Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA70177
HistoryJun 27, 2024 - 12:00 a.m.

KLA70177 Multiple vulnerabilities in Microsoft Browser

2024-06-2700:00:00
Kaspersky Lab
threats.kaspersky.com
microsoft browser
malicious users
arbitrary code execution
denial of service
dawn
swiftshader
microsoft edge
remote code execution
cve-2024-6293
cve-2024-6290
cve-2024-34122
cve-2024-6292
advisory
update
settings
ace
dos
affected products

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

21.8%

JSON

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service.

Below is a complete list of vulnerabilities:

  1. Use after free vulnerability in Dawn can be exploited to cause denial of service or execute arbitrary code.
  2. A remote code execution vulnerability in Microsoft Edge (Chromium-based) can be exploited remotely to execute arbitrary code.
  3. Use after free vulnerability in Swiftshader can be exploited to cause denial of service or execute arbitrary code.

Original advisories

CVE-2024-6293

CVE-2024-6290

CVE-2024-34122

CVE-2024-6292

CVE-2024-6291

Related products

Microsoft-Edge

CVE list

CVE-2024-6293 warning

CVE-2024-6291 warning

CVE-2024-6292 warning

CVE-2024-6290 warning

CVE-2024-34122 unknown

Solution

Install necessary updates from the Settings and more menu, that are listed in your About Microsoft Edge page (Microsoft Edge About page usually can be accessed from the Help and feedback option)

Microsoft Edge update settings

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

Affected Products

  • Microsoft Edge (Chromium-based)

Related

nessus 7
openvas 5
osv 5
fedora 2
chrome 1
freebsd 1
mageia 1
cvelist 5
mscve 5
nvd 5
cve 5
alpinelinux 4
vulnrichment 4
debiancve 4
wolfi 4
ubuntucve 4
nessus
nessus
Microsoft Edge (Chromium) < 126.0.2592.81 Multiple Vulnerabilities
2024-06-27 00:00:00
FreeBSD : chromium -- multiple security fixes (2b68c86a-32d5-11ef-8a0f-a8a1599412c6)
2024-06-25 00:00:00
Fedora 39 : chromium (2024-508d03d0c7)
2024-06-27 00:00:00
openvas
openvas
Microsoft Edge (Chromium-Based) Multiple Vulnerabilities (Jun-1 24)
2024-07-03 00:00:00
Fedora: Security Advisory for chromium (FEDORA-2024-0c02698648)
2024-06-27 00:00:00
Mageia: Security Advisory (MGASA-2024-0254)
2024-07-05 00:00:00
osv
osv
chromium - security update
2024-06-25 00:00:00
CVE-2024-6292
2024-06-24 22:15:10
CVE-2024-6291
2024-06-24 22:15:10
fedora
fedora
[SECURITY] Fedora 39 Update: chromium-126.0.6478.126-1.fc39
2024-06-27 01:43:47
[SECURITY] Fedora 40 Update: chromium-126.0.6478.126-1.fc40
2024-06-27 02:04:15
chrome
chrome
Stable Channel Update for Desktop
2024-06-24 00:00:00
freebsd
freebsd
chromium -- multiple security fixes
2024-06-24 00:00:00
mageia
mageia
Updated chromium-browser-stable packages fix security vulnerabilities
2024-07-04 19:48:09
cvelist
cvelist
CVE-2024-34122 T5 Acrobat Vulnerability - Exploitable crash in DecodeTile
2024-07-02 13:44:42
CVE-2024-6292
2024-06-24 21:46:54
CVE-2024-6291
2024-06-24 21:46:54
mscve
mscve
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
2024-06-27 07:00:00
Chromium: CVE-2024-6293 Use after free in Dawn
2024-06-27 15:35:59
Chromium: CVE-2024-6290 Use after free in Dawn
2024-06-27 15:35:51
nvd
nvd
CVE-2024-34122
2024-07-02 14:15:13
CVE-2024-6293
2024-06-24 22:15:10
CVE-2024-6292
2024-06-24 22:15:10
cve
cve
CVE-2024-34122
2024-07-02 14:15:13
CVE-2024-6293
2024-06-24 22:15:10
CVE-2024-6292
2024-06-24 22:15:10
alpinelinux
alpinelinux
CVE-2024-6293
2024-06-24 22:15:10
CVE-2024-6291
2024-06-24 22:15:10
CVE-2024-6290
2024-06-24 22:15:10
vulnrichment
vulnrichment
CVE-2024-6292
2024-06-24 21:46:54
CVE-2024-6290
2024-06-24 21:46:54
CVE-2024-6293
2024-06-24 21:46:55
debiancve
debiancve
CVE-2024-6292
2024-06-24 22:15:10
CVE-2024-6293
2024-06-24 22:15:10
CVE-2024-6290
2024-06-24 22:15:10
wolfi
wolfi
CVE-2024-6293 vulnerabilities
2024-07-06 03:08:40
CVE-2024-6290 vulnerabilities
2024-07-06 03:08:40
CVE-2024-6292 vulnerabilities
2024-07-06 03:08:40
ubuntucve
ubuntucve
CVE-2024-6293
2024-07-01 00:00:00
CVE-2024-6291
2024-07-01 00:00:00
CVE-2024-6290
2024-07-01 00:00:00

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

21.8%

JSON
Related for KLA70177
nessus7openvas5osv5fedora2chrome1freebsd1mageia1cvelist5mscve5nvd5cve5alpinelinux4vulnrichment4debiancve4wolfi4ubuntucve4