Msrc Microsoft Edge vulnerabilities

CVE-2024-21326 [CRITICAL] CWE-416 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit

CVE-2024-0225 [HIGH] Chromium: CVE-2024-0225 Use after free in WebGPU Chromium: CVE-2024-0225 Use after free in WebGPU Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromi

CVE-2024-0224 [HIGH] Chromium: CVE-2024-0224 Use after free in WebAudio Chromium: CVE-2024-0224 Use after free in WebAudio Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Ch

CVE-2024-0812 [HIGH] Chromium: CVE-2024-0812 Inappropriate implementation in Accessibility Chromium: CVE-2024-0812 Inappropriate implementation in Accessibility Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) w

CVE-2024-0518 [HIGH] Chromium: CVE-2024-0518 Type Confusion in V8 Chromium: CVE-2024-0518 Type Confusion in V8 Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based

CVE-2024-0807 [HIGH] Chromium: CVE-2024-0807 Use after free in WebAudio Chromium: CVE-2024-0807 Use after free in WebAudio Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Ch

CVE-2024-21385 [HIGH] CWE-416 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability FAQ: What is the version information for this release? Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version Stable 121.0.2277.83 1/25/2024 121.0.6167.85/.86 Extended Stable 120.0.2210.160 1/25/2024 120.0.6099.268 FAQ: Why is the severity for this CVE rated as Moderate, but the CVSS score i

CVE-2024-0517 [HIGH] Chromium: CVE-2024-0517 Out of bounds write in V8 Chromium: CVE-2024-0517 Out of bounds write in V8 Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chro

CVE-2024-0806 [HIGH] Chromium: CVE-2024-0806 Use after free in Passwords Chromium: CVE-2024-0806 Use after free in Passwords Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (

CVE-2024-0813 [HIGH] Chromium: CVE-2024-0813 Use after free in Reading Mode Chromium: CVE-2024-0813 Use after free in Reading Mode Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft

CVE-2024-0222 [HIGH] Chromium: CVE-2024-0222 Use after free in ANGLE Chromium: CVE-2024-0222 Use after free in ANGLE Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium

CVE-2024-0223 [HIGH] Chromium: CVE-2024-0223 Heap buffer overflow in ANGLE Chromium: CVE-2024-0223 Heap buffer overflow in ANGLE Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Ed

CVE-2024-0519 [HIGH] Chromium: CVE-2024-0519 Out of bounds memory access in V8 Chromium: CVE-2024-0519 Out of bounds memory access in V8 Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. Google is aware of reports that an exploit for CVE-2024-0519 exists in the wild. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigne

CVE-2024-0804 [HIGH] Chromium: CVE-2024-0804 Insufficient policy enforcement in iOS Security UI Chromium: CVE-2024-0804 Insufficient policy enforcement in iOS Security UI Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Softwa

CVE-2024-0814 [MEDIUM] Chromium: CVE-2024-0814 Incorrect security UI in Payments Chromium: CVE-2024-0814 Incorrect security UI in Payments Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Mi

CVE-2024-21337 [MEDIUM] CWE-122 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack vector is local (AV:L) and user interaction is required (UI:R), what does that mean for this vulnerability? The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploi

CVE-2024-0333 [MEDIUM] Chromium: CVE-2024-0333 Insufficient data validation in Extensions Chromium: CVE-2024-0333 Insufficient data validation in Extensions Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which

CVE-2024-20721 [MEDIUM] Adobe Systems Incorporated: CVE-2024-20721 Improper Input Validation Denial of Service Vulnerability Adobe Systems Incorporated: CVE-2024-20721 Improper Input Validation Denial of Service Vulnerability FAQ: What is the version information for this release? Microsoft Edge Channel Microsoft Edge Version Based on Chromium Version Date Released Stable 120.0.2210.133 120.0.6099.216/217 1/11/2024 FAQ: Why is this Adobe CVE included in the Security Update Guide? The vulne

CVE-2024-20709 [MEDIUM] Adobe Systems Incorporated: CVE-2024-20709 Javascript Implementation PDF Vulnerability Adobe Systems Incorporated: CVE-2024-20709 Javascript Implementation PDF Vulnerability Description: This CVE was assigned by Adobe Systems Incorporated. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: What is the version information for this release? Microsoft Edge Channel Microsoft Ed

CVE-2024-0810 [MEDIUM] Chromium: CVE-2024-0810 Insufficient policy enforcement in DevTools Chromium: CVE-2024-0810 Insufficient policy enforcement in DevTools Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) whi