Searching
..

Click anywhere to stop

KLA63367
Multiple vulnerabilities in Microsoft Browser

Обновлено: 29/01/2024
Дата обнаружения
25/01/2024
Уровень угрозы
High
Описание

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, cause denial of service, spoof user interface, gain privileges, bypass security restrictions.

Below is a complete list of vulnerabilities:

  1. An information disclosure vulnerability in Microsoft Edge for Android can be exploited remotely to obtain sensitive information.
  2. Use after free vulnerability in Reading Mode can be exploited to cause denial of service or execute arbitrary code.
  3. Integer underflow vulnerability in WebUI can be exploited to cause execute arbitrary code and denial of service.
  4. A spoofing vulnerability in Microsoft Edge (Chromium-based) can be exploited remotely to spoof user interface.
  5. An elevation of privilege vulnerability in Microsoft Edge (Chromium-based) can be exploited remotely to gain privileges.
  6. Implementation vulnerability in Downloads can be exploited to cause denial of service.
  7. Policy enforcement vulnerability in iOS Security UI can be exploited to cause denial of service.
  8. Implementation vulnerability in Extensions API can be exploited to cause denial of service.
  9. Use after free vulnerability in WebAudio can be exploited to cause denial of service or execute arbitrary code.
  10. Implementation vulnerability in Accessibility can be exploited to cause denial of service.
  11. A spoofing vulnerability in Microsoft Edge for Android can be exploited remotely to spoof user interface.
  12. Implementation vulnerability in Autofill can be exploited to cause denial of service.
  13. Security UI vulnerability in Payments can be exploited to spoof user interface.
  14. Policy enforcement vulnerability in DevTools can be exploited to cause denial of service.
  15. Use after free vulnerability in Passwords can be exploited to cause denial of service or execute arbitrary code.
Пораженные продукты

Microsoft Edge (Chromium-based) Extended Stable
Microsoft Edge (Chromium-based)

Решение

Install necessary updates from the Settings and more menu, that are listed in your About Microsoft Edge page (Microsoft Edge About page usually can be accessed from the Help and feedback option)
Microsoft Edge update settings

Первичный источник обнаружения
CVE-2024-21382
CVE-2024-0813
CVE-2024-0808
CVE-2024-21383
CVE-2024-21385
CVE-2024-0805
CVE-2024-21326
CVE-2024-0804
CVE-2024-0811
CVE-2024-0807
CVE-2024-0812
CVE-2024-21387
CVE-2024-0809
CVE-2024-0814
CVE-2024-0810
CVE-2024-0806
Оказываемое влияние
?
ACE 
[?]

OSI 
[?]

DoS 
[?]

SB 
[?]

PE 
[?]

SUI 
[?]
Связанные продукты
Microsoft Edge
CVE-IDS
CVE-2024-08085.0Warning
CVE-2024-08055.0Warning
CVE-2024-08075.0Warning
CVE-2024-08105.0Warning
CVE-2024-08045.0Warning
CVE-2024-08065.0Warning
CVE-2024-08115.0Warning
CVE-2024-08135.0Warning
CVE-2024-08125.0Warning
CVE-2024-08145.0Warning
CVE-2024-08095.0Warning
CVE-2024-213824.3Warning
CVE-2024-213833.3Warning
CVE-2024-213858.3Critical
CVE-2024-213269.6Critical
CVE-2024-213875.3High
Узнай статистику распространения уязвимостей в твоем регионе