Jump to content
  • Microsoft Edge gets fixes for five more security vulnerabilities


    Karlston

    • 607 views
    • 2 minutes
     Share


    • 607 views
    • 2 minutes

    This month is full of Microsoft Edge security updates. Version 124 is now receiving its fourth patch aimed at resolving security vulnerabilities. You can now download version 124.0.2478.109, which contains fixes for five different vulnerabilities, some of which are exploited in the wild. Besides Chromium security patches, the update fixes one Microsoft Edge-specific vulnerability.

     

    Here are the patched vulnerabilities in Microsoft Edge 124.0.2478.109:

     

    • CVE-2024-30056: Microsoft Edge (Chromium-based) Information Disclosure Vulnerability. Exposure of Private Personal Information to an Unauthorized Actor
    • CVE-2024-4947: Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

    • CVE-2024-4948: Use after free in Dawn in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

    • CVE-2024-4949: Use after free in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

    • CVE-2024-4950: Inappropriate implementation in Downloads in Google Chrome prior to 125.0.6422.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

       

    Microsoft Edge 124.0.2478.109 is now available in the regular Stable Channel (four-week update schedule) and the Extended Stable Channel (eight-week update schedule). You can get to the latest version by heading to Menu > Help & Feedback > About Microsoft Edge or directly to the edge://settings/help page.

     

    As a reminder, Microsoft will soon end Edge support on systems with processors that do not support the SSE3 instruction set. Edge 126 will be the last release that does not require SSE3. However, you should not fret if your PC is not a 20-year-old museum exhibit since PC processors have supported SSE3 since 2004.

     

    Source


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...