Dashboard: Zero-Days in Desktop Web Browsers

Tracking exploited zero-day vulnerabilities in desktop web browsers



Chrome
Firefox
IE
Hardened IE*
Safari
8
5
4
1
7


The most exploited web browser is Chrome
The least exploited web browser is IE

Dashboard timeframe: 2019-01-01 to date (updated Nov 2020)



Date
Browser
CVE Reference
CVSS
Type
Vendor Advisory
11 Nov 2020
Chrome
CVE-2020-16017
8.8
Security Bypass
11 Nov 2020
Chrome
CVE-2020-16013
8.8
Heap corruption
02 Nov 2020
Chrome
CVE-2020-16009
8.8
Heap corruption
20 Oct 2020
Chrome
CVE-2020-15999
8.8
Heap corruption
11 Aug 2020
IE
CVE-2020-1380
7.5
Use-after-free
14 Jul 2020
Chrome
CVE-2020-6519
8.2
Security Bypass
03 Apr 2020
Firefox
CVE-2020-6820
8.8
Use-after-free
03 Apr 2020
Firefox
CVE-2020-6819
8.8
Use-after-free
03 Apr 2020
Safari
CVE-2020-3852
N/A
N/A
03 Apr 2020
Safari
CVE-2020-3864
N/A
N/A
03 Apr 2020
Safari
CVE-2020-3865
N/A
N/A
03 Apr 2020
Safari
CVE-2020-3885
N/A
N/A
03 Apr 2020
Safari
CVE-2020-3887
N/A
N/A
03 Apr 2020
Safari
CVE-2020-9784
N/A
N/A
03 Apr 2020
Safari
CVE-2020-9787
N/A
N/A
26 Feb 2020
Chrome
CVE-2020-6418
6.5
Type confusion
17 Jan 2020
IE
CVE-2020-0674
7.5
Use-after-free
08 Jan 2020
Firefox
CVE-2019-17026
8.8
Type confusion
12 Nov 2019
IE
CVE-2019-1429
7.5
Use-after-free
02 Nov 2019
Chrome
CVE-2019-13720
8.8
Use-after-free
23 Sep 2019
IE
CVE-2019-1367
7.5
Use-after-free
18 Jun 2019
Firefox
CVE-2019-11708
10.0
Input validation
18 Jun 2019
Firefox
CVE-2019-11707
8.8
Type confusion
01 Mar 2019
Chrome
CVE-2019-5786
6.5
Use-after-free



*4 out of the last 5 zero-day exploits in IE11 are due to critical bugs in legacy (and obsolete) scripting engines, which are no longer used on the modern web but can still be forcibly loaded by a malicious web page. In Windows 10, it is possible to disable those scripting engines using system-wide registry settings. Alternatively, Nessie is an IE-based browser that dynamically blocks accesses to unsafe legacy scripting DLLs.


Source: nvd.nist.gov


Follow
@hexatoms to get notified of changes.