Skip to main content

Microsoft Edge Chromium Based CVE-2026-33118

| EUVDEUVD-2026-21601 MEDIUM
User Interface (UI) Misrepresentation of Critical Information (CWE-451)
2026-04-10 microsoft
4.3
CVSS 3.1 · Vendor: microsoft
Temporal: 3.8
Share

Severity by source

Vendor (microsoft) PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CIRCL (temporal)
3.8 LOW
cvss

Primary rating from Vendor (microsoft).

CVSS VectorVendor: microsoft

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

4
EUVD ID Assigned
Apr 10, 2026 - 21:45 euvd
EUVD-2026-21601
Analysis Generated
Apr 10, 2026 - 21:45 vuln.today
Patch released
Apr 10, 2026 - 21:45 nvd
Patch available
CVE Published
Apr 10, 2026 - 21:20 nvd
MEDIUM 4.3

DescriptionCVE.org

Microsoft Edge (Chromium-based) Spoofing Vulnerability

AnalysisAI

Microsoft Edge (Chromium-based) allows remote attackers to spoof visual elements through a low-complexity network-based attack requiring user interaction, potentially disclosing limited information to unauthenticated users. The vulnerability affects all versions of Microsoft Edge based on Chromium and carries a CVSS score of 4.3 with low confidentiality impact but no code execution or availability risk. A vendor-released patch is available.

Technical ContextAI

This spoofing vulnerability in Microsoft Edge (Chromium-based) exploits weaknesses in the browser's rendering or UI validation mechanisms, likely related to how the application handles display of security-critical visual elements such as address bars, security indicators, or authentication dialogs. The Chromium browser engine, which powers Microsoft Edge, implements multiple layers of user interface protection; however, this CVE indicates a gap in spoofing defenses. The attack requires network accessibility (AV:N) and low attack complexity (AC:L), suggesting the flaw does not require exploiting additional system conditions or multiple chained vulnerabilities. While no CWE is specified, spoofing vulnerabilities typically fall under improper input validation or inadequate visual authentication verification.

RemediationAI

Vendor-released patch is available from Microsoft. Users should update Microsoft Edge (Chromium-based) to the patched version specified in the Microsoft Security Update Guide (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33118). Most Microsoft Edge installations configured with automatic updates will receive the patch automatically; manual updates can be triggered via the browser's Settings menu (Help > About Microsoft Edge). No workarounds are documented; patching is the recommended remediation. Review the advisory for the exact patched build version and apply it immediately.

CVE-2026-57983 CRITICAL
10.0 Jul 03

Security-feature bypass in Microsoft Edge (Chromium-based) versions prior to 150.0.4078.48 lets a remote, unauthenticate

CVE-2026-57981 HIGH
8.8 Jul 03

Remote code execution in Microsoft Edge (Chromium-based) stems from a use-after-free memory corruption flaw (CWE-416) th

CVE-2026-57974 HIGH
8.8 Jul 03

Remote code execution in Microsoft Edge (Chromium-based) allows an unauthenticated attacker to run arbitrary code by lur

CVE-2026-56645 HIGH
8.8 Jul 03

Remote code execution in Microsoft Edge (Chromium-based) stems from a heap-based buffer overflow (CWE-122) that a networ

CVE-2026-57985 HIGH
8.8 Jul 03

Remote code execution in Microsoft Edge (Chromium-based) before version 150.0.4078.48 allows an unauthenticated remote a

CVE-2026-50521 HIGH
8.3 Jul 01

Remote code execution in Microsoft Edge (Chromium-based) stems from a use-after-free (CWE-416) memory-corruption flaw th

CVE-2026-58281 HIGH
8.3 Jul 11

Remote code execution in Microsoft Edge (Chromium-based) lets an unauthenticated network attacker run arbitrary code by

CVE-2026-58289 HIGH
8.3 Jul 03

Remote code execution in Microsoft Edge (Chromium-based) before 150.0.4078.48 allows an unauthenticated attacker to run

CVE-2026-58596 HIGH
8.3 Jul 12

Privilege elevation in Microsoft Edge (Chromium-based) lets a network attacker escalate privileges by luring a victim in

CVE-2026-58288 HIGH
8.3 Jul 03

Remote code execution in Microsoft Edge (Chromium-based) stems from a use-after-free (CWE-416) memory-corruption flaw th

CVE-2026-58285 HIGH
8.3 Jul 03

Remote code execution in Microsoft Edge (Chromium-based) via a type-confusion flaw (CWE-843) lets an unauthorized attack

CVE-2026-58287 HIGH
8.3 Jul 03

Remote code execution in Microsoft Edge (Chromium-based) allows an unauthorized attacker to run arbitrary code when a vi

Share

CVE-2026-33118 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy