ADVISORY!
TLP : CLEAR
Date : 18/01/2024
REF NO : CERT / 2024/01/06
Microsoft Edge Multiple Vulnerabilities
Severity Level: High
Components Affected
- Microsoft Edge (Stable) prior to 120.0.2210.144
Overview
Multiple vulnerabilities were identified in Microsoft Edge. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, remote code execution and sensitive information disclosure on the targeted system.
Description
The version of Microsoft Edge installed on the remote Windows host is prior to 120.0.2210.144. It is, therefore, affected by multiple vulnerabilities
- Out of bounds write in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2024-0517)
- Type confusion in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2024-0518)
- Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2024-0519)
Impact
- Denial of Service
- Remote Code Execution
- Information Disclosure
Solution/ Workarounds
Before installation of the software, please visit the software vendor web-site for more details.
Apply fixes issued by the vendor:
- Update to Microsoft Edge (Stable) version 120.0.2210.144 or later
https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#january-17-2024
Reference
Disclaimer : The information provided herein is on an “as is” basis, without warranty of any kind.
Sri Lanka Computer Emergency Readiness Team | Coordination Centre
- Hotline : 101
- +94 11 269 1692
- Room 4-112, BMICH, Bauddhaloka Mawatha, Colombo 07, Sri Lanka.
- General inquiry: cert@cert.gov.lk
- Security incidents: incidents@cert.gov.lk
- Social media incidents: report@cert.gov.lk
