Microsoft has released patches for a critical vulnerability in EDGE Browser that is currently being exploited by malicious actors.
This zero-day flaw, tracked as CVE-2024-7971, exists within Google Chrome’s V8 JavaScript engine and allows for remote code execution via a maliciously crafted HTML page.
Advertisements
In addition to the Chromium fixes, the update resolves five vulnerabilities unique to Microsoft Edge.
- CVE-2024-41879 -Reserved
- CVE-2024-38208 – CVSS Score 6.1
- CVE-2024-38207 – CVSS Score 7.8
- CVE-2024-38210 – CVSS Score 7.8
- CVE-2024-38209 – CVSS Score 7.8
Two of these, CVE-2024-38209 and CVE-2024-38210, are also capable of enabling remote code execution.
With the release of Microsoft Edge Stable Channel Version 128.0.2739.42, users are strongly encouraged to apply the update as soon as possible to protect themselves from the vulnerabilities addressed in this release
