Security
Headlines
HeadlinesLatestCVEs

Source

Microsoft Security Response Center

CVE-2021-37988: Chromium: CVE-2021-37988 Use after free in Profiles

*What is the version information for this release?* Microsoft Edge Version Date Released Based on Chromium Version 95.0.1020.30 10/21/2021 95.0.4638.54

Microsoft Security Response Center
Open in Source
#Microsoft Edge (Chromium-based)#Security Vulnerability#microsoft
CVE-2021-37987: Chromium: CVE-2021-37987 Use after free in Network APIs

*What is the version information for this release?* Microsoft Edge Version Date Released Based on Chromium Version 95.0.1020.30 10/21/2021 95.0.4638.54

CVE-2021-37986: Chromium: CVE-2021-37986 Heap buffer overflow in Settings

*What is the version information for this release?* Microsoft Edge Version Date Released Based on Chromium Version 95.0.1020.30 10/21/2021 95.0.4638.54

CVE-2021-37985: Chromium: CVE-2021-37985 Use after free in V8

*What is the version information for this release?* Microsoft Edge Version Date Released Based on Chromium Version 95.0.1020.30 10/21/2021 95.0.4638.54

CVE-2021-37984: Chromium: CVE-2021-37984 Heap buffer overflow in PDFium

*What is the version information for this release?* Microsoft Edge Version Date Released Based on Chromium Version 95.0.1020.30 10/21/2021 95.0.4638.54

CVE-2021-37983: Chromium: CVE-2021-37983 Use after free in Dev Tools

*What is the version information for this release?* Microsoft Edge Version Date Released Based on Chromium Version 95.0.1020.30 10/21/2021 95.0.4638.54

CVE-2021-37982: Chromium: CVE-2021-37982 Use after free in Incognito

*What is the version information for this release?* Microsoft Edge Version Date Released Based on Chromium Version 95.0.1020.30 10/21/2021 95.0.4638.54

CVE-2021-37981: Chromium: CVE-2021-37981 Heap buffer overflow in Skia

*What is the version information for this release?* Microsoft Edge Version Date Released Based on Chromium Version 95.0.1020.30 10/21/2021 95.0.4638.54

CVE-2021-42307: Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

*What is the version information for this release?* Microsoft Edge Version Date Released Based on Chromium Version 95.0.1020.30 10/21/2021 95.0.4638.54

CVE-2021-42299: Microsoft Surface Pro 3 Security Feature Bypass Vulnerability

*Which Surface devices are affected by this vulnerability?* The Surface Pro 3. *Are any other devices vulnerable?* Microsoft has confirmed that the Surface Pro 3 is vulnerable. However, it is possible that other devices, including non-Microsoft devices, using a similar BIOS may also be vulnerable. The Surface Pro 4, Surface Book, and more recent Surface devices are not vulnerable. *What can an attacker do with this vulnerability?* Devices use Platform Configuration Registers (PCRs) to record information about device and software configuration to ensure that the boot process is secure. Windows uses these PCR measurements to determine device health. A vulnerable device can masquerade as a healthy device by extending arbitrary values into Platform Configuration Register (PCR) banks. *How do I protect myself?* This technique requires physical access to a target victim’s device, or an attacker would already have had to compromise a legitimate user's credentials. We encourage custom...