Microsoft Edge gets fixes for zero-day vulnerabilities exploited in the wild

Donations campaign phase one 2024

Software News

Microsoft Edge gets fixes for zero-day vulnerabilities exploited in the wild
By Karlston,
Published Date: March 29
1 comment

219 views

March 29

2 minutes
Share

Followers 1
1 comment

219 views

March 29

2 minutes
Microsoft recently re-released Edge 123 in the Stable Channel. The company pulled the update earlier to resolve compatibility issues with certain enterprise configurations. Now, the update is back with the necessary fix and four zero-day vulnerability fixes that, according to Microsoft, are exploited in the wild.

Here is the official changelog:
Version 123.0.2420.65

Fixed various bugs and performance issues, includes security fixes, and improves reliability:

Fixed a browser crash that occurred when the UserDataDir policy is used to specify a path on a network share. Note that using a network share location for the user data directory is generally unsupported.

Microsoft has a fix for CVE-2024-2883 to Microsoft Edge Stable Channel (Version 123.0.2420.65) and Extended Stable Channel (Version 122.0.2365.113), which has been reported by the Chromium team as having an exploit in the wild.
Security patches are available in version 123 in the Stable Channel and version 122 in the Extended Stable Channel. Patched vulnerabilities include CVE-2024-2887 "Type Confusion in WebAssembly," CVE-2024-2886 "Use after free in WebCodecs," CVE-2024-2885 "Use after free in Dawn," and CVE-2024-2883 "Use after free in ANGLE."

You can update Microsoft Edge by heading to edge://settings/help. Since the patched vulnerabilities are actively exploited, everyone better hurry up and get to version 123.0.2420.65. An offline installer can be found on the official website.

The update will also install an 8KB "Microsoft Copilot" app, which, according to Microsoft, is related to the upcoming Copilot features. They will let you ask Copilot to tweak settings, get device info, launch accessibility features, and more. Those features are currently available only to Windows Insiders with preview builds, and why Microsoft released that small app to users in the Stable Channel remains unknown.

More information about the latest Microsoft Edge update is available here. Security notes have a separate page in the official documentation.

Source
Matt and Radpop

2
Share
Followers 1
Go to news

User Feedback
- 1 Comment
Recommended Comments

Radpop 2,084

Posted March 30

Share this comment

My Edge 122 period ended spectacularly in corruption. Edge and Edge Webview2 collapsed first, then went down two portable Firefox forks, Opera and Sticky Password. At that time, Edge's vulnerability was already attacked, but was it the actions of a bad party in my case? I'm not convinced, but who knows? On the day of the destruction, a lot of things were done. I upgraded Windows, Bitdefender's trial license expired, and I started Avira Prime trial. After Edge broke up, I removed Avira and used Defender for a while, but corruption escalated. I switched to Kaspersky in a hurry and reinstalled the broken apps. Then I drove three different full pc malware scans, and pc is still clean.

I also took the opportunity to be more happy person, and removed Edge. Then I ticked in W10Privacy 'Block automatic Edge installation'. Two days later, Edge returned on its own - and without entry on 'Add and remove programs' or in 3rd party uninstallers. What a nuisance? 🤢

Karlston

1

Quote

Link to comment

Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Add a comment...

× Pasted as rich text.   Paste as plain text instead

Only 75 emoji are allowed.

× Your link has been automatically embedded.   Display as a link instead

× Your previous content has been restored.   Clear editor

× You cannot paste images directly. Upload or insert images from URL.

Insert image from URL

×

Desktop

Tablet

Phone