Advisory ID: NCC-CSIRT-040624-004
Summary:
Multiple vulnerabilities have been identified in Microsoft Edge, the popular web browser, which could potentially allow remote attackers to execute arbitrary code, bypass security restrictions, or obtain sensitive information.Users are advised to upgrade their products to the latest versions as recommended.
Threat Type(s): Denial of Service. Remote Code Execution, Information Disclosure
Impact/Vulnerability: CRITICAL/MEDIUM
Product(s): Microsoft Edge (Stable) prior to 125.0.2535.85
Platform(s): Microsoft Edge Browsers
CVE(s): CVE-2024-5493, CVE-2024-5494, CVE-2024-5495, CVE-2024-5496, CVE-2024-5497, CVE-2024-5498, CVE-2024-5499
Version(s): All Versions
Description:
Multiple vulnerabilities were identified in Microsoft Edge and Microsoft has rolled out a new update for the Edge browser in the Stable Channel. Version 125.0.2535.85 is now available with fixes for seven Chromium vulnerabilities of high severity. This is a security-only update, and it does not contain any new features or notable changes.
Consequences:
A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, remote code execution and sensitive information disclosure on the targeted system.
Solution:
To mitigate the risks associated with these vulnerabilities, it is highly recommended that users take the following step.
- Update to Microsoft Edge (Stable) version 125.0.2535.85 or later, or visit the software vendor's website for more information.
- Avoid clicking on suspicious links or downloading files from untrusted sources while browsing the web. Be cautious when connecting with content or websites you are not familiar with.
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-5495
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-5496
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-5497
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-5498
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-5499