH] CWE-119 CVE-2021-21118: Insufficient data validation in V8 in Google Chrome prior to 88.0.4324.96 allowed a remote attacker
Insufficient data validation in V8 in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
nvd
CVE-2021-21119HIGHCVSS 8.8fixed in 88.0.705.502021-02-09
CVE-2021-21119 [HIGH] CWE-416 CVE-2021-21119: Use after free in Media in Google Chrome prior to 88.0.4324.96 allowed a remote attacker who had com
Use after free in Media in Google Chrome prior to 88.0.4324.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2021-21139MEDIUMCVSS 6.5fixed in 88.0.705.502021-02-09
CVE-2021-21139 [MEDIUM] CWE-1021 CVE-2021-21139: Inappropriate implementation in iframe sandbox in Google Chrome prior to 88.0.4324.96 allowed a remo
Inappropriate implementation in iframe sandbox in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
nvd
CVE-2021-21134MEDIUMCVSS 6.5fixed in 88.0.705.502021-02-09
CVE-2021-21134 [MEDIUM] CWE-290 CVE-2021-21134: Incorrect security UI in Page Info in Google Chrome on iOS prior to 88.0.4324.96 allowed a remote at
Incorrect security UI in Page Info in Google Chrome on iOS prior to 88.0.4324.96 allowed a remote attacker to spoof security UI via a crafted HTML page.
nvd
CVE-2021-21123MEDIUMCVSS 6.5fixed in 88.0.705.502021-02-09
CVE-2021-21123 [MEDIUM] CWE-20 CVE-2021-21123: Insufficient data validation in File System API in Google Chrome prior to 88.0.4324.96 allowed a rem
Insufficient data validation in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.
nvd
CVE-2021-21135MEDIUMCVSS 6.5fixed in 88.0.705.502021-02-09
CVE-2021-21135 [MEDIUM] CWE-346 CVE-2021-21135: Inappropriate implementation in Performance API in Google Chrome prior to 88.0.4324.96 allowed a rem
Inappropriate implementation in Performance API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
nvd
CVE-2021-21133MEDIUMCVSS 6.5fixed in 88.0.705.502021-02-09
CVE-2021-21133 [MEDIUM] CVE-2021-21133: Insufficient policy enforcement in Downloads in Google Chrome prior to 88.0.4324.96 allowed an attac
Insufficient policy enforcement in Downloads in Google Chrome prior to 88.0.4324.96 allowed an attacker who convinced a user to download files to bypass navigation restrictions via a crafted HTML page.
nvd
CVE-2021-21130MEDIUMCVSS 6.5fixed in 88.0.705.502021-02-09
CVE-2021-21130 [MEDIUM] CVE-2021-21130: Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a
Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.
nvd
CVE-2021-21137MEDIUMCVSS 6.5fixed in 88.0.705.502021-02-09
CVE-2021-21137 [MEDIUM] CWE-74 CVE-2021-21137: Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote att
Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page.
nvd