Multiple vulnerabilities in Microsoft Browser

Description

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, gain privileges, obtain sensitive information, bypass security restrictions.

Below is a complete list of vulnerabilities:

1. Implementation vulnerability in Extensions API can be exploited to cause denial of service.
2. Policy enforcement vulnerability in Cookies can be exploited to cause denial of service.
3. Use after free vulnerability in Extensions can be exploited to cause denial of service or execute arbitrary code.
4. Use after free vulnerability in Managed devices API can be exploited to cause denial of service or execute arbitrary code.
5. Use after free vulnerability in Sign-In Flow can be exploited to cause denial of service or execute arbitrary code.
6. An elevation of privilege vulnerability in Microsoft Edge (Chromium-based) can be exploited remotely to gain privileges.
7. Heap buffer overflow vulnerability in PDF can be exploited to cause denial of service.
8. Validation of untrusted input vulnerability in Safe Browsing can be exploited to cause denial of service.
9. Use after free vulnerability in Omnibox can be exploited to cause denial of service or execute arbitrary code.
10. Implementation vulnerability in Fullscreen API can be exploited to cause denial of service.
11. Out of bounds read vulnerability in Dawn can be exploited to cause denial of service.
12. Policy enforcement vulnerability in Background Fetch can be exploited to cause denial of service.
13. Use after free vulnerability in Safe Browsing can be exploited to cause denial of service or execute arbitrary code.
14. Side-channel information leakage vulnerability in Keyboard input can be exploited to obtain sensitive information.
15. Use after free vulnerability in Offline can be exploited to cause denial of service or execute arbitrary code.
16. Use after free vulnerability in Extensions API can be exploited to cause denial of service or execute arbitrary code.
17. A security feature bypass vulnerability in Microsoft Edge (Chromium-based) can be exploited remotely to bypass security restrictions.
18. A remote code execution vulnerability in Microsoft Edge (Chromium-based) can be exploited remotely to execute arbitrary code.
19. Validation of untrusted input vulnerability in Settings can be exploited to cause denial of service.
20. Validation of untrusted input vulnerability in Internals can be exploited to cause denial of service.

Fiches de renseignement originales

• CVE-2022-2616

• CVE-2022-2615
• CVE-2022-2621
• CVE-2022-2614
• CVE-2022-35796
• CVE-2022-2624
• CVE-2022-2622
• CVE-2022-2611
• CVE-2022-2610
• CVE-2022-2612
• CVE-2022-2623
• CVE-2022-2617
• CVE-2022-33649
• CVE-2022-33636
• CVE-2022-2619
• CVE-2022-2618
• CVE-2022-2606
• CVE-2022-2603
• CVE-2022-2605
• CVE-2022-2604

Exploitation

Public exploits exist for this vulnerability.

Produits associés

• Microsoft-Edge

Liste CVE

• CVE-2022-2605
  high
• CVE-2022-2610
  high
• CVE-2022-2606
  critical
• CVE-2022-2614
  critical
• CVE-2022-2623
  critical
• CVE-2022-2619
  warning
• CVE-2022-2617
  critical
• CVE-2022-2612
  high
• CVE-2022-2616
  high
• CVE-2022-2603
  critical
• CVE-2022-2611
  warning
• CVE-2022-2604
  critical
• CVE-2022-2621
  critical
• CVE-2022-2615
  high
• CVE-2022-2622
  high
• CVE-2022-2624
  critical
• CVE-2022-2618
  high
• CVE-2022-35796
  critical
• CVE-2022-33649
  critical
• CVE-2022-33636
  critical

Liste KB

En savoir plus

Découvrez les statistiques de la propagation des vulnérabilités dans votre région statistics.securelist.com