KLA12450
Multiple vulnerabilities in Microsoft Browser

Обновлено: 28/03/2023
Дата обнаружения
02/02/2022
Уровень угрозы
Warning
Описание

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, bypass security restrictions.

Below is a complete list of vulnerabilities:

  1. Use after free vulnerability in Web Search can be exploited to cause denial of service or execute arbitrary code.
  2. Use after free vulnerability in Extensions can be exploited to cause denial of service or execute arbitrary code.
  3. Implementation vulnerability in Extensions Platform can be exploited to cause denial of service.
  4. Policy bypass vulnerability in COOP can be exploited to bypass security restrictions.
  5. Use after free vulnerability in Reader Mode can be exploited to cause denial of service or execute arbitrary code.
  6. Use after free vulnerability in Cast can be exploited to cause denial of service or execute arbitrary code.
  7. Use after free vulnerability in Thumbnail Tab Strip can be exploited to cause denial of service or execute arbitrary code.
  8. Use after free vulnerability in Accessibility can be exploited to cause denial of service or execute arbitrary code.
  9. Implementation vulnerability in Full Screen Mode can be exploited to cause denial of service.
  10. Use after free vulnerability in Screen Capture can be exploited to cause denial of service or execute arbitrary code.
  11. Implementation vulnerability in Scroll can be exploited to cause denial of service.
  12. Heap buffer overflow vulnerability in ANGLE can be exploited to cause denial of service.
  13. Use after free vulnerability in Payments can be exploited to cause denial of service or execute arbitrary code.
  14. Implementation vulnerability in Pointer Lock can be exploited to cause denial of service.
  15. Use after free vulnerability in Safe Browsing can be exploited to cause denial of service or execute arbitrary code.
  16. Out of bounds memory access vulnerability in V8 can be exploited to cause denial of service.
  17. Type confusion vulnerability in V8 can be exploited to cause denial of service.
  18. Use after free vulnerability in Windows Dialog can be exploited to cause denial of service or execute arbitrary code.
Пораженные продукты

Microsoft Edge (Chromium based)

Решение

Install necessary updates from the Settings and more menu, that are listed in your About Microsoft Edge page (Microsoft Edge About page usually can be accessed from the Help and feedback option)
Microsoft Edge update settings

Первичный источник обнаружения
CVE-2022-0456
CVE-2022-0465
CVE-2022-0466
CVE-2022-0461
CVE-2022-0453
CVE-2022-0469
CVE-2022-0458
CVE-2022-0463
CVE-2022-0455
CVE-2022-0459
CVE-2022-0464
CVE-2022-0462
CVE-2022-0454
CVE-2022-0468
CVE-2022-0467
CVE-2022-0452
CVE-2022-0470
CVE-2022-0457
CVE-2022-0460
Оказываемое влияние
?
ACE 
[?]

DoS 
[?]

SB 
[?]
Связанные продукты
Microsoft Edge
CVE-IDS