- 265/2022
- High
Microsoft has released an updated Microsoft Edge (Version 107.0.1418.42) to fix several vulnerabilities.
The severity of the addressed vulnerabilities could allow the remote attacker to execute arbitrary code on the affected system by persuading the victim to visit a specially crafted webpage.
Samples of the addressed vulnerabilities:
1. Chromium V8 Code Execution (CVE-2022-3889):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Access
2. Chromium Speech Recognition code execution (CVE-2022-3886):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Access
Vulnerabilities
- CVE-2022-3885
- CVE-2022-3886
- CVE-2022-3887
- CVE-2022-3888
- CVE-2022-3889
- CVE-2022-3890
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.