Security
Headlines
HeadlinesLatestCVEs

Source

Microsoft Security Response Center

CVE-2024-6290: CVE-2024-6290

Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version Stable 126.0.2592.81 6/27/2024 126.0.6478.127

Microsoft Security Response Center
Open in Source
#microsoft#chrome#Microsoft Edge (Chromium-based)#Security Vulnerability
CVE-2024-35260: Microsoft Dataverse Remote Code Execution Vulnerability

**Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?** This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. This purpose of this CVE is to provide further transparency. Please see Toward greater transparency: Unveiling Cloud Service CVEs for more information.

CVE-2024-6103: Chromium: CVE-2024-6103: Use after free in Dawn

Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version Stable 126.0.2592.68 6/20/2024 126.0.6478.114/115

CVE-2024-6102: Chromium: CVE-2024-6102: Out of bounds memory access in Dawn

Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version Stable 126.0.2592.68 6/20/2024 126.0.6478.114/115

CVE-2024-6101: Chromium: CVE-2024-6101: Inappropriate implementation in WebAssembly

Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version Stable 126.0.2592.68 6/20/2024 126.0.6478.114/115

CVE-2024-6100: Chromium: CVE-2024-6100 Type Confusion in V8

Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version Stable 126.0.2592.68 6/20/2024 126.0.6478.114/115

CVE-2024-38082: Microsoft Edge (Chromium-based) Spoofing Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** The user would have to click on a specially crafted URL to be compromised by the attacker.

CVE-2024-38093: Microsoft Edge (Chromium-based) Spoofing Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** The user would have to click on a specially crafted URL to be compromised by the attacker.

CVE-2024-5845: Chromium: CVE-2024-5845 Use after free in Audio

**Why is this Chrome CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. **How can I see the version of the browser?** 1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window 2. Click on **Help and Feedback** 3. Click on **About Microsoft Edge**