Msrc Microsoft Edge vulnerabilities

CVE-2024-9602 [HIGH] Chromium: CVE-2024-9602 Type Confusion in V8 Chromium: CVE-2024-9602 Type Confusion in V8 Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: What is the version information for this release? Microsoft Edge Version Date Released Based on Chromium Version 129.0.2792.89 10/10/2024 129.0.6668.100/.101 FAQ: Why is this Chrome CVE in

CVE-2024-9965 [HIGH] Chromium: CVE-2024-9965 Insufficient data validation in DevTools Chromium: CVE-2024-9965 Insufficient data validation in DevTools Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: What is the version information for this release? Microsoft Edge Version Date Released Based on Chromium Version 130.0.2849.46 10/17/2024 130.0.6723.5

CVE-2024-10231 [HIGH] Chromium: CVE -2024-10231 Type Confusion in V8 Chromium: CVE -2024-10231 Type Confusion in V8 Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-

CVE-2024-43579 [HIGH] CWE-122 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability FAQ: What is the version information for this release? Microsoft Edge Version Date Released Based on Chromium Version 130.0.2849.46 10/17/2024 130.0.6723.59 FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to a high loss of confidentiality (C:H), and integrity (I:H) and some loss of

CVE-2024-10229 [HIGH] Chromium: CVE -2024-10229 Inappropriate implementation in Extensions Chromium: CVE -2024-10229 Inappropriate implementation in Extensions Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) wh

CVE-2024-10230 [HIGH] Chromium: CVE -2024-10230 Type Confusion in V8 Chromium: CVE -2024-10230 Type Confusion in V8 Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-

CVE-2024-43566 [HIGH] CWE-190 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability FAQ: What is the version information for this release? Microsoft Edge Version Date Released Based on Chromium Version 130.0.2849.46 10/17/2024 130.0.6723.59 FAQ: According to the CVSS metric, the attack vector is network (AV:N) and user interaction is required (UI:R). What is the target context of the remote code execution? S

CVE-2024-43580 [MEDIUM] CWE-357 Microsoft Edge (Chromium-based) Spoofing Vulnerability Microsoft Edge (Chromium-based) Spoofing Vulnerability FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to minor loss of confidentiality (C:L), integrity (I:L), and availability (A:N). What does that mean for this vulnerability? Successful exploitation of this vulnerability has limited impacts to Confidentiality and Integrity and no impact on Availability. An attack

CVE-2024-43577 [MEDIUM] CWE-449 Microsoft Edge (Chromium-based) Spoofing Vulnerability Microsoft Edge (Chromium-based) Spoofing Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker would have to send the victim a malicious file that the victim would have to execute. FAQ: What is the version information for this release? Microsoft Edge Version Date Released Based on Chromium Version 130.0.2849.46 10/17/

CVE-2024-9963 [MEDIUM] Chromium: CVE-2024-9963 Insufficient data validation in Downloads Chromium: CVE-2024-9963 Insufficient data validation in Downloads Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: What is the version information for this release? Microsoft Edge Version Date Released Based on Chromium Version 130.0.2849.46 10/17/2024 130.0.67

CVE-2024-9964 [MEDIUM] Chromium: CVE-2024-9964 Inappropriate implementation in Payments Chromium: CVE-2024-9964 Inappropriate implementation in Payments Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: What is the version information for this release? Microsoft Edge Version Date Released Based on Chromium Version 130.0.2849.46 10/17/2024 130.0.6723

CVE-2024-9958 [MEDIUM] Chromium: CVE-2024-9958 Inappropriate implementation in PictureInPicture Chromium: CVE-2024-9958 Inappropriate implementation in PictureInPicture Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: What is the version information for this release? Microsoft Edge Version Date Released Based on Chromium Version 130.0.2849.46 10/17

CVE-2024-43595 [MEDIUM] CWE-126 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to click on a specially crafted URL to be compromised by the attacker. FAQ: According to the CVSS metric, the attack vector is network (AV:N) and user interaction is required (UI:R). What is the

CVE-2024-43587 [MEDIUM] CWE-122 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability FAQ: What is the version information for this release? Microsoft Edge Version Date Released Based on Chromium Version 130.0.2849.46 10/17/2024 130.0.6723.59 FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requi

CVE-2024-49023 [MEDIUM] CWE-416 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability FAQ: What is the version information for this release? Microsoft Edge Version Date Released Based on Chromium Version 130.0.2849.46 10/17/2024 130.0.6723.59 FAQ: How could an attacker exploit this vulnerability via the Network? An attacker could host a specially crafted website designed to exploit the vulnerability through

CVE-2024-9966 [MEDIUM] Chromium: CVE-2024-9966 Inappropriate implementation in Navigations Chromium: CVE-2024-9966 Inappropriate implementation in Navigations Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: What is the version information for this release? Microsoft Edge Version Date Released Based on Chromium Version 130.0.2849.46 10/17/2024 130.

CVE-2024-43596 [MEDIUM] CWE-843 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability FAQ: What is the version information for this release? Microsoft Edge Version Date Released Based on Chromium Version 130.0.2849.46 10/17/2024 130.0.6723.59 FAQ: According to the CVSS metric, the attack vector is network (AV:N) and user interaction is required (UI:R). What is the target context of the remote code execution?

CVE-2024-9962 [MEDIUM] Chromium: CVE-2024-9962 Inappropriate implementation in Permissions Chromium: CVE-2024-9962 Inappropriate implementation in Permissions Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: What is the version information for this release? Microsoft Edge Version Date Released Based on Chromium Version 130.0.2849.46 10/17/2024 130.

CVE-2024-9370 Chromium: CVE-2024-9370 Inappropriate implementation in V8 Chromium: CVE-2024-9370 Inappropriate implementation in V8 Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft

CVE-2024-7970 [HIGH] Chromium: CVE-2024-7970 Out of bounds write in V8 Chromium: CVE-2024-7970 Out of bounds write in V8 Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chro