Edit Content
Report Incident
English
Sinhala
Tamil

ADVISORY!

TLP : CLEAR

Date : 03/05/2024

REF NO : CERT / 2024/05/39

Microsoft Edge Multiple Vulnerabilities

Severity Level: High

Components Affected

  • Microsoft Edge (Stable) prior to 124.0.2478.80

Overview

Multiple vulnerabilities were identified in Microsoft Edge. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution and denial of service condition on the targeted system.

Description

  • Use after free in Picture In Picture in Google Chrome prior to 124.0.6367.118 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
  • Use after free in Dawn in Google Chrome prior to 124.0.6367.118 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Impact

  • Remote Code Execution
  • Denial of Service

Solution/ Workarounds

Before installation of the software, please visit the software vendor web-site for more details.

Apply fixes issued by the vendor:

  • Update to Microsoft Edge (Stable) version 124.0.2478.80 or later

Reference

  1. https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#may-2-2024
  2. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-4331
  3. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-4368

Disclaimer : The information provided herein is on an “as is” basis, without warranty of any kind.

Sri Lanka Computer Emergency Readiness Team | Coordination Centre

Linkedin-in Facebook-f Twitter Youtube

Quick Links

Useful Links

Contact

  • Hotline : 101
  • +94 11 269 1692
  • Room 4-112, BMICH, Bauddhaloka Mawatha, Colombo 07, Sri Lanka.
  • General inquiry: cert@cert.gov.lk
  • Security incidents: incidents@cert.gov.lk
  • Social media incidents: report@cert.gov.lk

Copyright © 2023 SRI LANKA CERT | CC