Microsoft Edge Chromium vulnerabilities

210 known vulnerabilities affecting microsoft/edge_chromium.

Total CVEs

210

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL12HIGH98MEDIUM93LOW7

Vulnerabilities

Page 10 of 11

CVE-2021-30609HIGHCVSS 8.8≤ 93.0.4577.632021-09-03

CVE-2021-30609 [HIGH] CWE-416 CVE-2021-30609: Chromium: CVE-2021-30609 Use after free in Sign-In Chromium: CVE-2021-30609 Use after free in Sign-In

nvd

CVE-2021-30607HIGHCVSS 8.8≤ 93.0.4577.632021-09-03

CVE-2021-30607 [HIGH] CWE-416 CVE-2021-30607: Chromium: CVE-2021-30607 Use after free in Permissions Chromium: CVE-2021-30607 Use after free in Permissions

nvd

CVE-2021-30615MEDIUMCVSS 6.5≤ 93.0.4577.632021-09-03

CVE-2021-30615 [MEDIUM] CVE-2021-30615: Chromium: CVE-2021-30615 Cross-origin data leak in Navigation Chromium: CVE-2021-30615 Cross-origin data leak in Navigation

nvd

CVE-2021-36928HIGHCVSS 7.8fixed in 92.0.902.552021-08-26

CVE-2021-36928 [HIGH] CWE-59 CVE-2021-36928: Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

nvd

CVE-2021-36931HIGHCVSS 7.8fixed in 92.0.902.552021-08-26

CVE-2021-36931 [HIGH] CWE-269 CVE-2021-36931: Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

nvd

CVE-2021-36929MEDIUMCVSS 5.5fixed in 92.0.902.552021-08-26

CVE-2021-36929 [MEDIUM] CVE-2021-36929: Microsoft Edge (Chromium-based) Information Disclosure Vulnerability Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

nvd

CVE-2021-33741HIGHCVSS 7.5fixed in 91.0.864.412021-06-08

CVE-2021-33741 [HIGH] CVE-2021-33741: Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

nvd

CVE-2021-21157HIGHCVSS 8.8fixed in 88.0.4324.1822021-02-22

CVE-2021-21157 [HIGH] CWE-416 CVE-2021-21157: Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote atta Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2021-21124CRITICALCVSS 9.6fixed in 88.0.705.502021-02-09

CVE-2021-21124 [CRITICAL] CWE-416 CVE-2021-21124: Potential user after free in Speech Recognizer in Google Chrome on Android prior to 88.0.4324.96 all Potential user after free in Speech Recognizer in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

nvd

CVE-2021-21132CRITICALCVSS 9.6fixed in 88.0.705.502021-02-09

CVE-2021-21132 [CRITICAL] CWE-1021 CVE-2021-21132: Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote att Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted Chrome Extension.

nvd

CVE-2021-21121CRITICALCVSS 9.6fixed in 88.0.705.502021-02-09

CVE-2021-21121 [CRITICAL] CWE-416 CVE-2021-21121: Use after free in Omnibox in Google Chrome on Linux prior to 88.0.4324.96 allowed a remote attacker Use after free in Omnibox in Google Chrome on Linux prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

nvd

CVE-2021-21127HIGHCVSS 8.8fixed in 88.0.705.502021-02-09

CVE-2021-21127 [HIGH] CVE-2021-21127: Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remot Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass content security policy via a crafted Chrome Extension.

nvd

CVE-2021-21125HIGHCVSS 8.1fixed in 88.0.705.502021-02-09

CVE-2021-21125 [HIGH] CWE-59 CVE-2021-21125: Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 88.0.4324.96 Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.

nvd

CVE-2021-21120HIGHCVSS 8.8fixed in 88.0.705.502021-02-09

CVE-2021-21120 [HIGH] CWE-416 CVE-2021-21120: Use after free in WebSQL in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potenti Use after free in WebSQL in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2021-21122HIGHCVSS 8.8fixed in 88.0.705.502021-02-09

CVE-2021-21122 [HIGH] CWE-416 CVE-2021-21122: Use after free in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentia Use after free in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2021-21128HIGHCVSS 8.8fixed in 88.0.705.502021-02-09

CVE-2021-21128 [HIGH] CWE-787 CVE-2021-21128: Heap buffer overflow in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to po Heap buffer overflow in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2021-21118HIGHCVSS 8.8fixed in 88.0.705.502021-02-09

CVE-2021-21118 [HIGH] CWE-119 CVE-2021-21118: Insufficient data validation in V8 in Google Chrome prior to 88.0.4324.96 allowed a remote attacker Insufficient data validation in V8 in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

nvd

CVE-2021-21119HIGHCVSS 8.8fixed in 88.0.705.502021-02-09

CVE-2021-21119 [HIGH] CWE-416 CVE-2021-21119: Use after free in Media in Google Chrome prior to 88.0.4324.96 allowed a remote attacker who had com Use after free in Media in Google Chrome prior to 88.0.4324.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2021-21139MEDIUMCVSS 6.5fixed in 88.0.705.502021-02-09

CVE-2021-21139 [MEDIUM] CWE-1021 CVE-2021-21139: Inappropriate implementation in iframe sandbox in Google Chrome prior to 88.0.4324.96 allowed a remo Inappropriate implementation in iframe sandbox in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

nvd

CVE-2021-21134MEDIUMCVSS 6.5fixed in 88.0.705.502021-02-09

CVE-2021-21134 [MEDIUM] CWE-290 CVE-2021-21134: Incorrect security UI in Page Info in Google Chrome on iOS prior to 88.0.4324.96 allowed a remote at Incorrect security UI in Page Info in Google Chrome on iOS prior to 88.0.4324.96 allowed a remote attacker to spoof security UI via a crafted HTML page.

nvd

← Previous10 / 11Next →