KLA12450
Multiple vulnerabilities in Microsoft Browser

Updated: 02/10/2022
Detect date
?
02/02/2022
Severity
?
Warning
Description

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, bypass security restrictions.

Below is a complete list of vulnerabilities:

  1. Use after free vulnerability in Web Search can be exploited to cause denial of service or execute arbitrary code.
  2. Use after free vulnerability in Extensions can be exploited to cause denial of service or execute arbitrary code.
  3. Implementation vulnerability in Extensions Platform can be exploited to cause denial of service.
  4. Policy bypass vulnerability in COOP can be exploited to bypass security restrictions.
  5. Use after free vulnerability in Reader Mode can be exploited to cause denial of service or execute arbitrary code.
  6. Use after free vulnerability in Cast can be exploited to cause denial of service or execute arbitrary code.
  7. Use after free vulnerability in Thumbnail Tab Strip can be exploited to cause denial of service or execute arbitrary code.
  8. Use after free vulnerability in Accessibility can be exploited to cause denial of service or execute arbitrary code.
  9. Implementation vulnerability in Full Screen Mode can be exploited to cause denial of service.
  10. Use after free vulnerability in Screen Capture can be exploited to cause denial of service or execute arbitrary code.
  11. Implementation vulnerability in Scroll can be exploited to cause denial of service.
  12. Heap buffer overflow vulnerability in ANGLE can be exploited to cause denial of service.
  13. Use after free vulnerability in Payments can be exploited to cause denial of service or execute arbitrary code.
  14. Implementation vulnerability in Pointer Lock can be exploited to cause denial of service.
  15. Use after free vulnerability in Safe Browsing can be exploited to cause denial of service or execute arbitrary code.
  16. Out of bounds memory access vulnerability in V8 can be exploited to cause denial of service.
  17. Type confusion vulnerability in V8 can be exploited to cause denial of service.
  18. Use after free vulnerability in Windows Dialog can be exploited to cause denial of service or execute arbitrary code.
Affected products

Microsoft Edge (Chromium based)

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2022-0456
CVE-2022-0465
CVE-2022-0466
CVE-2022-0461
CVE-2022-0453
CVE-2022-0469
CVE-2022-0458
CVE-2022-0463
CVE-2022-0455
CVE-2022-0459
CVE-2022-0464
CVE-2022-0462
CVE-2022-0454
CVE-2022-0468
CVE-2022-0467
CVE-2022-0452
CVE-2022-0470
CVE-2022-0457
CVE-2022-0460

Impacts
?
ACE 
[?]

DoS 
[?]

SB 
[?]
Related products
Microsoft Edge
Find out the statistics of the vulnerabilities spreading in your region