- 310/2022
- High
Microsoft has released an updated Microsoft Edge version (108.0.1462.54) to fix multiple vulnerabilities in Microsoft Edge (Chromium-based).
The addressed vulnerabilities could allow the remote attacker to execute arbitrary code or cause a denial of service by persuading the victim to visit a specially crafted webpage on the affected system.
Sample of the addressed vulnerabilities:
1. Chromium code execution (CVE-2022-4436):
• CVSS: 8.8
• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: None
• User Interaction: Required
• Consequences: Gain Access
2. Chromium code execution (CVE-2022-4437):
• CVSS: 8.8
• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: None
• User Interaction: Required
• Consequences: Gain Access
Vulnerabilities
- CVE-2022-4436
- CVE-2022-4437
- CVE-2022-4438
- CVE-2022-4439
- CVE-2022-4440
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.