Msrc Microsoft Edge vulnerabilities

CVE-2026-1861 [HIGH] Chromium: CVE-2026-1861 Heap buffer overflow in libvpx Chromium: CVE-2026-1861 Heap buffer overflow in libvpx Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: What is the version information for this release? Microsoft Edge Version Date Released Based on Chromium Version 144.0.3719.115 02/05/2026 144.0.7559.132/.133 FAQ: Why

CVE-2026-2649 [HIGH] Chromium: CVE-2026-2649 Integer overflow in V8 Chromium: CVE-2026-2649 Integer overflow in V8 Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: What is the version information for this release? Microsoft Edge Version Date Released Based on Chromium Version 145.0.3800.70 02/20/2026 145.0.7632.109/110 FAQ: Why is this Chrome CVE

CVE-2026-2441 [HIGH] Chromium: CVE-2026-2441 Use after free in CSS Chromium: CVE-2026-2441 Use after free in CSS Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. Google is aware that an exploit for CVE-2026-2441 exists in the wild. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open S

CVE-2026-2319 [HIGH] Chromium: CVE-2026-2319 Race in DevTools Chromium: CVE-2026-2319 Race in DevTools Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is

CVE-2026-2322 [MEDIUM] Chromium: CVE-2026-2322 Heap buffer overflow in Codecs Chromium: CVE-2026-2322 Heap buffer overflow in Codecs Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsof

CVE-2026-2320 [MEDIUM] Chromium: CVE-2026-2320 Inappropriate implementation in File input Chromium: CVE-2026-2320 Inappropriate implementation in File input Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which

CVE-2026-2316 [MEDIUM] Chromium: CVE-2026-2316 Insufficient policy enforcement in Frames Chromium: CVE-2026-2316 Insufficient policy enforcement in Frames Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which i

CVE-2026-2317 [MEDIUM] Chromium: CVE-2026-2317 Inappropriate implementation in Animation Chromium: CVE-2026-2317 Inappropriate implementation in Animation Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which i

CVE-2026-0391 [MEDIUM] CWE-451 Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability Description: User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? The attacker must correctly craft convincin

CVE-2026-2323 [MEDIUM] Chromium: CVE-2026-2323 Inappropriate implementation in Downloads Chromium: CVE-2026-2323 Inappropriate implementation in Downloads Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which i

CVE-2026-2318 [MEDIUM] CVE-2026-2318: CVE-2026-2318 Description: This CVE was assigned by Chrome CVE-2026-2318 Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-base

CVE-2026-3063 [MEDIUM] Chromium: CVE-2026-3063 Inappropriate implementation in DevTools Chromium: CVE-2026-3063 Inappropriate implementation in DevTools Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is

CVE-2026-0102 [LOW] CWE-359 Microsoft Edge (Chromium-based) Defense in Depth Vulnerability Microsoft Edge (Chromium-based) Defense in Depth Vulnerability Description: Under specific conditions, a malicious webpage may trigger autofill population after two consecutive taps, potentially without clear or intentional user consent. This could result in disclosure of stored autofill data such as addresses, email, or phone number metadata. FAQ: According to the CVSS metric, user interaction is requir

CVE-2026-0907 [CRITICAL] Chromium: CVE-2026-0907 Incorrect security UI in Split View Chromium: CVE-2026-0907 Incorrect security UI in Split View Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed

CVE-2026-0905 [CRITICAL] Chromium: CVE-2026-0905 Insufficient policy enforcement in Network Chromium: CVE-2026-0905 Insufficient policy enforcement in Network Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) whi

CVE-2026-0906 [CRITICAL] Chromium: CVE-2026-0906 Incorrect security UI Chromium: CVE-2026-0906 Incorrect security UI Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium

CVE-2026-0628 [HIGH] Chromium: CVE-2026-0628 Insufficient policy enforcement in WebView tag Chromium: CVE-2026-0628 Insufficient policy enforcement in WebView tag Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: What is the version information for this release? Microsoft Edge Version Date Released Based on Chromium Version 143.0.3650.139 01/08/2026

CVE-2026-0902 [HIGH] Chromium: CVE-2026-0902 Inappropriate implementation in V8 Chromium: CVE-2026-0902 Inappropriate implementation in V8 Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Mi

CVE-2026-21223 [HIGH] CWE-269 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability Description: Improper privilege management in Microsoft Edge (Chromium-based) allows an authorized attacker to bypass a security feature locally. FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An authenticated local attacker can disable or enable Windows VBS without administ

CVE-2026-0908 [HIGH] Chromium: CVE-2026-0908 Use after free in ANGLE Chromium: CVE-2026-0908 Use after free in ANGLE Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium