Microsoft has published a series of Security Update Guide entries for Microsoft Edge and related components addressing multiple spoofing vulnerabilities, alongside one tampering issue and one security feature bypass flaw. The affected products span Edge (Chromium-based), Edge for iOS, and Edge WebView2, with CVEs including CVE-2022-29147, CVE-2022-23264, CVE-2022-44688, CVE-2023-29334, CVE-2023-36026, CVE-2023-36029, CVE-2024-29049, CVE-2024-30055, CVE-2024-38093, CVE-2024-38221, CVE-2025-21262, and CVE-2026-33118. Microsoft also listed Edge for iOS spoofing bugs CVE-2023-36883 and CVE-2024-30057, indicating the issue class extends beyond the desktop browser.
Additional advisories show Microsoft addressing related but distinct Edge weaknesses, including the tampering vulnerability CVE-2022-23261 and the security feature bypass vulnerability CVE-2025-53791. While the advisories provided no public synopsis, the volume and recurrence of spoofing-class fixes across several release cycles indicate an ongoing need for organizations to keep Edge, iOS mobile deployments, and embedded WebView2 runtimes fully patched to reduce exposure to deceptive content, identity misrepresentation, and browser trust-boundary abuse.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
28 events from the most recent confirmed update back to the earliest known activity.
Microsoft released a Security Update Guide entry for CVE-2026-13942 affecting Microsoft Edge. The reference indicates a new vulnerability disclosure event distinct from the CVEs already captured in the timeline.
A new CVE record for CVE-2026-58283 disclosed a high-severity Microsoft Edge (Chromium-based) spoofing vulnerability. The reference lists Microsoft as the source, gives a CVSS 3.1 score of 8.1, and shows the CVE as published on July 3, 2026.
A new CVE record for CVE-2026-58282 disclosed a high-severity Microsoft Edge (Chromium-based) spoofing vulnerability. The reference lists Microsoft as the source, gives a CVSS 3.1 score of 8.1, and shows the CVE as published on July 3, 2026.
A new CVE record for CVE-2026-58286 disclosed a high-severity Microsoft Edge (Chromium-based) spoofing vulnerability. The reference lists Microsoft as the source, gives a CVSS 3.1 score of 8.1, and shows the CVE as published on July 3, 2026.
Microsoft released a Security Update Guide entry for CVE-2026-33118, a Microsoft Edge (Chromium-based) spoofing vulnerability.
Microsoft released a Security Update Guide entry for CVE-2025-65046, a low-severity Microsoft Edge (Chromium-based) spoofing vulnerability involving extension popups overlaying permission or screen-share prompts. Microsoft said the flaw was not publicly disclosed or exploited in the wild and that a fix was available in Edge version 143.0.3650.88.
Microsoft released a Security Update Guide entry for CVE-2025-47964, a Microsoft Edge (Chromium-based) spoofing vulnerability.
Microsoft released a Security Update Guide entry for CVE-2025-47963, a Microsoft Edge (Chromium-based) spoofing vulnerability.
Microsoft released a Security Update Guide entry for CVE-2025-21404, a Microsoft Edge (Chromium-based) spoofing vulnerability.
Microsoft released a Security Update Guide entry for CVE-2025-53791, a Microsoft Edge (Chromium-based) security feature bypass vulnerability.
Microsoft released a Security Update Guide entry for CVE-2025-21262, a Microsoft Edge (Chromium-based) spoofing vulnerability. Duplicate references point to the same disclosure event.
Microsoft released a Security Update Guide entry for CVE-2024-49054, a Microsoft Edge (Chromium-based) spoofing vulnerability.
Microsoft released a Security Update Guide entry for CVE-2024-30055, a Microsoft Edge (Chromium-based) spoofing vulnerability.
Microsoft released a Security Update Guide entry for CVE-2024-38221, a Microsoft Edge (Chromium-based) spoofing vulnerability.
Microsoft released a Security Update Guide entry for CVE-2024-38093, a Microsoft Edge (Chromium-based) spoofing vulnerability.
Microsoft released a Security Update Guide entry for CVE-2024-30057, a Microsoft Edge for iOS spoofing vulnerability.
Microsoft released a Security Update Guide entry for CVE-2024-29049, a Microsoft Edge (Chromium-based) WebView2 spoofing vulnerability.
Microsoft released a Security Update Guide entry for CVE-2024-21336, a Microsoft Edge (Chromium-based) spoofing vulnerability.
Microsoft released a Security Update Guide entry for CVE-2023-36026, a Microsoft Edge (Chromium-based) spoofing vulnerability.
Microsoft released a Security Update Guide entry for CVE-2023-21794, a Microsoft Edge (Chromium-based) spoofing vulnerability.
Microsoft released a Security Update Guide entry for CVE-2023-36883, a Microsoft Edge for iOS spoofing vulnerability.
Microsoft released a Security Update Guide entry for CVE-2023-29334, a Microsoft Edge (Chromium-based) spoofing vulnerability.
Microsoft released a Security Update Guide entry for CVE-2023-36029, a Microsoft Edge (Chromium-based) spoofing vulnerability.
Microsoft released a Security Update Guide entry for CVE-2022-23264, a Microsoft Edge (Chromium-based) spoofing vulnerability.
Microsoft released a Security Update Guide entry for CVE-2022-26905, a Microsoft Edge (Chromium-based) spoofing vulnerability.
Microsoft released a Security Update Guide entry for CVE-2022-44688, a Microsoft Edge (Chromium-based) spoofing vulnerability.
Microsoft released a Security Update Guide entry for CVE-2022-29147, a Microsoft Edge (Chromium-based) spoofing vulnerability.
Microsoft released a Security Update Guide entry for CVE-2022-23261, a Microsoft Edge (Chromium-based) tampering vulnerability.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
29 references tracked. Mallory keeps watching after this page renders.
cvefeed.io
Open sourcecvefeed.io
Open sourcecvefeed.io
Open sourcemsrc.microsoft.com
Open sourcemsrc.microsoft.com
Open sourcemsrc.microsoft.com
Open sourcemsrc.microsoft.com
Open sourcemsrc.microsoft.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.