Searching
..

Click anywhere to stop

KLA12513
Multiple vulnerabilities in Microsoft Browser

Updated: 01/25/2024
Detect date
?
04/15/2022
Severity
?
High
Description

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, gain privileges, bypass security restrictions.

Below is a complete list of vulnerabilities:

  1. Use after free vulnerability in BFCache can be exploited to cause denial of service or execute arbitrary code.
  2. Implementation vulnerability in full screen can be exploited to cause denial of service.
  3. Type confusion vulnerability in V8 can be exploited to cause denial of service.
  4. Use after free vulnerability in storage can be exploited to cause denial of service or execute arbitrary code.
  5. An elevation of privilege vulnerability in Microsoft Edge (Chromium-based) can be exploited remotely to gain privileges.
  6. Use after free vulnerability in tab groups can be exploited to cause denial of service or execute arbitrary code.
  7. Implementation vulnerability in compositing can be exploited to cause denial of service.
  8. Use after free vulnerability in regular expressions can be exploited to cause denial of service or execute arbitrary code.
  9. Security vulnerability in developer tools area can be exploited to bypass security restrictions.
Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Affected products

Microsoft Edge (Chromium-based)

Solution

Install necessary updates from the Settings and more menu, that are listed in your About Microsoft Edge page (Microsoft Edge About page usually can be accessed from the Help and feedback option)
Microsoft Edge update settings

Original advisories

CVE-2022-1308
CVE-2022-1307
CVE-2022-1364
CVE-2022-1305
CVE-2022-29144
CVE-2022-1313
CVE-2022-1306
CVE-2022-1310
CVE-2022-1309
CVE-2022-1312
CVE-2022-1314

Impacts
?
ACE 
[?]

DoS 
[?]

SB 
[?]

PE 
[?]
Related products
Microsoft Edge
CVE-IDS
?
CVE-2022-13058.8Critical
CVE-2022-13138.8Critical
CVE-2022-13099.6Critical
CVE-2022-13129.6Critical
CVE-2022-13148.8Critical
CVE-2022-13088.8Critical
CVE-2022-13108.8Critical
CVE-2022-13074.3Warning
CVE-2022-13064.3Warning
CVE-2022-13648.8Critical
CVE-2022-291447.5Critical
Microsoft official advisories
Microsoft Security Update Guide
Find out the statistics of the vulnerabilities spreading in your region