SB2024040504 - Multiple vulnerabilities in Microsoft Edge

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2024040504

SB2024040504 - Multiple vulnerabilities in Microsoft Edge

Published: April 5, 2024

Security Bulletin ID SB2024040504
Severity
High
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 40% Medium 40% Low 20%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) Spoofing attack (CVE-ID: CVE-2024-29981)

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to incorrect processing of user-supplied data. A remote attacker can trick the victim to click on a specially crafted link and spoof elements of the UI.


2) Buffer overflow (CVE-ID: CVE-2024-3159)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to a boundary error in V8 in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage, trigger a stack-based buffer overflow and execute arbitrary code on the system.


3) Use-after-free (CVE-ID: CVE-2024-3158)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Bookmarks component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.


4) Improperly implemented security check for standard (CVE-ID: CVE-2024-3156)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to incorrect implementation in V8 in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.


5) Spoofing attack (CVE-ID: CVE-2024-29049)

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to incorrect processing of user-supplied data in Webview2 implementation. A remote attacker can trick the victim to open a specially crafted file and perform spoofing attack.


Remediation

Install update from vendor's website.

References