Microsoft Edge browser security update advisory

Sep 13 2024

Overview

Microsoft (https://www.microsoft.com) has released a security update that fixes vulnerabilities in products it has supplied. Users of affected products are advised to update to the latest version.

Affected Products

CVE-2024-38222, CVE-2024-38207, CVE-2024-41879

Microsoft Edge 128.0.6613.84/.85 (Chromium-based) previous versions

CVE-2024-38208

Microsoft Edge for Android 128.0.6613.84/.85 (Chromium-based) previous versions

CVE-2024-43472

Microsoft Edge 127.0.6533.120 (Chromium-based) previous versions

CVE-2024-8194, CVE-2024-8198

Microsoft Edge 128.0.6613.113/.114 (Chromium-based) previous versions

CVE-2024-7970, CVE-2024-8362

Microsoft Edge 128.0.6613.119/.120 (Chromium-based) previous versions

Resolved Vulnerabilities

Information Disclosure Vulnerability in Microsoft Edge (Chromium-based) (CVE-2024-38222)

Heap buffer overflow vulnerability in the Skia feature in Microsoft Edge (Chromium-based) (CVE-2024-8198)

Out-of-bounds write vulnerability in the V8 feature in Microsoft Edge (Chromium-based) (CVE-2024-7970)

Type Confusion Vulnerability in V8 Functionality in Microsoft Edge (Chromium-based) (CVE-2024-8194)

Memory Free and Reuse Vulnerability in the WebAudio feature in Microsoft Edge (Chromium-based) (CVE-2024-8362)

Memory corruption vulnerability in Microsoft Edge (HTML-based) (CVE-2024-38207)

Spoofing vulnerability in Microsoft Edge for Android (CVE-2024-38208)

Privilege escalation vulnerability in Microsoft Edge (Chromium-based) (CVE-2024-43472)

Remote code execution vulnerability in Adobe PDF Viewer (CVE-2024-41879)

Vulnerability Patches

Product-specific vulnerability patches have been made available in the latest updates as follows. Download and install them using the Windows Update feature or by referring to the URLs in the product information below.

CVE-2024-38222, CVE-2024-38207, CVE-2024-41879

Microsoft Edge 128.0.6613.84/.85 (Chromium-based) version

CVE-2024-38208

Microsoft Edge for Android 128.0.6613.84/.85 (Chromium-based) version

CVE-2024-43472

Microsoft Edge 127.0.6533.120 (Chromium-based) version

CVE-2024-8194, CVE-2024-8198

Microsoft Edge 128.0.6613.113/.114 (Chromium-based) version

CVE-2024-7970, CVE-2024-8362

Microsoft Edge 128.0.6613.119/.120 (Chromium-based) version

Referenced Sites

[1] https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38222

[2] https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38207

[3] https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38208

[4] https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43472

[5] https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-41879

Microsoft Edge browser security update advisory

Cisco Family September 2024 First Security Update Advisory

Palo Alto Networks (PAN-OS,Cloud NGFW,Prisma Access,Prisma Access Browser,PAN-OS,GlobalProtect App,Cloud NGFW,Prisma Access,ActiveMQ Content Pack,Cortex XDR Agent) Family September 2024 Security Update Advisory

Tags:

Cisco Family September 2024 First Security Update Advisory

Palo Alto Networks (PAN-OS,Cloud NGFW,Prisma Access,Prisma Access Browser,PAN-OS,GlobalProtect App,Cloud NGFW,Prisma Access,ActiveMQ Content Pack,Cortex XDR Agent) Family September 2024 Security Update Advisory