Multiple vulnerabilities in Microsoft Edge
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 8 |
| CVE-ID | CVE-2024-6773 CVE-2024-6775 CVE-2024-6772 CVE-2024-6779 CVE-2024-6774 CVE-2024-6778 CVE-2024-6777 CVE-2024-6776 |
| CWE-ID | CWE-843 CWE-416 CWE-358 CWE-119 CWE-362 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #6 is available. |
| Vulnerable software |
Microsoft Edge Client/Desktop applications / Web browsers |
| Vendor | Microsoft |
Security Bulletin
This security bulletin contains information about 8 vulnerabilities.
1) Type Confusion
EUVDB-ID: #VU94384
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-6773
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from Microsoft website.
Vulnerable software versionsMicrosoft Edge: 79.0.309.71 - 126.0.2592.102
CPE2.3- cpe:2.3:a:microsoft:edge:79.0.309.71:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:edge:79.0.3945.130:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:edge:83.0.478.37:*:*:*:*:*:*:*
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-6773
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use-after-free
EUVDB-ID: #VU94386
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-6775
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Media Stream component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from Microsoft website.
Vulnerable software versionsMicrosoft Edge: 79.0.309.71 - 126.0.2592.102
CPE2.3- cpe:2.3:a:microsoft:edge:79.0.309.71:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:edge:79.0.3945.130:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:edge:83.0.478.37:*:*:*:*:*:*:*
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-6775
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improperly implemented security check for standard
EUVDB-ID: #VU94383
Risk: Low
CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-6772
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to incorrect implementation in V8 in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.
MitigationInstall updates from Microsoft website.
Vulnerable software versionsMicrosoft Edge: 79.0.309.71 - 126.0.2592.102
CPE2.3- cpe:2.3:a:microsoft:edge:79.0.309.71:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:edge:79.0.3945.130:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:edge:83.0.478.37:*:*:*:*:*:*:*
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-6772
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Buffer overflow
EUVDB-ID: #VU94390
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-6779
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a boundary error in V8 in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage, trigger a stack-based buffer overflow and execute arbitrary code on the system.
MitigationInstall updates from Microsoft website.
Vulnerable software versionsMicrosoft Edge: 79.0.309.71 - 126.0.2592.102
CPE2.3- cpe:2.3:a:microsoft:edge:79.0.309.71:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:edge:79.0.3945.130:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:edge:83.0.478.37:*:*:*:*:*:*:*
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-6779
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Use-after-free
EUVDB-ID: #VU94385
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-6774
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Screen Capture component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from Microsoft website.
Vulnerable software versionsMicrosoft Edge: 79.0.309.71 - 126.0.2592.102
CPE2.3- cpe:2.3:a:microsoft:edge:79.0.309.71:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:edge:79.0.3945.130:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:edge:83.0.478.37:*:*:*:*:*:*:*
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-6774
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Race condition
EUVDB-ID: #VU94389
Risk: High
CVSSv4.0: 7.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2024-6778
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a race condition in DevTools in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage and execute arbitrary code on the target system.
MitigationInstall updates from Microsoft website.
Vulnerable software versionsMicrosoft Edge: 79.0.309.71 - 126.0.2592.102
CPE2.3- cpe:2.3:a:microsoft:edge:79.0.309.71:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:edge:79.0.3945.130:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:edge:83.0.478.37:*:*:*:*:*:*:*
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-6778
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
7) Use-after-free
EUVDB-ID: #VU94388
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-6777
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Navigation component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from Microsoft website.
Vulnerable software versionsMicrosoft Edge: 79.0.309.71 - 126.0.2592.102
CPE2.3- cpe:2.3:a:microsoft:edge:79.0.309.71:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:edge:79.0.3945.130:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:edge:83.0.478.37:*:*:*:*:*:*:*
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-6777
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Use-after-free
EUVDB-ID: #VU94387
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-6776
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Audio component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from Microsoft website.
Vulnerable software versionsMicrosoft Edge: 79.0.309.71 - 126.0.2592.102
CPE2.3- cpe:2.3:a:microsoft:edge:79.0.309.71:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:edge:79.0.3945.130:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:edge:83.0.478.37:*:*:*:*:*:*:*
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-6776
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
