Microsoft Edge Multiple Vulnerabilities
Release Date: 19 Apr 2022
RISK: Extremely High Risk
TYPE: Clients - Browsers
Multiple vulnerabilities were identified in Microsoft Edge. A remote user can exploit these vulnerabilities to trigger elevation of privilege, remote code execution, security restriction bypass and sensitive information disclosure on the targeted system.
Note:
CVE-2022-1364 is being exploited in the wild.
The vulnerability is related to the V8 JavaScript engine to process JavaScript code. The vulnerability can exploit the V8 engine to treat a JS object as an JS array and run arbitrary code on the targeted system.
Impact
- Elevation of Privilege
- Remote Code Execution
- Security Restriction Bypass
- Information Disclosure
System / Technologies affected
- Microsoft Edge prior to 100.0.1185.44
Solutions
Before installation of the software, please visit the software vendor web-site for more details.
Apply fixes issued by the vendor:
- Update to version 100.0.1185.44
Vulnerability Identifier
- CVE-2022-1305
- CVE-2022-1306
- CVE-2022-1307
- CVE-2022-1308
- CVE-2022-1309
- CVE-2022-1310
- CVE-2022-1312
- CVE-2022-1313
- CVE-2022-1314
- CVE-2022-1364
- CVE-2022-29144
Source
Related Link
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1305
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1306
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1307
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1308
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1309
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1310
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1312
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1313
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1314
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1364
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29144
沒有留言:
發佈留言