Msrc Microsoft Edge vulnerabilities

CVE-2024-21387 [MEDIUM] CWE-357 Microsoft Edge for Android Spoofing Vulnerability Microsoft Edge for Android Spoofing Vulnerability FAQ: What is the version information for this release? Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version Stable 121.0.2277.83 1/25/2024 121.0.6167.85/.86 Extended Stable 120.0.2210.160 1/25/2024 120.0.6099.268 FAQ: According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integ

CVE-2024-0805 [MEDIUM] Chromium: CVE-2024-0805 Inappropriate implementation in Downloads Chromium: CVE-2024-0805 Inappropriate implementation in Downloads Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which i

CVE-2024-20675 [MEDIUM] CWE-284 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? The attacker would be able to bypass the protection in Edge that prevents a potentially dangerous extension from being downloaded or updated. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interac

CVE-2024-21388 [MEDIUM] CWE-20 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. FAQ: According to the CVSS metrics, successful exploitation o

CVE-2024-0809 [MEDIUM] Chromium: CVE-2024-0809 Inappropriate implementation in Autofill Chromium: CVE-2024-0809 Inappropriate implementation in Autofill Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is

CVE-2024-21382 [MEDIUM] CWE-942 Microsoft Edge for Android Information Disclosure Vulnerability Microsoft Edge for Android Information Disclosure Vulnerability FAQ: According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this vulnerability? Exploitation of this vulnerability only discloses limited information, no sensitive information can be obtained. FAQ: What is the version information for this rele

CVE-2024-0811 [MEDIUM] Chromium: CVE-2024-0811 Inappropriate implementation in Extensions API Chromium: CVE-2024-0811 Inappropriate implementation in Extensions API Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OS

CVE-2024-21383 [LOW] CWE-347 Microsoft Edge (Chromium-based) Spoofing Vulnerability Microsoft Edge (Chromium-based) Spoofing Vulnerability FAQ: What is the version information for this release? Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version Stable 121.0.2277.83 1/25/2024 121.0.6167.85/.86 Extended Stable 120.0.2210.160 1/25/2024 120.0.6099.268 FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user ha

CVE-2024-21336 [LOW] CWE-357 Microsoft Edge (Chromium-based) Spoofing Vulnerability Microsoft Edge (Chromium-based) Spoofing Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of the vulnerability requires the victim to open the vulnerable app. FAQ: According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnera

CVE-2023-35618 [CRITICAL] CWE-416 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit

CVE-2023-6702 [HIGH] Chromium: CVE-2023-6702 Type Confusion in V8 Chromium: CVE-2023-6702 Type Confusion in V8 Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based

CVE-2023-6706 [HIGH] Chromium: CVE-2023-6706 Use after free in FedCM Chromium: CVE-2023-6706 Use after free in FedCM Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium

CVE-2023-6704 [HIGH] Chromium: CVE-2023-6704 Use after free in libavif Chromium: CVE-2023-6704 Use after free in libavif Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chro

CVE-2023-6509 [HIGH] Chromium: CVE-2023-6509 Use after free in Side Panel Search Chromium: CVE-2023-6509 Use after free in Side Panel Search Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by

CVE-2023-6508 [HIGH] Chromium: CVE-2023-6508 Use after free in Media Stream Chromium: CVE-2023-6508 Use after free in Media Stream Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft

CVE-2023-6707 [HIGH] Chromium: CVE-2023-6707 Use after free in CSS Chromium: CVE-2023-6707 Use after free in CSS Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-bas

CVE-2023-6705 [HIGH] Chromium: CVE-2023-6705 Use after free in WebRTC Chromium: CVE-2023-6705 Use after free in WebRTC Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromi

CVE-2023-6703 [HIGH] Chromium: CVE-2023-6703 Use after free in Blink Chromium: CVE-2023-6703 Use after free in Blink Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium

CVE-2023-7024 [HIGH] Chromium: CVE-2023-7024 Heap buffer overflow in WebRTC Chromium: CVE-2023-7024 Heap buffer overflow in WebRTC Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. Google is aware that an exploit for CVE-2023-7024 exists in the wild. FAQ: What is the version information for this release? Microsoft Edge Version Date Released Based on Chromi

CVE-2023-6510 [HIGH] Chromium: CVE-2023-6510 Use after free in Media Capture Chromium: CVE-2023-6510 Use after free in Media Capture Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsof