Security
Headlines
HeadlinesLatestCVEs

Tag

#Security Vulnerability

CVE-2024-7536: Chromium: CVE-2024-7550 Type Confusion in V8

**What is the version information for this release?** Microsoft Edge Channel Microsoft Edge Version Based on Chromium Version Date Released Stable 127.0.2651.98 127.0.6533.99/.100 8/8/2024

Microsoft Security Response Center
Open in Source
#microsoft#chrome#Microsoft Edge (Chromium-based)#Security Vulnerability
CVE-2024-7535: Chromium: CVE-2024-7536 Use after free in WebAudio

**What is the version information for this release?** Microsoft Edge Channel Microsoft Edge Version Based on Chromium Version Date Released Stable 127.0.2651.98 127.0.6533.99/.100 8/8/2024

CVE-2024-7534: Chromium: CVE-2024-7535 Inappropriate implementation in V8

**What is the version information for this release?** Microsoft Edge Channel Microsoft Edge Version Based on Chromium Version Date Released Stable 127.0.2651.98 127.0.6533.99/.100 8/8/2024

CVE-2024-7533: Chromium: CVE-2024-7534 Heap buffer overflow in Layout

**What is the version information for this release?** Microsoft Edge Channel Microsoft Edge Version Based on Chromium Version Date Released Stable 127.0.2651.98 127.0.6533.99/.100 8/8/2024

CVE-2024-7532: Chromium: CVE-2024-7533 Use after free in Sharing

**What is the version information for this release?** Microsoft Edge Channel Microsoft Edge Version Based on Chromium Version Date Released Stable 127.0.2651.98 127.0.6533.99/.100 8/8/2024

CVE-2024-7550: Chromium: CVE-2024-7532 Out of bounds memory access in ANGLE

**What is the version information for this release?** Microsoft Edge Channel Microsoft Edge Version Based on Chromium Version Date Released Stable 127.0.2651.98 127.0.6533.99/.100 8/8/2024

CVE-2024-38200: Microsoft Office Spoofing Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.

CVE-2024-38219: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

**According to the CVSS metrics, successful exploitation of this vulnerability could lead to minor loss of confidentiality (C:L), integrity (I:L) and availability (A:L). What does that mean for this vulnerability?** While we cannot rule out the impact to Confidentiality, Integrity, and Availability, the ability to exploit this vulnerability by itself is limited. An attacker would need to combine this with other vulnerabilities to perform an attack.

CVE-2024-38218: Microsoft Edge (HTML-based) Memory Corruption Vulnerability

**What is the version information for this release?** Microsoft Edge Channel Microsoft Edge Version Based on Chromium Version Date Released Stable 127.0.2651.98 127.0.6533.99/.100 8/8/2024

CVE-2024-21302: Windows Secure Kernel Mode Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.