Edit Content
Report Incident
English
Sinhala
Tamil

ADVISORY!

TLP : CLEAR

Date : 21/06/2024

REF NO : CERT / 2024/06/56

Microsoft Edge Multiple Vulnerabilities

Severity Level: Medium

Components Affected

  • Microsoft Edge (Stable) prior to 126.0.2592.68

Overview

Multiple vulnerabilities were identified in Microsoft Edge. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution, denial of service condition and spoofing on the targeted system.

Description

Several vulnerabilities in Google Chrome versions prior to 126.0.6478.114 have been identified. A type confusion issue in V8 allowed remote attackers to execute arbitrary code via a crafted HTML page. An inappropriate implementation in V8 enabled out of bounds memory access, also through a crafted HTML page. Additionally, out of bounds memory access in Dawn could lead to heap corruption. Furthermore, a use-after-free vulnerability in Dawn posed similar heap corruption risks, all exploitable by remote attackers using specially crafted HTML pages.

Impact

  • Remote Code Execution
  • Denial of Service
  • Spoofing

Solution/ Workarounds

Before installation of the software, please visit the software vendor web-site for more details.

Apply fixes issued by the vendor:

  • Update to Microsoft Edge (Stable) version 126.0.2592.68 or later

Reference

Disclaimer : The information provided herein is on an “as is” basis, without warranty of any kind.

Sri Lanka Computer Emergency Readiness Team | Coordination Centre

Linkedin-in Facebook-f Twitter Youtube

Quick Links

Useful Links

Contact

  • Hotline : 101
  • +94 11 269 1692
  • Room 4-112, BMICH, Bauddhaloka Mawatha, Colombo 07, Sri Lanka.
  • General inquiry: cert@cert.gov.lk
  • Security incidents: incidents@cert.gov.lk
  • Social media incidents: report@cert.gov.lk

Copyright © 2023 SRI LANKA CERT | CC