Jump to content
  • Microsoft updates Edge to fix security vulnerabilities exploited in the wild


    Karlston

    • 700 views
    • 2 minutes
     Share


    • 700 views
    • 2 minutes

    Microsoft has issued a second security update for its browser in the Stable Channel. Following the update from May 2, Microsoft pushed version 124.0.2478.97 to all users to resolve two security vulnerabilities exploited in the wild.

     

    Microsoft has a fix for CVE-2024-4671 to Microsoft Edge Stable Channel (Version 124.0.2478.97) and Extended Stable channel (Version 124.0.2478.97), which has been reported by the Chromium team as having an exploit in the wild. For more information, see the Security Update Guide.

     

    This update also contains the following Microsoft Edge-specific update:

     

    • CVE-2024-30055

    According to the description on the CVE website, CVE-2024-4671, the vulnerability allows remote attackers to exploit heap corruption with a specially crafted HTML page. Google has reported that the exploit "exists in the wild" (in other words, it is already used for malicious intents), so be sure to install the latest security updates as soon as possible.

     

    As for the second one, CVE-2024-30055 is a low-severity spoofing vulnerability that is exclusive to Microsoft Edge. Exploiting it requires the user to click a special link, after which the attacker could get "limited information" from the victim's browser.

     

    The user would have to click on a specially crafted URL to be compromised by the attacker. Limited information from the victim's browser associated with the vulnerable URL can be sent to the attacker by the malicious code. The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site.

    Patches for CVE-2024-4671 and 2024-30055 are now available in the Stable Channel and Extended Stable Channel. It is a special release option made for enterprise customers who want to get fewer Microsoft Edge updates. The company ships new Edge versions in the Extended Stable Channel every 8 weeks unlike the "regular" Stable Channel with its 4-week release cycle. The idea behind Microsoft Edge Extended Stable Channel is to give enterprise customers more time to adopt the latest changes and features in the browser.

     

    Source


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...