- 32/2024
- Critical
Microsoft has released an updated Microsoft Edge Stable Channel (121.0.2277.83) and Microsoft Edge Extended Stable Channel (120.0.2210.160) to fix multiple vulnerabilities.
The addressed vulnerabilities could allow the attacker to gain elevated privilege, bypass security restrictions, execute arbitrary code, and gain access to the affected system by persuading the victim to open a malicious file.
Sample of the addressed vulnerabilities:
Microsoft Edge (Chromium-based) Elevation of Privilege (CVE-2024-21326):
- CVSS: 9.6
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Privileges
Vulnerabilities
- CVE-2024-21336
- CVE-2024-21385
- CVE-2024-21383
- CVE-2024-21387
- CVE-2024-21387
- CVE-2024-21382
- CVE-2024-0814
- CVE-2024-0813
- CVE-2024-0812
- CVE-2024-0811
- CVE-2024-0810
- CVE-2024-0809
- CVE-2024-0808
- CVE-2024-0807
- CVE-2024-0806
- CVE-2024-0805
- CVE-2024-0804
- CVE-2024-21326
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.