Microsoft Edge Vulnerability

Microsoft Edge Vulnerability

A significant vulnerability in Microsoft Edge (Chromium-based) has been identified, designated as CVE-2024-21326. This vulnerability poses a substantial risk to users across the Internet due to its 'remotely exploitable' nature. It affects the network stack, making it exploitable from remote locations, potentially across various network layers.

The complexity of exploiting this vulnerability is low, indicating that attackers can expect consistent success without needing specialized access conditions. The vulnerability can be exploited without prior authorization, access to settings, or files. However, user interaction is required, meaning the vulnerability can only be exploited if the user performs specific actions.

The impact of this vulnerability is extensive, leading to loss of confidentiality, integrity, and availability. It allows attackers to access and divulge all resources within the impacted component or, in some cases, only access restricted but crucial information. Attackers can also modify any or all files protected by the impacted component or cause a total or partial loss of availability of the component's resources. This loss can be sustained or persistent, significantly impacting the component's functionality.

Affected Systems

-

IoC’s

-

Recommended Solution(s)

Currently, there is no known exploit code, and the threat remains theoretical. To mitigate this risk, it is advised for users to update Microsoft Edge to version 121.0.2277.83, which addresses this vulnerability.

Mitigations

-

CVE / CWE

CVE-2024-21326

Related Website(s)

• https://nvd.nist.gov/vuln/detail/CVE-2024-21326
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21326

* Vulnerabilities with a CVSS 3.1 score between 7.0 and 8.9 are evaluated to be “high” whereas vulnerabilities with a CVSS 3.1 score between 9.0 and 10.0 are evaluated to be “critical”.