Microsoft Edge ↗
Microsoft · Browser
20/100 Critical · exploited
Summary iPlain-English security verdict for Microsoft Edge, generated from its current health score, actively-exploited vulnerabilities, and latest supported version.
Microsoft Edge currently scores 20/100 — critical, with active exploitation. 9 of its known vulnerabilities are being actively exploited in the wild (CISA KEV), including CVE-2023-4863. Upgrade immediately and review your exposure to the actively-exploited CVEs below. Note: this product is assessed at the product level on recent (365-day) activity rather than an exact per-version match, so it is never marked a confident "healthy".
Disclosure trend iNew CVEs published for Microsoft Edge each year (NVD). A higher bar means more disclosures that year — more scrutiny, not necessarily less safe.
'19
'20
'21
'22
'23
'24
'25
'26
Patch priority — what to act on iThe issues to fix first — actively exploited (CISA KEV) first, then by exploitation probability (EPSS), then severity. Each row's "→ fixed in" is the earliest version that patches it; "see advisory" means no fixed version is published.
Most urgent first — actively exploited, then likeliest to be exploited.
CVE-2023-4863 HIGH ● exploited Out-of-bounds write EPSS 93% → fixed in 116.0.1938.81 CVE-2020-16009 HIGH ● exploited Out-of-bounds write EPSS 84% → fixed in 86.0.4240.183 CVE-2023-4762 HIGH ● exploited CWE-843 EPSS 56% → fixed in 116.0.1938.76 CVE-2024-7965 HIGH ● exploited Out-of-bounds write EPSS 23% → fixed in 128.0.2739.42 CVE-2023-5217 HIGH ● exploited Out-of-bounds write EPSS 5% → see advisory CVE-2025-5419 HIGH ● exploited Out-of-bounds read EPSS 4% → fixed in 137.0.3296.62 CVE-2023-6345 CRITICAL ● exploited Integer overflow EPSS 1% → fixed in 119.0.2151.97 CVE-2025-14174 HIGH ● exploited Out-of-bounds write EPSS 0% → fixed in 143.0.3650.80 CVE-2022-4135 CRITICAL ● exploited Out-of-bounds write EPSS 0% → fixed in 107.0.5304.150 CVE-2023-6702 HIGH CWE-843 EPSS 58% → fixed in 120.0.2210.77 CVE-2021-21132 CRITICAL CWE-1021 EPSS 21% → fixed in 88.0.705.50 CVE-2021-21124 CRITICAL Use-after-free EPSS 11% → fixed in 88.0.705.50ℹ product-level posture (last 365d); exact per-version verdict pending precise version mapping