Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Edge
(Microsoft)| Repositories | https://github.com/Microsoft/ChakraCore |
| #Vulnerabilities | 747 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-11-25 | CVE-2022-4135 | Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | Chrome, Edge, Edge_chromium | 9.6 | ||
| 2023-04-11 | CVE-2023-28284 | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | Edge | N/A | ||
| 2023-04-11 | CVE-2023-28301 | Microsoft Edge (Chromium-based) Tampering Vulnerability | Edge | N/A | ||
| 2023-07-14 | CVE-2023-36883 | Microsoft Edge for iOS Spoofing Vulnerability | Edge | N/A | ||
| 2015-01-23 | CVE-2015-0311 | Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through 11.2.202.438 on Linux allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in January 2015. | Flash_player, Edge, Internet_explorer, Linux_enterprise_desktop, Linux_enterprise_workstation_extension | 9.8 | ||
| 2015-02-02 | CVE-2015-0313 | Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2015, a different vulnerability than CVE-2015-0315, CVE-2015-0320, and CVE-2015-0322. | Flash_player, Edge, Internet_explorer, Evergreen, Opensuse, Linux_enterprise_desktop, Linux_enterprise_workstation_extension | 9.8 | ||
| 2025-02-06 | CVE-2025-21253 | Microsoft Edge for IOS and Android Spoofing Vulnerability | Edge | 5.3 | ||
| 2016-09-14 | CVE-2016-3351 | Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability." | Edge, Internet_explorer | 6.5 | ||
| 2016-11-10 | CVE-2016-7200 | The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243. | Edge | 8.8 | ||
| 2016-11-10 | CVE-2016-7201 | The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243. | Edge | 8.8 |