MS Family March 2024 Routine Security Update Advisory

Overview

 

Microsoft (https://www.microsoft.com) has released a security update that fixes vulnerabilities in products it has been made. users of affected products are advised to update to the latest version.

 

Affected Products

 

Microsoft Edge for Android prior to 122.0.2365.92 

Microsoft Edge prior to 122.0.2365.52, 122.0.2365.63 (Chromium-based)

 

Resolved Vulnerabilities

 

Out-of-bounds memory access in Blink in Google Chrome allows remote attackers to perform out-of-bounds memory access via a crafted HTML page (CVE-2024-1669)

Microsoft Edge (based on Chromium) Spoofing Vulnerability (CVE-2024-26188)

Microsoft Edge (based on Chromium) Information Disclosure Vulnerability (CVE-2024-21423)

V8 type confusion in Google Chrome that could allow remote attackers to corrupt the heap via a crafted HTML page (CVE-2024-1939)

Improper implementation of site isolation in Google Chrome could allow remote attackers to bypass content security policies via crafted HTML pages (CVE-2024-1671)

Microsoft Edge (based on Chromium) information disclosure vulnerability (CVE-2024-26192)

Spoofing vulnerability in Microsoft Edge for Android (CVE-2024-26167)

Improper implementation of content security policies in Google Chrome allows remote attackers to bypass content security policies via a crafted HTML page (CVE-2024-1672)

Improper implementation of Google Chrome navigation could allow remote attackers to spoof secure UI via crafted HTML pages (CVE-2024-1676)

Insufficient policy enforcement in Google Chrome Downloads, which could allow remote attackers to bypass file system restrictions via a crafted HTML page (CVE-2024-1675)

Use after free in Mojo in Google Chrome allowed remote attackers to corrupt the heap via a crafted HTML page (CVE-2024-1670)

Improper implementation in Google Chrome Navigation allowed remote attackers to bypass navigation restrictions via a crafted HTML page (CVE-2024-1674)

Use after free in accessibility in Google Chrome allowed remote attackers who compromised the renderer process to potentially exploit heap corruption via certain UI gestures (CVE-2024-1673)

 

Vulnerability Patches

 

CVE-2024-26167

Microsoft Edge for Android version 122.0.2365.92

 

Cve-2024-1669, cve-2024-26192, cve-2024-26188, cve-2024-21423, cve-2024-1676, cve-2024-1675, cve-2024-1674, cve-2024-1673, cve-2024-1672, cve-2024-1671, cve-2024-1670, cve-2024-1669

Microsoft Edge (Chromium-based) 122.0.2365.52 version

 

CVE-2024-1939

Microsoft Edge (Chromium-based) version 122.0.2365.63 (CVE-2024-1939)

 

Referenced Sites

 

[1] Security Update Guide

https://msrc.microsoft.com/update-guide/ko-kr/

[2] March 2024 Security Update

https://msrc.microsoft.com/update-guide/ko-kr/releaseNote/2024-Mar

[3] Microsoft Edge Spoofing Vulnerability for Android

https://msrc.microsoft.com/update-guide/ko-kr/vulnerability/CVE-2024-26167

[4] Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26192

[5] Microsoft Edge (Chromium-based) Spoofing Vulnerability

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26188

[6] Microsoft Edge for Android spoofing vulnerability

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26167?ref=securitricks.com

[7] Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21423

[8] Chromium: CVE-2024-1676 Inappropriate implementation in Navigation

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-1676

[9] Chromium: CVE-2024-1675 Insufficient policy enforcement in Download

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-1675

[10] Chromium: CVE-2024-1674 Inappropriate implementation in Navigation

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-1674

[11] Chromium: CVE-2024-1673 Use after free in Accessibility

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-1673

[12] Chromium: CVE-2024-1672 Inappropriate implementation in Content Security Policy

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-1672

[13] Chromium: CVE-2024-1671 Inappropriate implementation in Site Isolation

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-1671

[14] Chromium: CVE-2024-1670 Use after free in Mojo

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-1670

[15] Chromium: CVE-2024-1669 Out of bounds memory access in Blink

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-1669

[16] Chromium: CVE-2024-1939 Type Confusion in V8

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-1939