Remote attacker can access sensitive information of these Microsoft users.
Microsoft Edge is one of the most used web browsers across the globe and its market share has increased in the last couple of years. Microsoft has been pushing Windows users to stay on the pre-installed browser with creative pop-ups, new design and features. As our dependency on the internet is increasing each day, we are forced to share more and more of our personal information including banking details, date of birth, location and others. To keep the users safe, Microsoft rolls out security updates for the edge browser from time to time. Although tech companies recommend users to run the latest version of their browser, a few users opt to run the older for ease of use but it's worth noting that older versions of browsers are easier to exploit. A few such vulnerabilities have been spotted in the Microsoft Edge browsers and the Indian government has issued a warning for users Edge browser version prior to 124.0.2478.51.
The Indian Computer Emergency Response Team (CERT-In) under the Ministry of Electronics and Information Technology has revealed that multiple vulnerabilities have been reported in Microsoft edge (chromium based) which could allow the remote attacker to cause denial of service condition, remote code execution, sensitive information disclosure and security restriction bypass on the targeted system.
According to CERT-In, the vulnerabilities exist in Microsoft Edge (chromium based) due to Object corruption in V8 and WebAssembly; Use after free in V8, Downloads and QUIC; Inappropriate implementation in Autofill; Inappropriate implementation in Extension; Network and Prompts; Out of bounds read in Fonts; Insufficient policy enforcement in Site isolation and WebUI; Insufficient data validation in Browser Switcher and Downloads. A remote attacker could exploit these vulnerabilities by sending a specially crafted request on the targeted system.
Successful exploitation of these vulnerabilities could allow the remote attacker to cause denial of service condition, remote code execution, sensitive information disclosure and security restriction bypass on the targeted system. To stay safe, it is advised to apply appropriate updates as mentioned by the vendor.
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
 "Microsoft Edge")
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
)
){kind=small}
){kind=small}
)
)
)
)
)
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}