Msrc Microsoft Edge Extended Stable vulnerabilities

CVE-2024-9122 [HIGH] Chromium: CVE-2024-9122 Type Confusion in V8 Chromium: CVE-2024-9122 Type Confusion in V8 Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: What is the version information for this release? Microsoft Edge Channel Microsoft Edge Version Based on Chromium Version Date Released Stable 129.0.2792.65 129.0.6668.70/.71 9/26/2024 Ext

CVE-2024-9123 [HIGH] Chromium: CVE-2024-9123 Integer overflow in Skia Chromium: CVE-2024-9123 Integer overflow in Skia Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: What is the version information for this release? Microsoft Edge Channel Microsoft Edge Version Based on Chromium Version Date Released Stable 129.0.2792.65 129.0.6668.70/.71 9/26/20

CVE-2024-9121 [HIGH] Chromium: CVE-2024-9121 Inappropriate implementation in V8 Chromium: CVE-2024-9121 Inappropriate implementation in V8 Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: What is the version information for this release? Microsoft Edge Channel Microsoft Edge Version Based on Chromium Version Date Released Stable 129.0.2792.65 129.0

CVE-2024-3156 [HIGH] Chromium: CVE-2024-3156 Inappropriate implementation in V8 Chromium: CVE-2024-3156 Inappropriate implementation in V8 Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Mi

CVE-2024-3158 [HIGH] Chromium: CVE-2024-3158 Use after free in Bookmarks Chromium: CVE-2024-3158 Use after free in Bookmarks Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (

CVE-2024-3159 [HIGH] Chromium: CVE-2024-3159 Out of bounds memory access in V8 Chromium: CVE-2024-3159 Out of bounds memory access in V8 Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Micr

CVE-2024-29049 [MEDIUM] CWE-79 Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability FAQ: Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version Stable 123.0.2420.81 4/4/2024 123.0.6312.105/.106/.107 Extended Stable 122.0.2365.120 4/4/2024 122.0.6261.156 FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exp

CVE-2024-29981 [MEDIUM] CWE-1021 Microsoft Edge (Chromium-based) Spoofing Vulnerability Microsoft Edge (Chromium-based) Spoofing Vulnerability FAQ: According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability? An attacker who successfully exploited this vulnerability could cover and spoof elements of the UI. The modified information is only visual. FAQ: Microsoft Edge Channel Microsoft Edge

CVE-2024-2883 [HIGH] Chromium: CVE-2024-2883 Use after free in ANGLE Chromium: CVE-2024-2883 Use after free in ANGLE Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version Stable 123.0.2420.65 3/26/2024 123.0.6312.86/.87 Extended Stable 122.0.2365.113 3/26/2024 122.0.

CVE-2024-2885 [HIGH] Chromium: CVE-2024-2885 Use after free in Dawn Chromium: CVE-2024-2885 Use after free in Dawn Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version Stable 123.0.2420.65 3/26/2024 123.0.6312.86/.87 Extended Stable 122.0.2365.113 3/26/2024 122.0.62

CVE-2024-2886 [HIGH] Chromium: CVE-2024-2886 Use after free in WebCodecs Chromium: CVE-2024-2886 Use after free in WebCodecs Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version Stable 123.0.2420.65 3/26/2024 123.0.6312.86/.87 Extended Stable 122.0.2365.113 3/26/202

CVE-2024-2887 [HIGH] Chromium: CVE-2024-2887 Type Confusion in WebAssembly Chromium: CVE-2024-2887 Type Confusion in WebAssembly Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version Stable 123.0.2420.65 3/26/2024 123.0.6312.86/.87 Extended Stable 122.0.2365.113 3/26

CVE-2024-26163 [MEDIUM] CWE-693 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability FAQ: How could an attacker exploit this vulnerability via the Network? An attacker could host a specially crafted website designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. However, in all cases an attacker would have no way to force a user to view the attacker-controlle

CVE-2024-1283 [CRITICAL] Chromium: CVE-2024-1283 Heap buffer overflow in Skia Chromium: CVE-2024-1283 Heap buffer overflow in Skia Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft

CVE-2024-1284 [CRITICAL] Chromium: CVE-2024-1284 Use after free in Mojo Chromium: CVE-2024-1284 Use after free in Mojo Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromi

CVE-2024-21337 [MEDIUM] CWE-122 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack vector is local (AV:L) and user interaction is required (UI:R), what does that mean for this vulnerability? The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploi

CVE-2024-21387 [MEDIUM] CWE-357 Microsoft Edge for Android Spoofing Vulnerability Microsoft Edge for Android Spoofing Vulnerability FAQ: What is the version information for this release? Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version Stable 121.0.2277.83 1/25/2024 121.0.6167.85/.86 Extended Stable 120.0.2210.160 1/25/2024 120.0.6099.268 FAQ: According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integ

CVE-2023-36034 [HIGH] CWE-416 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability FAQ: According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L). What does that mean for this vulnerability? The attacker who successfully exploited the vulnerability could have limited ability to perform code execution. FAQ: According to the CVSS metric, successful explo

CVE-2023-5997 [HIGH] Chromium: CVE-2023-5997 Use after free in Garbage Collection Chromium: CVE-2023-5997 Use after free in Garbage Collection Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed b

CVE-2023-36024 [HIGH] Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? This vulnerability could lead to a browser sandbox escape. FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to minor loss of confidentiality (C:L), integ