- 51/2024
- High
Microsoft has released an updated Microsoft Edge Stable Channel (121.0.2277.112) and Microsoft Edge Extended Stable Channel (120.0.2210.175) to fix multiple vulnerabilities.
The addressed vulnerabilities could allow the remote attacker to execute arbitrary code to gain access or cause a buffer overflow into the affected system by persuading the victim to visit a specially crafted website.
The addressed vulnerabilities:
1. Microsoft Edge (Chromium-based) Buffer Overflow Vulnerability (CVE-2024- 1283):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Access
2. Microsoft Edge (Chromium-based) Code Execution Vulnerability (CVE-2024- 1284):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Access
Vulnerabilities
- CVE-2024-1283
- CVE-2024-1284
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.