Solutions for:
Home Products
Small Business
Medium Business
Enterprise
Vulnerabilities Threats
Home Vulnerabilities

Multiple vulnerabilities in Microsoft Browser

Kaspersky ID:
KLA91045
Detect Date:
05/15/2026
Updated:
05/18/2026

Description

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, bypass security restrictions, spoof user interface, obtain sensitive information.

Below is a complete list of vulnerabilities:

  1. A remote code execution vulnerability in Input can be exploited remotely to execute arbitrary code.
  2. A remote code execution vulnerability in Extensions can be exploited remotely to execute arbitrary code.
  3. Denial of service vulnerability in FileSystem can be exploited remotely to cause denial of service.
  4. Denial of service vulnerability in Media can be exploited remotely to cause denial of service.
  5. Denial of service vulnerability in GPU can be exploited remotely to cause denial of service.
  6. Denial of service vulnerability in UI can be exploited remotely to cause denial of service.
  7. A remote code execution vulnerability in GTK can be exploited remotely to execute arbitrary code.
  8. Denial of service vulnerability in WebAudio can be exploited remotely to cause denial of service.
  9. A remote code execution vulnerability in HID can be exploited remotely to execute arbitrary code.
  10. A remote code execution vulnerability in Blink can be exploited remotely to execute arbitrary code.
  11. A remote code execution vulnerability in ANGLE can be exploited remotely to execute arbitrary code.
  12. Security vulnerability in Network can be exploited to bypass security restrictions.
  13. A remote code execution vulnerability in Core can be exploited remotely to execute arbitrary code.
  14. A remote code execution vulnerability in Google Lens can be exploited remotely to execute arbitrary code.
  15. Denial of service vulnerability in Chromoting can be exploited remotely to cause denial of service.
  16. A remote code execution vulnerability in Internationalization can be exploited remotely to execute arbitrary code.
  17. Security vulnerability in Passwords can be exploited to bypass security restrictions.
  18. Denial of service vulnerability in WebML can be exploited remotely to cause denial of service.
  19. A spoofing vulnerability in Microsoft Edge (Chromium-based) can be exploited remotely to spoof user interface.
  20. Security vulnerability in IFrame Sandbox can be exploited to bypass security restrictions.
  21. A remote code execution vulnerability in GPU can be exploited remotely to execute arbitrary code.
  22. A remote code execution vulnerability in Mojo can be exploited remotely to execute arbitrary code.
  23. A remote code execution vulnerability in Media can be exploited remotely to execute arbitrary code.
  24. A remote code execution vulnerability in Fonts can be exploited remotely to execute arbitrary code.
  25. A remote code execution vulnerability in Codecs can be exploited remotely to execute arbitrary code.
  26. Denial of service vulnerability in V8 can be exploited remotely to cause denial of service.
  27. A remote code execution vulnerability in Downloads can be exploited remotely to execute arbitrary code.
  28. Denial of service vulnerability in DataTransfer can be exploited remotely to cause denial of service.
  29. A remote code execution vulnerability in Microsoft Edge (Chromium-based) can be exploited remotely to execute arbitrary code.
  30. Denial of service vulnerability in ANGLE can be exploited remotely to cause denial of service.
  31. Security vulnerability in GPU can be exploited to bypass security restrictions.
  32. A remote code execution vulnerability in UI can be exploited remotely to execute arbitrary code.
  33. Denial of service vulnerability in Downloads can be exploited remotely to cause denial of service.
  34. A remote code execution vulnerability in XML can be exploited remotely to execute arbitrary code.
  35. A remote code execution vulnerability in Accessibility can be exploited remotely to execute arbitrary code.
  36. Denial of service vulnerability in Skia can be exploited remotely to cause denial of service.
  37. Denial of service vulnerability in WebRTC can be exploited remotely to cause denial of service.
  38. A remote code execution vulnerability in Dawn can be exploited remotely to execute arbitrary code.
  39. Denial of service vulnerability in SwiftShader can be exploited remotely to cause denial of service.
  40. Denial of service vulnerability in SiteIsolation can be exploited remotely to cause denial of service.
  41. Denial of service vulnerability in CORS can be exploited remotely to cause denial of service.
  42. Security vulnerability in AI can be exploited to bypass security restrictions.
  43. A remote code execution vulnerability in WebShare can be exploited remotely to execute arbitrary code.
  44. A remote code execution vulnerability in Skia can be exploited remotely to execute arbitrary code.
  45. Information disclosure vulnerability in Navigation can be exploited to obtain sensitive information.
  46. Denial of service vulnerability in Views can be exploited remotely to cause denial of service.
  47. A security feature bypass vulnerability in Microsoft Edge (Chromium-based) can be exploited remotely to bypass security restrictions.
  48. A remote code execution vulnerability in FileSystem can be exploited remotely to execute arbitrary code.
  49. Security UI vulnerability in Fullscreen can be exploited to spoof user interface.
  50. Security vulnerability in ViewTransitions can be exploited to bypass security restrictions.
  51. Security vulnerability in Payments can be exploited to bypass security restrictions.
  52. Security vulnerability in SanitizerAPI can be exploited to bypass security restrictions.
  53. Denial of service vulnerability in Codecs can be exploited remotely to cause denial of service.
  54. Security vulnerability in Compositing can be exploited to bypass security restrictions.
  55. A remote code execution vulnerability in Aura can be exploited remotely to execute arbitrary code.
  56. Denial of service vulnerability in ReadingMode can be exploited remotely to cause denial of service.
  57. A remote code execution vulnerability in Network can be exploited remotely to execute arbitrary code.
  58. Denial of service vulnerability in Fonts can be exploited remotely to cause denial of service.

Original advisories

Exploitation

Related products

CVE list

  • CVE-2026-8509
    critical
  • CVE-2026-8510
    critical
  • CVE-2026-8511
    critical
  • CVE-2026-8512
    critical
  • CVE-2026-8513
    critical
  • CVE-2026-8514
    critical
  • CVE-2026-8515
    critical
  • CVE-2026-8516
    high
  • CVE-2026-8517
    critical
  • CVE-2026-8518
    critical
  • CVE-2026-8519
    critical
  • CVE-2026-8523
    critical
  • CVE-2026-8524
    critical
  • CVE-2026-8525
    critical
  • CVE-2026-8526
    critical
  • CVE-2026-8527
    critical
  • CVE-2026-8528
    warning
  • CVE-2026-8529
    critical
  • CVE-2026-8530
    critical
  • CVE-2026-8531
    critical
  • CVE-2026-8532
    critical
  • CVE-2026-8533
    critical
  • CVE-2026-8534
    critical
  • CVE-2026-8535
    high
  • CVE-2026-8536
    warning
  • CVE-2026-8537
    warning
  • CVE-2026-8538
    high
  • CVE-2026-8539
    high
  • CVE-2026-8540
    critical
  • CVE-2026-8541
    high
  • CVE-2026-8542
    critical
  • CVE-2026-8543
    high
  • CVE-2026-8544
    critical
  • CVE-2026-8545
    warning
  • CVE-2026-8546
    high
  • CVE-2026-8547
    critical
  • CVE-2026-8548
    critical
  • CVE-2026-8549
    critical
  • CVE-2026-8550
    high
  • CVE-2026-8551
    critical
  • CVE-2026-8552
    warning
  • CVE-2026-8553
    warning
  • CVE-2026-8554
    warning
  • CVE-2026-8555
    critical
  • CVE-2026-8556
    warning
  • CVE-2026-8557
    critical
  • CVE-2026-8558
    critical
  • CVE-2026-8559
    warning
  • CVE-2026-8560
    warning
  • CVE-2026-8561
    high
  • CVE-2026-8562
    warning
  • CVE-2026-8563
    warning
  • CVE-2026-8565
    warning
  • CVE-2026-8566
    warning
  • CVE-2026-8567
    warning
  • CVE-2026-8568
    warning
  • CVE-2026-8569
    critical
  • CVE-2026-8570
    high
  • CVE-2026-8571
    critical
  • CVE-2026-8572
    warning
  • CVE-2026-8573
    critical
  • CVE-2026-8575
    critical
  • CVE-2026-8576
    warning
  • CVE-2026-8577
    critical
  • CVE-2026-8578
    warning
  • CVE-2026-8579
    warning
  • CVE-2026-8580
    critical
  • CVE-2026-8581
    critical
  • CVE-2026-8582
    high
  • CVE-2026-8584
    warning
  • CVE-2026-8585
    critical
  • CVE-2026-8586
    high
  • CVE-2026-8587
    critical
  • CVE-2026-45494
    high
  • CVE-2026-45495
    critical
  • CVE-2026-45492
    high

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com

Found an inaccuracy in the description of this vulnerability? Let us know!
Kaspersky Next
Let’s go Next: redefine your business’s cybersecurity
Learn more
New Kaspersky!
Your digital life deserves complete protection!
Learn more
Related articles
14 May 2026
Securelist
Kimsuky targets organizations with PebbleDash-based tools
12 May 2026
Securelist
State of ransomware in 2026
08 May 2026
Securelist
CVE-2025-68670: discovering an RCE vulnerability in xrdp
07 May 2026
Securelist
Exploits and vulnerabilities in Q1 2026
06 May 2026
Securelist
OceanLotus suspected of using PyPI to deliver ZiChatBot malware
06 May 2026
Securelist
Websites with an undefined trust level: avoiding the trap
Found an inaccuracy in the description of this vulnerability?
If you found a new Threat or Vulnerability, please, let us know by email:
newvirus@kaspersky.com
Found a new Threat or Vulnerability?
If you found a new Threat or Vulnerability, please, let us know by email:
newvirus@kaspersky.com
Solutions for
Home Products
Small Business
Medium Business
Enterprise
Select language
Severity level
Critical
High
Warning
Sorting
Kaspersky ID
Vulnerability
Detect date
Severity
You must select at least one severity level
Do you want to save your changes?
Your message has been sent successfully.