KLA68934 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, spoof user interface, bypass security restrictions.

Below is a complete list of vulnerabilities:

1. Heap buffer overflow vulnerability in Tab Strip can be exploited to cause denial of service.
2. Use after free vulnerability in PDFium can be exploited to cause denial of service or execute arbitrary code.
3. A spoofing vulnerability in Microsoft Edge (Chromium-based) can be exploited remotely to spoof user interface.
4. Use after free vulnerability in Dawn can be exploited to cause denial of service or execute arbitrary code.
5. Inappropriate implementation vulnerability in Dawn can be exploited to cause denial of service.
6. Use after free vulnerability in V8 can be exploited to cause denial of service or execute arbitrary code.
7. A spoofing vulnerability in Microsoft Edge for iOS can be exploited remotely to spoof user interface.
8. Security vulnerability in CORS can be exploited to bypass security restrictions.
9. Type confusion vulnerability in V8 can be exploited to cause denial of service.
10. Inappropriate implementation vulnerability in Downloads can be exploited to cause denial of service.
11. Inappropriate implementation vulnerability in DevTools can be exploited to cause denial of service.
12. Inappropriate implementation vulnerability in Memory Allocator can be exploited to cause denial of service.
13. Heap buffer overflow vulnerability in Tab Groups can be exploited to cause denial of service.
14. Use after free vulnerability in Audio can be exploited to cause denial of service or execute arbitrary code.
15. Use after free vulnerability in Browser UI can be exploited to cause denial of service or execute arbitrary code.

Original advisories

CVE-2024-5844

CVE-2024-5847

CVE-2024-38083

CVE-2024-5831

CVE-2024-5834

CVE-2024-5846

CVE-2024-5841

CVE-2024-30057

CVE-2024-5840

CVE-2024-5838

CVE-2024-5843

CVE-2024-5836

CVE-2024-5839

CVE-2024-5833

CVE-2024-5837

CVE-2024-5832

CVE-2024-5835

CVE-2024-5830

CVE-2024-30058

CVE-2024-5845

CVE-2024-5842

Related products

Microsoft-Edge

CVE list

CVE-2024-5847 warning

CVE-2024-5846 warning

CVE-2024-5842 warning

CVE-2024-5838 warning

CVE-2024-5839 warning

CVE-2024-5841 warning

CVE-2024-5833 warning

CVE-2024-5840 warning

CVE-2024-5837 warning

CVE-2024-5834 warning

CVE-2024-5831 warning

CVE-2024-5836 warning

CVE-2024-5844 warning

CVE-2024-5835 warning

CVE-2024-5830 warning

CVE-2024-5832 warning

CVE-2024-5843 warning

CVE-2024-5845 warning

CVE-2024-38083 warning

CVE-2024-30057 high

CVE-2024-30058 high

Solution

Install necessary updates from the Settings and more menu, that are listed in your About Microsoft Edge page (Microsoft Edge About page usually can be accessed from the Help and feedback option)

Microsoft Edge update settings

Impacts

• ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

• DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

• SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

• SUI

Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.

Affected Products

• Microsoft Edge (Chromium-based)Microsoft Edge for AndroidMicrosoft Edge for iOS