{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32187", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "state": "PUBLISHED", "assignerShortName": "microsoft", "dateReserved": "2026-03-11T00:26:53.426Z", "datePublished": "2026-03-27T20:42:05.339Z", "dateUpdated": "2026-03-27T22:33:21.656Z"}, "containers": {"cna": {"title": "Microsoft Edge (Chromium-based) Defense in Depth Vulnerability", "datePublic": "2026-03-27T14:00:00.000Z", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.0.0.0", "versionEndExcluding": "146.0.3856.84"}]}]}], "affected": [{"vendor": "Microsoft", "product": "Microsoft Edge (Chromium-based)", "versions": [{"version": "1.0.0.0", "lessThan": "146.0.3856.84", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "Microsoft Edge (Chromium-based) Defense in Depth Vulnerability", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "Defense in Depth", "lang": "en-US", "type": "Impact"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-03-27T22:33:21.656Z"}, "references": [{"name": "Microsoft Edge (Chromium-based) Defense in Depth Vulnerability", "tags": ["vendor-advisory", "patch"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32187"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "MEDIUM", "baseScore": 4.2, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C"}}]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Microsoft Edge (Chromium-based) Defense in Depth Vulnerability"}], "id": "CVE-2026-32187", "lastModified": "2026-03-30T13:26:07.647", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 2.5, "source": "secure@microsoft.com", "type": "Primary"}]}, "published": "2026-03-27T21:17:22.950", "references": [{"source": "secure@microsoft.com", "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32187"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Awaiting Analysis"}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[1.0.0.0,146.0.3856.84)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "edge_chromium", "vendor": "microsoft"}], "analysis": {"en": {"generated_at": "2026-03-28T06:36:03.363483+00:00", "value": {"mitigation_remediation": ["Update Microsoft Edge to the latest version via Windows Update or the Edge update channel to apply the fix for CVE\u20112026\u201132187.", "Verify that the update includes the CVE\u20112026\u201132187 resolution by checking the Microsoft Security Update Guide release notes.", "If a patch is not yet available, mitigate exposure by disabling or restricting extensions that could affect security controls as a temporary measure.", "Continue to monitor Microsoft advisories for updates or additional mitigations regarding this vulnerability.", "Maintain Edge at the most current release so that all known security issues are addressed promptly."], "summary": {"action": "Apply Patch", "impact": "Security Control By\u2011Pass"}, "threat_synthesis": {"affected_systems": "Affected products include Microsoft Edge (Chromium\u2011based) according to the CNA vendor/product information. Version specifics are not provided in the CVE data, so it is unclear which exact releases are impacted. Until an official patch is released, it is prudent to treat all currently deployed Edge Chromium builds as potentially vulnerable.", "description_and_impact": "Microsoft Edge (Chromium\u2011based) contains a defense\u2011in\u2011depth weakness that allows an attacker to bypass layered security safeguards within the browser. The flaw does not directly enable code execution or data theft, but it undermines the confidence that standard browser protections will stop malicious activity, potentially allowing other attacks to succeed.", "risk_and_exploitability": "The CVSS score of 4.2 indicates moderate severity, and no EPSS score or KEV listing suggests no known exploitation to date. The likely attack vector is client\u2011side, requiring an attacker to persuade a user to load a malicious web page or otherwise trigger the flawed code path. Overall risk to an unpatched system is low on a coarse metric, but the loss of defense integrity could facilitate subsequent attacks."}}}}, "created": "2026-03-29T20:30:00.894885+00:00", "updated": "2026-03-30T07:00:20.081055+00:00", "vendors": ["microsoft", "microsoft$PRODUCT$edge_chromium"], "weaknesses": ["CWE-250", "CWE-284"]}