Microsoft Edge browser security update advisory
Overview
Microsoft(https://www.microsoft.com) has released a security update that fixes vulnerabilities in products it has supplied. Users of affected products are advised to update to the latest version.
Affected Products
Microsoft Edge (Chromium-based)
Resolved Vulnerabilities
Memory Reuse After Freeing Vulnerability in the Autofill Function in Microsoft Edge 128.0.6613.137/.138 (Chromium-based) (CVE-2024-8639)
Reuse after freeing memory vulnerability in the Media Router function in Microsoft Edge 128.0.6613.137/.138 (Chromium-based) (CVE-2024-8637)
Heap Buffer Overflow Vulnerability in the Skia function in Microsoft Edge 128.0.6613.137/.138 (Chromium-based) (CVE-2024-8636)
Type Confusion Vulnerability in V8 Functionality in Microsoft Edge 128.0.6613.137/.138 (Chromium-based) (CVE-2024-8638)
Heap buffer overflow vulnerability in the Skia function in Microsoft Edge 128.0.6613.113/.114 (Chromium-based) (CVE-2024-8198)
Type Confusion Vulnerability in V8 Functionality in Microsoft Edge 128.0.6613.113/.114 (Chromium-based) (CVE-2024-8194)
Out-of-bounds write vulnerability in V8 functionality in Microsoft Edge 128.0.6613.119/.120 (Chromium-based) (CVE-2024-7970)
Memory free and reuse vulnerability in the WebAudio feature in Microsoft Edge 128.0.6613.119/.120 (Chromium-based) (CVE-2024-8362)
Vulnerability Patches
The following product-specific vulnerability patches were made available in the September 13, 2024 update. Please use the Windows Update feature for automatic installation or refer to the URLs in the product information below to download and install.
Microsoft Edge 128.0.6613.137/.138 (Chromium-based) versions: CVE-2024-8639, CVE-2024-8637, CVE-2024-8636, CVE-2024-8638
Microsoft Edge 128.0.6613.113/.114 (Chromium-based) versions: CVE-2024-8198, CVE-2024-8194
Microsoft Edge 128.0.6613.119/.120 (Chromium-based) versions: CVE-2024-7970, CVE-2024-8362