KLA12513
Multiple vulnerabilities in Microsoft Browser

Обновлено: 18/04/2022
Дата обнаружения
15/04/2022
Уровень угрозы
High
Описание

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, gain privileges, bypass security restrictions.

Below is a complete list of vulnerabilities:

  1. Use after free vulnerability in BFCache can be exploited to cause denial of service or execute arbitrary code.
  2. Implementation vulnerability in full screen can be exploited to cause denial of service.
  3. Type confusion vulnerability in V8 can be exploited to cause denial of service.
  4. Use after free vulnerability in storage can be exploited to cause denial of service or execute arbitrary code.
  5. An elevation of privilege vulnerability in Microsoft Edge (Chromium-based) can be exploited remotely to gain privileges.
  6. Use after free vulnerability in tab groups can be exploited to cause denial of service or execute arbitrary code.
  7. Implementation vulnerability in compositing can be exploited to cause denial of service.
  8. Use after free vulnerability in regular expressions can be exploited to cause denial of service or execute arbitrary code.
  9. Security vulnerability in developer tools area can be exploited to bypass security restrictions.
Пораженные продукты

Microsoft Edge (Chromium-based)

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2022-1308
CVE-2022-1307
CVE-2022-1364
CVE-2022-1305
CVE-2022-29144
CVE-2022-1313
CVE-2022-1306
CVE-2022-1310
CVE-2022-1309
CVE-2022-1312
CVE-2022-1314
Оказываемое влияние
?
ACE 
[?]

DoS 
[?]

SB 
[?]

PE 
[?]
Связанные продукты
Microsoft Edge
Узнай статистику распространения уязвимостей в твоем регионе