Msrc Microsoft Edge vulnerabilities

CVE-2024-3834 [HIGH] Chromium: CVE-2024-3834 Use after free in Downloads Chromium: CVE-2024-3834 Use after free in Downloads Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (

CVE-2024-3158 [HIGH] Chromium: CVE-2024-3158 Use after free in Bookmarks Chromium: CVE-2024-3158 Use after free in Bookmarks Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (

CVE-2024-3837 [HIGH] Chromium: CVE-2024-3837 Use after free in QUIC Chromium: CVE-2024-3837 Use after free in QUIC Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-b

CVE-2024-3159 [HIGH] Chromium: CVE-2024-3159 Out of bounds memory access in V8 Chromium: CVE-2024-3159 Out of bounds memory access in V8 Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Micr

CVE-2024-4058 [HIGH] Chromium: CVE-2024-4058 Type Confusion in ANGLE Chromium: CVE-2024-4058 Type Confusion in ANGLE Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium

CVE-2024-29049 [MEDIUM] CWE-79 Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability FAQ: Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version Stable 123.0.2420.81 4/4/2024 123.0.6312.105/.106/.107 Extended Stable 122.0.2365.120 4/4/2024 122.0.6261.156 FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exp

CVE-2024-3839 [MEDIUM] Chromium: CVE-2024-3839 Out of bounds read in Fonts Chromium: CVE-2024-3839 Out of bounds read in Fonts Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge

CVE-2024-3515 [MEDIUM] Chromium: CVE-2024-3515 Use after free in Dawn Chromium: CVE-2024-3515 Use after free in Dawn Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version Stable 123.0.2420.97 4/12/2024 123.0.6312.122/.123 FAQ: Why is this Chrome CVE included in the S

CVE-2024-3845 [MEDIUM] Chromium: CVE-2024-3845 Inappropriate implementation in Network Chromium: CVE-2024-3845 Inappropriate implementation in Network Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is co

CVE-2024-3844 [MEDIUM] Chromium: CVE-2024-3844 Inappropriate implementation in Extensions Chromium: CVE-2024-3844 Inappropriate implementation in Extensions Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which

CVE-2024-3516 [MEDIUM] Chromium: CVE-2024-3516 Heap buffer overflow in ANGLE Chromium: CVE-2024-3516 Heap buffer overflow in ANGLE Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version Stable 123.0.2420.97 4/12/2024 123.0.6312.122/.123 FAQ: Why is this Chrome CVE inc

CVE-2024-4060 [MEDIUM] Chromium: CVE-2024-4060 Use after free in Dawn Chromium: CVE-2024-4060 Use after free in Dawn Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium

CVE-2024-29981 [MEDIUM] CWE-1021 Microsoft Edge (Chromium-based) Spoofing Vulnerability Microsoft Edge (Chromium-based) Spoofing Vulnerability FAQ: According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability? An attacker who successfully exploited this vulnerability could cover and spoof elements of the UI. The modified information is only visual. FAQ: Microsoft Edge Channel Microsoft Edge

CVE-2024-3841 [MEDIUM] Chromium: CVE-2024-3841 Insufficient data validation in Browser Switcher Chromium: CVE-2024-3841 Insufficient data validation in Browser Switcher Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software

CVE-2024-29987 [MEDIUM] CWE-359 Microsoft Edge (Chromium-based) Information Disclosure Vulnerability Microsoft Edge (Chromium-based) Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is sensitive information. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user

CVE-2024-3914 [MEDIUM] Chromium: CVE-2024-3914 Use after free in V8 Chromium: CVE-2024-3914 Use after free in V8 Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-bas

CVE-2024-4059 [MEDIUM] Chromium: CVE-2024-4059 Out of bounds read in V8 API Chromium: CVE-2024-4059 Out of bounds read in V8 API Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Ed

CVE-2024-3838 [MEDIUM] Chromium: CVE-2024-3838 Inappropriate implementation in Autofill Chromium: CVE-2024-3838 Inappropriate implementation in Autofill Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is

CVE-2024-3843 [MEDIUM] Chromium: CVE-2024-3843 Insufficient data validation in Downloads Chromium: CVE-2024-3843 Insufficient data validation in Downloads Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which i

CVE-2024-29991 [MEDIUM] CWE-94 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker must send the user a malicious file and convince them to open it. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful explo