Microsoft has patched critical vulnerabilities in Edge. Users should update to the latest version to ensure security.
Asec Ahnlab identified these flaws in Edge versions 127.0.6533.88 and 127.0.6533.89.
All about the vulnerabilities
Microsoft’s update addresses three critical vulnerabilities that enable arbitrary code execution or out-of-bounds memory access through crafted HTML content. The details are:
Improper Data Validation in Dawn (CVE-2024-7256): This vulnerability in Microsoft Edge’s Dawn component allows attackers to execute arbitrary code using crafted HTML content, leading to potential system compromise.
Uninitialized Use in Dawn (CVE-2024-6990): An uninitialized use flaw in the Dawn component enables attackers to perform out-of-bounds memory access with crafted HTML, which can cause system instability or further exploitation.
Vulnerability in WebTransport Feature (CVE-2024-7255): This flaw in the WebTransport feature of Microsoft Edge allows attackers to perform out-of-bounds memory access via crafted HTML, potentially compromising system security.
Patch Details
Microsoft has released patches to address these vulnerabilities in the latest update. Users should update through Windows Update or visit the official Microsoft website.
Patches for Microsoft Edge 127.0.6533.88/89 (Chromium-based) are now available. Security experts stress the importance of updating software to protect against threats. Microsoft’s swift response underscores its commitment to security. Users should update their browsers immediately to prevent potential exploits.
Follow Us on: Twitter, Instagram, Facebook to get the latest security news!
Leave A Comment