Government urges these Microsoft users to immediately update their devices

The Indian Computer Emergency Response Team (CERT-In) has discovered multiple vulnerabilities in Microsoft Edge that can be exploited by a remote attacker to trigger remote code execution on the affected devices. In its advisory issued on September 24, 2024, the cyber security agency urges users to update their devices to the latest software version. CERT-In is a cyber security organisation under the Ministry of Electronics and Information Technology, Government of India.

As per the CERT-In advisory, Microsoft Edge (Chromium-based) versions prior to 129.0.2792.52 are impacted by these vulnerabilities. It has a medium severity rating.
“Multiple vulnerabilities have been reported in Microsoft Edge (Chromium) which could be exploited by a remote attacker to trigger remote code execution, perform UI spoofing, exploit stack & heap corruption on the targeted system,” CERT-In says. These vulnerabilities, it says “exist in Microsoft Edge (Chromium) due to inappropriate implementation in UI, Autofill & V8; insufficient data validation in Omnibox, Type Confusion in V8, incorrect security UI in Downloads, Out-of-bounds Write issue and improper neutralization of input during web page generation.”
A remote attacker could exploit these vulnerabilities by persuading a victim to visit a specially crafted Website/HTML page.

The government body advises users to update Microsoft Edge on their device to the latest version. Microsoft has released the latest Microsoft Edge Stable Channel (Version 129.0.2792.52) and Microsoft Edge Extended Stable Channel (128.0.2739.90) which incorporate the latest updates of the Chromium project. This update contains the following Microsoft Edge-specific updates: CVE-2024-43489, CVE-2024-43496 and CVE-2024-38221.