Kaspersky Threats

Detect date

?

04/15/2021

Severity

?

Warning

Description

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, execute arbitrary code, obtain sensitive information, spoof user interface.

Below is a complete list of vulnerabilities:

An implementation vulnerability in Autofill can be exploited to cause denial of service.
A validation of untrusted input vulnerability in Mojo can be exploited to bypass security restrictions.
A use after free vulnerability in permissions can be exploited to cause denial of service or execute arbitrary code.
A use after free vulnerability in extentions can be exploited to cause denial of service or execute arbitrary code.
An implementation vulnerability in storage component can be exploited to cause denial of service.
A policy enforcement vulnerability in navigation component to bypass security restrictions.
A use after free vulnerability in WebMIDI can be exploited to cause denial of service or execute arbitrary code.
A use after free vulnerability in Blink can be exploited to cause denial of service or execute arbitrary code.
An implementation vulnerability in Network can be exploited to cause denial of service.
An uninitialized use vulnerability in PDFium can be exploited to obtain sensitive information.
A security UI vulnerability in Network Config UI can be exploited to spoof user interface.
An implementation vulnerability in Navigation can be exploited to cause denial of service.
A use after free vulnerability in IndexedDB can be exploited to cause denial of service or execute arbitrary code.
A use after free vulnerability in Network API can be exploited to cause denial of service or execute arbitrary code.
A data validation vulnerability in QR scanner can be exploited to bypass security restrictions.

Affected products

Microsoft Edge (Chromium-based)

Solution

Install necessary updates from the Settings and more menu, that are listed in your About Microsoft Edge page (Microsoft Edge About page usually can be accessed from the Help and feedback option)
Microsoft Edge update settings

Original advisories

CVE-2021-21203
CVE-2021-21212
CVE-2021-21217
CVE-2021-21213
CVE-2021-21204
CVE-2021-21214
CVE-2021-21211
CVE-2021-21201
CVE-2021-21210
CVE-2021-21219
CVE-2021-21215
CVE-2021-21202
CVE-2021-21218
CVE-2021-21216
CVE-2021-21209
CVE-2021-21205
CVE-2021-21221
CVE-2021-21207
CVE-2021-21208

Impacts

?

ACE

[?]

OSI

[?]

DoS

[?]

SB

[?]

SUI

[?]

Detect date ?	04/15/2021
Severity ?	Warning
Description	Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, execute arbitrary code, obtain sensitive information, spoof user interface. Below is a complete list of vulnerabilities: An implementation vulnerability in Autofill can be exploited to cause denial of service. A validation of untrusted input vulnerability in Mojo can be exploited to bypass security restrictions. A use after free vulnerability in permissions can be exploited to cause denial of service or execute arbitrary code. A use after free vulnerability in extentions can be exploited to cause denial of service or execute arbitrary code. An implementation vulnerability in storage component can be exploited to cause denial of service. A policy enforcement vulnerability in navigation component to bypass security restrictions. A use after free vulnerability in WebMIDI can be exploited to cause denial of service or execute arbitrary code. A use after free vulnerability in Blink can be exploited to cause denial of service or execute arbitrary code. An implementation vulnerability in Network can be exploited to cause denial of service. An uninitialized use vulnerability in PDFium can be exploited to obtain sensitive information. A security UI vulnerability in Network Config UI can be exploited to spoof user interface. An implementation vulnerability in Navigation can be exploited to cause denial of service. A use after free vulnerability in IndexedDB can be exploited to cause denial of service or execute arbitrary code. A use after free vulnerability in Network API can be exploited to cause denial of service or execute arbitrary code. A data validation vulnerability in QR scanner can be exploited to bypass security restrictions.
Affected products	Microsoft Edge (Chromium-based)
Solution	Install necessary updates from the Settings and more menu, that are listed in your About Microsoft Edge page (Microsoft Edge About page usually can be accessed from the Help and feedback option) Microsoft Edge update settings
Original advisories	CVE-2021-21203 CVE-2021-21212 CVE-2021-21217 CVE-2021-21213 CVE-2021-21204 CVE-2021-21214 CVE-2021-21211 CVE-2021-21201 CVE-2021-21210 CVE-2021-21219 CVE-2021-21215 CVE-2021-21202 CVE-2021-21218 CVE-2021-21216 CVE-2021-21209 CVE-2021-21205 CVE-2021-21221 CVE-2021-21207 CVE-2021-21208
Impacts ?	ACE [?] OSI [?] DoS [?] SB [?] SUI [?]
Related products	Microsoft Edge
CVE-IDS ?	CVE-2021-212164.3Warning CVE-2021-212214.3Warning CVE-2021-212016.8High CVE-2021-212026.8High CVE-2021-212094.3Warning CVE-2021-212055.8High CVE-2021-212136.8High CVE-2021-212046.8High CVE-2021-212104.3Warning CVE-2021-212194.3Warning CVE-2021-212036.8High CVE-2021-212124.3Warning CVE-2021-212114.3Warning CVE-2021-212076.8High CVE-2021-212154.3Warning CVE-2021-212184.3Warning CVE-2021-212146.8High CVE-2021-212174.3Warning CVE-2021-212084.3Warning
Microsoft official advisories	Microsoft Security Update Guide
	Find out the statistics of the vulnerabilities spreading in your region

KLA12145Multiple vulnerabilities in Microsoft Browser

KLA12145
Multiple vulnerabilities in Microsoft Browser