Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

CVE-2021-30627: Chromium: CVE-2021-30627 Type Confusion in Blink layout

*What is the version information for this release?* Microsoft Edge Version Date Released Based on Chromium Version 93.0.961.52 9/16/2021 93.0.4577.82

Microsoft Security Response Center
Open in Source
#Microsoft Edge (Chromium-based)#Security Vulnerability#microsoft
CVE-2021-30626: Chromium: CVE-2021-30626 Out of bounds memory access in ANGLE

*What is the version information for this release?* Microsoft Edge Version Date Released Based on Chromium Version 93.0.961.52 9/16/2021 93.0.4577.82

CVE-2021-30625: Chromium: CVE-2021-30625 Use after free in Selection API

*What is the version information for this release?* Microsoft Edge Version Date Released Based on Chromium Version 93.0.961.52 9/16/2021 93.0.4577.82

CVE-2021-30633: Chromium: CVE-2021-30633 Use after free in Indexed DB API

*What is the version information for this release?* Microsoft Edge Version Date Released Based on Chromium Version 93.0.961.52 9/16/2021 93.0.4577.82

Additional Guidance Regarding OMI Vulnerabilities within Azure VM Management Extensions

Last updated on October 5, 2021: See revision history located at the end of the post for changes. On September 14, 2021, Microsoft released fixes for three Elevation of Privilege (EoP) vulnerabilities and one unauthenticated Remote Code Execution (RCE) vulnerability in the Open Management Infrastructure (OMI) framework: CVE-2021-38645, CVE-2021-38649, CVE-2021-38648, and CVE-2021-38647, respectively.

CVE-2021-40444

Microsoft MSHTML Remote Code Execution Vulnerability

CVE-2021-38655

Microsoft Excel Remote Code Execution Vulnerability

CVE-2021-38650: Microsoft Office Spoofing Vulnerability

*Is the Preview Pane an attack vector for this vulnerability?* No, the Preview Pane is not an attack vector.

CVE-2021-30632: Chromium: CVE-2021-30632 Out of bounds write in V8

*Why is this Chrome CVE included in the Security Update Guide?* The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. *How can I see the version of the browser?* * In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window * Click on *Help and Feedback* * Click on *About Microsoft Edge*

CVE-2021-40448: Microsoft Accessibility Insights for Android Information Disclosure Vulnerability

*What type of information could be disclosed by this vulnerability?* The type of information that could be disclosed if an attacker successfully exploited this vulnerability is sensitive information.