CVE-2024-10827: Chromium: CVE-2024-10827 Use after free in Serial

CVE-2024-10826: Chromium: CVE-2024-10826 Use after free in Family Experiences

CVE-2024-10488: Chromium: CVE-2024-10488 Use after free in WebRTC

CVE-2024-10487: Chromium: CVE-2024-10487: Out of bounds write in Dawn

CVE-2024-10231: Chromium: CVE -2024-10231 Type Confusion in V8

**What privileges does an attacker require to exploit this vulnerability?**

No special privileges are required to exploit this vulnerability. An attacker needs to have network connectivity to the replication appliance.

**What can an attacker do with the exposed credentials?**

An attacker can call Azure Site Recovery APIs provided by the Configuration Server and in turn get access to configuration data including credentials for the protected systems. Using the APIs, the attacker can also modify/delete configuration data which in turn will impact Site Recovery operation.

Headline

CVE-2022-24469: Azure Site Recovery Elevation of Privilege Vulnerability

Microsoft Security Response Center: Latest News