Solutions pour:
Particuliers
Petites entreprises
Moyennes entreprises
Grandes entreprises
Vulnérabilités Menaces
Accueil Vulnérabilités

Multiple vulnerabilities in Microsoft Browser

Kaspersky ID:
KLA90976
Date de la détection:
04/10/2026
Mis à jour:
04/14/2026

Description

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to cause denial of service, spoof user interface, obtain sensitive information, execute arbitrary code, bypass security restrictions.

Below is a complete list of vulnerabilities:

  1. Heap buffer overflow vulnerability in WebML can be exploited to cause denial of service.
  2. Incorrect security UI vulnerability in Omnibox can be exploited to spoof user interface.
  3. Uninitialized Use vulnerability in WebCodecs can be exploited to obtain sensitive information.
  4. Use after free vulnerability in V8 can be exploited to cause denial of service or execute arbitrary code.
  5. Use after free vulnerability in WebRTC can be exploited to cause denial of service or execute arbitrary code.
  6. Race vulnerability in V8 can be exploited to obtain sensitive information.
  7. Insufficient validation of untrusted input vulnerability in Media can be exploited remotely to execute arbitrary code.
  8. Inappropriate implementation vulnerability in Navigation can be exploited to cause denial of service.
  9. Insufficient policy enforcement vulnerability in browser UI can be exploited to spoof user interface.
  10. Use after free vulnerability in Blink can be exploited to cause denial of service or execute arbitrary code.
  11. Incorrect security UI vulnerability in browser UI can be exploited to spoof user interface.
  12. Incorrect security UI vulnerability in History Navigation can be exploited to spoof user interface.
  13. Integer overflow vulnerability in Media can be exploited to cause denial of service.
  14. Incorrect security UI vulnerability in Blink can be exploited to spoof user interface.
  15. Policy bypass vulnerability in Downloads can be exploited to bypass security restrictions.
  16. Insufficient validation of untrusted input vulnerability in Downloads can be exploited remotely to execute arbitrary code.
  17. Policy bypass vulnerability in LocalNetworkAccess can be exploited to bypass security restrictions.
  18. Race vulnerability in WebCodecs can be exploited to obtain sensitive information.
  19. Use after free vulnerability in PrivateAI can be exploited to cause denial of service or execute arbitrary code.
  20. Insufficient validation of untrusted input vulnerability in ANGLE can be exploited remotely to execute arbitrary code.
  21. Use after free vulnerability in Media can be exploited to cause denial of service or execute arbitrary code.
  22. Insufficient validation of untrusted input vulnerability in WebML can be exploited remotely to execute arbitrary code.
  23. Out of bounds read and write vulnerability in V8 can be exploited to cause denial of service.
  24. Policy bypass vulnerability in DevTools can be exploited to bypass security restrictions.
  25. Race vulnerability in Media can be exploited to obtain sensitive information.
  26. Insufficient validation of untrusted input vulnerability in WebSockets can be exploited remotely to execute arbitrary code.
  27. Side-channel information leakage vulnerability in Navigation can be exploited to obtain sensitive information.
  28. Policy bypass vulnerability in Blink can be exploited to bypass security restrictions.
  29. A spoofing vulnerability in Microsoft Edge (Chromium-based) for Android can be exploited remotely to spoof user interface.
  30. Incorrect security UI vulnerability in Permissions can be exploited to spoof user interface.
  31. Insufficient policy enforcement vulnerability in PWAs can be exploited to spoof user interface.
  32. Incorrect security UI vulnerability in Fullscreen can be exploited to spoof user interface.
  33. Integer overflow vulnerability in WebRTC can be exploited to cause denial of service.
  34. Policy bypass vulnerability in ServiceWorkers can be exploited to bypass security restrictions.
  35. Use after free vulnerability in Navigation can be exploited to cause denial of service or execute arbitrary code.
  36. Out of bounds read vulnerability in Blink can be exploited to cause denial of service.
  37. Inappropriate implementation vulnerability in PDF can be exploited to cause denial of service.
  38. Policy bypass vulnerability in IFrameSandbox can be exploited to bypass security restrictions.
  39. Integer overflow vulnerability in Skia can be exploited to cause denial of service.
  40. Heap buffer overflow vulnerability in ANGLE can be exploited to cause denial of service.
  41. Incorrect security UI vulnerability in Downloads can be exploited to spoof user interface.
  42. Cryptographic Flaw vulnerability in PDFium can be exploited to obtain sensitive information.
  43. Out of bounds read vulnerability in WebAudio can be exploited to cause denial of service.
  44. Inappropriate implementation vulnerability in V8 can be exploited to cause denial of service.
  45. Heap buffer overflow vulnerability in WebAudio can be exploited to cause denial of service.
  46. Insufficient data validation vulnerability in Media can be exploited to cause denial of service.
  47. Policy bypass vulnerability in Audio can be exploited to bypass security restrictions.
  48. Type confusion vulnerability in V8 can be exploited to cause denial of service.
  49. A spoofing vulnerability in Microsoft Edge (Chromium-based) can be exploited remotely to spoof user interface.
  50. Integer overflow vulnerability in WebML can be exploited to cause denial of service.
  51. Type confusion vulnerability in CSS can be exploited to cause denial of service.

Fiches de renseignement originales

Produits associés

Liste CVE

  • CVE-2026-5858
    critical
  • CVE-2026-5859
    critical
  • CVE-2026-5860
    critical
  • CVE-2026-5861
    critical
  • CVE-2026-5862
    critical
  • CVE-2026-5863
    critical
  • CVE-2026-5864
    warning
  • CVE-2026-5865
    critical
  • CVE-2026-5866
    critical
  • CVE-2026-5867
    warning
  • CVE-2026-5868
    critical
  • CVE-2026-5869
    warning
  • CVE-2026-5870
    critical
  • CVE-2026-5871
    critical
  • CVE-2026-5872
    critical
  • CVE-2026-5873
    critical
  • CVE-2026-5874
    critical
  • CVE-2026-5875
    warning
  • CVE-2026-5876
    high
  • CVE-2026-5877
    critical
  • CVE-2026-5878
    warning
  • CVE-2026-5879
    critical
  • CVE-2026-5880
    warning
  • CVE-2026-5881
    high
  • CVE-2026-5882
    warning
  • CVE-2026-5883
    unknown
  • CVE-2026-5884
    critical
  • CVE-2026-5885
    high
  • CVE-2026-5886
    high
  • CVE-2026-5887
    warning
  • CVE-2026-5888
    high
  • CVE-2026-5889
    warning
  • CVE-2026-5890
    unknown
  • CVE-2026-5891
    warning
  • CVE-2026-5892
    high
  • CVE-2026-5893
    high
  • CVE-2026-5894
    warning
  • CVE-2026-5895
    high
  • CVE-2026-5896
    high
  • CVE-2026-5897
    warning
  • CVE-2026-5898
    warning
  • CVE-2026-5899
    high
  • CVE-2026-5900
    warning
  • CVE-2026-5901
    high
  • CVE-2026-5902
    critical
  • CVE-2026-5903
    high
  • CVE-2026-5904
    critical
  • CVE-2026-5905
    high
  • CVE-2026-5906
    warning
  • CVE-2026-5907
    critical
  • CVE-2026-5908
    critical
  • CVE-2026-5909
    critical
  • CVE-2026-5910
    critical
  • CVE-2026-5911
    warning
  • CVE-2026-5912
    critical
  • CVE-2026-5913
    critical
  • CVE-2026-5914
    critical
  • CVE-2026-5915
    critical
  • CVE-2026-5918
    warning
  • CVE-2026-5919
    high
  • CVE-2026-33118
    warning
  • CVE-2026-33119
    high

Liste KB

En savoir plus

Découvrez les statistiques de la propagation des vulnérabilités dans votre région statistics.securelist.com

Vous avez trouvé une inexactitude dans la description de cette vulnérabilité ? Faites-le nous savoir !
Kaspersky IT Security Calculator:
Calculez le profil de sécurité de votre entreprise
Apprendre encore plus
Kaspersky!
Votre vie en ligne mérite une protection complète!
Apprendre encore plus
Related articles
15 April 2026
Securelist
Threat landscape for industrial automation systems in Q4 2025
13 April 2026
Securelist
JanelaRAT: a financial threat targeting users in Latin America
09 April 2026
Securelist
The long road to your crypto: ClipBanker and its marathon infection chain
08 April 2026
Securelist
Financial cyberthreats in 2025 and the outlook for 2026
01 April 2026
Securelist
A laughing RAT: CrystalX combines spyware, stealer, and prankware features
26 March 2026
Securelist
An AI gateway designed to steal your data
Vous avez trouvé une inexactitude dans la description de cette vulnérabilité ?
Si vous avez découvert une nouvelle menace ou vulnérabilité, veuillez nous en informer par e-mail :
newvirus@kaspersky.com
Vous avez découvert une nouvelle menace ou vulnérabilité ?
Si vous avez découvert une nouvelle menace ou vulnérabilité, veuillez nous en informer par e-mail :
newvirus@kaspersky.com
Solutions pour
Particuliers
Petites entreprises
Moyennes entreprises
Grandes entreprises
Select language
Severity level
Critical
High
Warning
Sorting
Kaspersky ID
Vulnérabilité
Detect date
Sévérité
You must select at least one severity level
Do you want to save your changes?
Your message has been sent successfully.