Microsoft has issued security advisories for a long-running series of remote code execution vulnerabilities affecting Microsoft Edge (Chromium-based), with disclosures spanning multiple product update cycles. The referenced flaws include CVE-2021-43221, CVE-2022-21929, CVE-2022-33636, CVE-2022-38012, CVE-2023-21775, CVE-2023-36008, CVE-2023-36022, CVE-2023-36034, CVE-2024-38210, CVE-2024-38219, CVE-2024-43496, CVE-2024-43578, CVE-2024-43596, CVE-2024-49023, CVE-2025-21408, CVE-2025-25000, CVE-2025-29834, and CVE-2025-60711, all tracked by Microsoft as Edge RCE issues.
The advisories indicate continued patching of browser-exposed attack surface in Edge, including several clusters of RCE fixes released on the same day, suggesting bundled security updates across versions. While the entries provided do not include technical synopses or exploitation details, the repeated publication of Edge RCE bulletins through Microsoft Update Guide and MSRC portal pages shows sustained remediation activity for code-execution bugs that could be triggered through malicious web content or browser processing components, reinforcing the need for rapid browser update deployment across enterprise fleets.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
18 events from the most recent confirmed update back to the earliest known activity.
Microsoft published a Security Update Guide entry for CVE-2025-29834, identifying a remote code execution vulnerability in Microsoft Edge (Chromium-based).
Microsoft released Security Update Guide entries for CVE-2025-60711, a remote code execution vulnerability affecting Microsoft Edge (Chromium-based). Multiple references correspond to the same disclosure event.
Microsoft disclosed CVE-2025-21408 as a remote code execution vulnerability in Microsoft Edge (Chromium-based) through its Security Update Guide.
Microsoft published a Security Update Guide entry for CVE-2025-25000, a remote code execution vulnerability affecting Microsoft Edge (Chromium-based).
Microsoft released Security Update Guide entries for CVE-2024-43578, CVE-2024-43596, and CVE-2024-49023, all remote code execution vulnerabilities in Microsoft Edge (Chromium-based).
Microsoft disclosed CVE-2024-43496 as a remote code execution vulnerability affecting Microsoft Edge (Chromium-based).
Microsoft released a Security Update Guide entry for CVE-2024-38210, identifying a remote code execution vulnerability in Microsoft Edge (Chromium-based).
Microsoft disclosed CVE-2024-38219 as a remote code execution vulnerability in Microsoft Edge (Chromium-based) through its Security Update Guide.
Microsoft published a Security Update Guide entry for CVE-2023-36008, a remote code execution vulnerability affecting Microsoft Edge (Chromium-based).
Microsoft published a Security Update Guide entry for CVE-2023-36014, identifying a remote code execution vulnerability in Microsoft Edge (Chromium-based). This represents a separate vulnerability disclosure from other Edge advisories already in the timeline.
Microsoft published a Security Update Guide entry for CVE-2023-36887, identifying a remote code execution vulnerability in Microsoft Edge (Chromium-based). This is a separate Edge vulnerability disclosure from other 2023 advisories already in the timeline.
Microsoft released Security Update Guide entries for CVE-2023-36022 and CVE-2023-36034, both remote code execution vulnerabilities in Microsoft Edge (Chromium-based). Duplicate portal and advisory references indicate the same disclosure event.
Microsoft disclosed CVE-2023-21775 as a remote code execution vulnerability in Microsoft Edge (Chromium-based) via its Security Update Guide.
Microsoft published a Security Update Guide entry for CVE-2022-21931, identifying a remote code execution vulnerability in Microsoft Edge (Chromium-based). This represents a separate vulnerability disclosure from the other Edge advisories released the same day.
Microsoft disclosed CVE-2022-33636 as a remote code execution vulnerability in Microsoft Edge (Chromium-based) through its Security Update Guide.
Microsoft published a Security Update Guide entry for CVE-2022-38012, identifying a remote code execution vulnerability in Microsoft Edge (Chromium-based).
Microsoft released Security Update Guide advisories for CVE-2022-21929 and CVE-2022-21930, both remote code execution vulnerabilities affecting Microsoft Edge (Chromium-based). Portal and product advisory listings refer to the same disclosure date.
Microsoft released a Security Update Guide entry for CVE-2021-43221, a remote code execution vulnerability affecting Microsoft Edge (Chromium-based). This marks public disclosure of the vulnerability in Microsoft's advisory portal.
26 references tracked. Mallory keeps watching after this page renders.
msrc.microsoft.com
Open sourcemsrc.microsoft.com
Open sourcemsrc.microsoft.com
Open sourcemsrc.microsoft.com
Open sourceportal.msrc.microsoft.com
Open sourcemsrc.microsoft.com
Open sourcemsrc.microsoft.com
Open sourcemsrc.microsoft.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.