Our Terms & Conditions | Our Privacy Policy
The Indian Computer Emergency Response Team (CERT-In) has discovered multiple vulnerabilities in Microsoft Edge that can be exploited by a remote attacker to trigger remote code execution on the affected devices. In its advisory issued on September 24, 2024, the cyber security agency urges users to update their devices to the latest software version. CERT-In is a cyber security organisation under the Ministry of Electronics and Information Technology, Government of India.
Microsoft Edge version impacted
As per the CERT-In advisory, Microsoft Edge (Chromium-based) versions prior to 129.0.2792.52 are impacted by these vulnerabilities. It has a medium severity rating.
“Multiple vulnerabilities have been reported in Microsoft Edge (Chromium) which could be exploited by a remote attacker to trigger remote code execution, perform UI spoofing, exploit stack & heap corruption on the targeted system,” CERT-In says. These vulnerabilities, it says “exist in Microsoft Edge (Chromium) due to inappropriate implementation in UI, Autofill & V8; insufficient data validation in Omnibox, Type Confusion in V8, incorrect security UI in Downloads, Out-of-bounds Write issue and improper neutralization of input during web page generation.”
A remote attacker could exploit these vulnerabilities by persuading a victim to visit a specially crafted Website/HTML page.
What should users do
The government body advises users to update Microsoft Edge on their device to the latest version. Microsoft has released the latest Microsoft Edge Stable Channel (Version 129.0.2792.52) and Microsoft Edge Extended Stable Channel (128.0.2739.90) which incorporate the latest updates of the Chromium project. This update contains the following Microsoft Edge-specific updates: CVE-2024-43489, CVE-2024-43496 and CVE-2024-38221.
Images are for reference only.Images and contents gathered automatic from google or 3rd party sources.All rights on the images and contents are with their legal original owners.
Aggregated From –
Comments are closed.