KLA12349
Multiple vulnerabilities in Microsoft Browser

Updated: 08/04/2022
Detect date
?
11/09/2021
Severity
?
Critical
Description

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to spoof user interface, execute arbitrary code.

Below is a complete list of vulnerabilities:

  1. A spoofing vulnerability in Microsoft Edge can be exploited remotely to spoof user interface.
  2. A memory corruption vulnerability in Chakra Scripting Engine can be exploited remotely to execute arbitrary code.
Affected products

Microsoft Edge (Chromium-based) in IE Mode
ChakraCore

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2021-41351
CVE-2021-42279

Impacts
?
ACE 
[?]

SUI 
[?]
Related products
Microsoft Edge
ChakraCore
KB list

5007206
5007186
5007215
5007189

Microsoft official advisories
Microsoft Security Update Guide
Find out the statistics of the vulnerabilities spreading in your region