Microsoft Edge Multiple Vulnerabilities

ADVISORY!

TLP : CLEAR

Date : 13/05/2024

REF NO : CERT / 2024/05/43

Severity Level: High

Components Affected

Microsoft Edge (Stable) prior to 124.0.2478.97

Overview

Multiple vulnerabilities were identified in Microsoft Edge. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, spoofing, remote code execution and sensitive information disclosure on the targeted system.

Description

CVE-2024-4558

Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2024-4559

Heap buffer overflow in WebAudio in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2024-4671

Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

CVE-2024-30055

Microsoft Edge (Chromium-based) Spoofing Vulnerability

Impact

Denial of Service
Remote Code Execution
Spoofing
Information Disclosure

Solution/ Workarounds

Before installation of the software, please visit the software vendor web-site for more details.

Apply fixes issued by the vendor:

Update to Microsoft Edge (Stable) version 124.0.2478.97 or later

Reference

Disclaimer : The information provided herein is on an “as is” basis, without warranty of any kind.

Sri Lanka Computer Emergency Readiness Team | Coordination Centre

Quick Links

Useful Links

Contact

Hotline : 101
+94 11 269 1692
Room 4-112, BMICH, Bauddhaloka Mawatha, Colombo 07, Sri Lanka.
General inquiry: cert@cert.gov.lk
Security incidents: incidents@cert.gov.lk
Social media incidents: report@cert.gov.lk

ADVISORY!