Security
Headlines
HeadlinesLatestCVEs

Tag

#chrome

CVE-2024-43579: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 130.0.2849.46 10/17/2024 130.0.6723.59

Microsoft Security Response Center
#vulnerability#microsoft#rce#chrome#Microsoft Edge (Chromium-based)#Security Vulnerability
CVE-2024-43580: Microsoft Edge (Chromium-based) Spoofing Vulnerability

**According to the CVSS metrics, successful exploitation of this vulnerability could lead to minor loss of confidentiality (C:L), integrity (I:L) and availability (A:N). What does that mean for this vulnerability?** There are limited impact to Confidentiality and Integrity and no Avaibility impact from exploiting this vulnerability. An attacker would need to combine this with other vulnerabilities to perform an attack.

CVE-2024-43595: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** The user would have to click on a specially crafted URL to be compromised by the attacker.

CVE-2024-43596: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 130.0.2849.46 10/17/2024 130.0.6723.59

CVE-2024-43578: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 130.0.2849.46 10/17/2024 130.0.6723.59

CVE-2024-43587: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 130.0.2849.46 10/17/2024 130.0.6723.59

CVE-2024-43566: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 130.0.2849.46 10/17/2024 130.0.6723.59

CVE-2024-43577: Microsoft Edge (Chromium-based) Spoofing Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** An attacker would have to send the victim a malicious file that the victim would have to execute.

North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware

The North Korean threat actor known as ScarCruft has been linked to the zero-day exploitation of a now-patched security flaw in Windows to infect devices with malware known as RokRAT. The vulnerability in question is CVE-2024-38178 (CVSS score: 7.5), a memory corruption bug in the Scripting Engine that could result in remote code execution when using the Edge browser in Internet Explorer Mode.