KLA12019
Multiple vulnerabilities in Microsoft Browsers

Updated: 12/10/2020
Detect date
?
12/08/2020
Severity
?
Critical
Description

Multiple vulnerabilities were found in Microsoft Browsers. Malicious users can exploit these vulnerabilities to spoof user interface, execute arbitrary code.

Below is a complete list of vulnerabilities:

  1. A spoofing vulnerability in Microsoft Edge for Android can be exploited remotely to spoof user interface.
  2. A memory corruption vulnerability in Chakra Scripting Engine can be exploited remotely to execute arbitrary code.
Affected products

ChakraCore
Microsoft Edge (EdgeHTML-based)
Microsoft Edge for Android

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2020-17153
CVE-2020-17131

Impacts
?
ACE 
[?]

SUI 
[?]
Related products
Microsoft Edge
ChakraCore
CVE-IDS
?
CVE-2020-171530.0Unknown
CVE-2020-171310.0Unknown
KB list

4592449
4592440
4592438