Microsoft Edge Vulnerability Let Attackers Execute Arbitrary Code
01-August-24
Microsoft has released a critical security update for its Edge browser on August 1, 2024, addressing three significant vulnerabilities in versions prior to 127.0.2651.86. These include a high-severity validation flaw (CVE-2024-7256) in the Dawn component that allows arbitrary code execution, a critical uninitialized use vulnerability (CVE-2024-6990) also in Dawn, and a high-severity out-of-bounds read issue (CVE-2024-7255) in the WebTransport feature. Users on Windows, macOS, and Linux are urged to update their browsers to version 127.0.2651.86 or later to mitigate these risks. Automatic updates are available, but manual updates can be done through the browser’s settings. Enabling Edge’s enhanced security mode can provide additional protection.
