Dashboard: Zero-Days in Desktop Web Browsers

The most exploited web browser is Chrome
The least exploited web browser is IE

Dashboard timeframe: 2019-01-01 to date (updated Nov 2020)

Date	Browser	CVE Reference	CVSS	Type	Vendor Advisory
11 Nov 2020	Chrome	CVE-2020-16017	8.8	Security Bypass	Link
11 Nov 2020	Chrome	CVE-2020-16013	8.8	Heap corruption	Link
02 Nov 2020	Chrome	CVE-2020-16009	8.8	Heap corruption	Link
20 Oct 2020	Chrome	CVE-2020-15999	8.8	Heap corruption	Link
11 Aug 2020	IE	CVE-2020-1380	7.5	Use-after-free	Link
14 Jul 2020	Chrome	CVE-2020-6519	8.2	Security Bypass	Link
03 Apr 2020	Firefox	CVE-2020-6820	8.8	Use-after-free	Link
03 Apr 2020	Firefox	CVE-2020-6819	8.8	Use-after-free	Link
03 Apr 2020	Safari	CVE-2020-3852	N/A	N/A	Link
03 Apr 2020	Safari	CVE-2020-3864	N/A	N/A	Link
03 Apr 2020	Safari	CVE-2020-3865	N/A	N/A	Link
03 Apr 2020	Safari	CVE-2020-3885	N/A	N/A	Link
03 Apr 2020	Safari	CVE-2020-3887	N/A	N/A	Link
03 Apr 2020	Safari	CVE-2020-9784	N/A	N/A	Link
03 Apr 2020	Safari	CVE-2020-9787	N/A	N/A	Link
26 Feb 2020	Chrome	CVE-2020-6418	6.5	Type confusion	Link
17 Jan 2020	IE	CVE-2020-0674	7.5	Use-after-free	Link
08 Jan 2020	Firefox	CVE-2019-17026	8.8	Type confusion	Link
12 Nov 2019	IE	CVE-2019-1429	7.5	Use-after-free	Link
02 Nov 2019	Chrome	CVE-2019-13720	8.8	Use-after-free	Link
23 Sep 2019	IE	CVE-2019-1367	7.5	Use-after-free	Link
18 Jun 2019	Firefox	CVE-2019-11708	10.0	Input validation	Link
18 Jun 2019	Firefox	CVE-2019-11707	8.8	Type confusion	Link
01 Mar 2019	Chrome	CVE-2019-5786	6.5	Use-after-free	Link

*4 out of the last 5 zero-day exploits in IE11 are due to critical bugs in legacy (and obsolete) scripting engines, which are no longer used on the modern web but can still be forcibly loaded by a malicious web page. In Windows 10, it is possible to disable those scripting engines using system-wide registry settings. Alternatively, Nessie is an IE-based browser that dynamically blocks accesses to unsafe legacy scripting DLLs.

Source: nvd.nist.gov

Follow @hexatoms to get notified of changes.