Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Edge
(Microsoft)| Repositories | https://github.com/Microsoft/ChakraCore |
| #Vulnerabilities | 747 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-11-25 | CVE-2022-4135 | Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | Chrome, Edge, Edge_chromium | 9.6 | ||
| 2023-09-28 | CVE-2023-5217 | Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | Ipad_os, Iphone_os, Debian_linux, Fedora, Chrome, Edge, Edge_chromium, Firefox, Thunderbird, Enterprise_linux, Libvpx | 8.8 | ||
| 2024-08-21 | CVE-2024-7971 | Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | Chrome, Edge | 9.6 | ||
| 2022-12-13 | CVE-2022-44708 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | Edge, Edge_chromium | 8.3 | ||
| 2023-11-03 | CVE-2023-36029 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | Edge | 4.3 | ||
| 2024-02-23 | CVE-2024-26188 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | Edge | N/A | ||
| 2024-03-07 | CVE-2024-26167 | Microsoft Edge for Android Spoofing Vulnerability | Edge | N/A | ||
| 2020-05-21 | CVE-2020-1037 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. | Chakracore, Edge | 7.5 | ||
| 2020-05-21 | CVE-2020-1056 | An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain.In a web-based attack scenario, an attacker could host a website that is used to attempt to exploit the vulnerability, aka 'Microsoft Edge Elevation of Privilege Vulnerability'. | Edge | 8.1 | ||
| 2020-05-21 | CVE-2020-1059 | A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content, aka 'Microsoft Edge Spoofing Vulnerability'. | Edge | 4.3 |