Plattform
edge
Komponente
microsoft-edge-chromium-based
Behoben in
123.0.2420.53
CVE-2024-26247 describes a security feature bypass vulnerability in Microsoft Edge (Chromium-based). This flaw allows a malicious actor to potentially circumvent security mechanisms within the browser, potentially leading to unauthorized actions or access. The vulnerability impacts Microsoft Edge versions prior to 123.0.2420.53. A security update has been released to address this issue.
Successful exploitation of CVE-2024-26247 could allow an attacker to bypass security restrictions within Microsoft Edge. The precise nature of the bypassed security feature isn't detailed, but the impact could range from unauthorized access to sensitive data to the execution of malicious code within the browser's context. Depending on the bypassed feature, an attacker might be able to escalate privileges or perform actions on behalf of the user without their knowledge. The blast radius is primarily limited to the user's Edge browser session, but could extend to the underlying system if the bypassed feature relates to system-level security.
CVE-2024-26247 was publicly disclosed on March 22, 2024. The vulnerability's CVSS score is 4.7 (MEDIUM), indicating a moderate risk. Currently, there are no publicly available proof-of-concept exploits. It is not listed on the CISA KEV catalog at the time of this writing, but its status could change. Active exploitation campaigns are not currently confirmed.
Users who have not updated their Microsoft Edge browser to version 123.0.2420.53 or later are at risk. This includes users who have disabled automatic updates or are using older, unsupported versions of Edge. Shared computer environments and organizations with legacy systems may be particularly vulnerable.
• windows / supply-chain:
Get-WinEvent -LogName Application -FilterXPath "/Event[System[Provider[@Name='Microsoft-Windows-Edge']]]"• windows / supply-chain:
Get-Process | Where-Object {$_.ProcessName -match 'msedge'}• windows / supply-chain: Check Autoruns for unusual Edge-related entries using Autoruns utility.
disclosure
Exploit-Status
EPSS
0.56% (68% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-26247 is to upgrade Microsoft Edge to version 123.0.2420.53 or later. Ensure automatic updates are enabled to receive future security patches promptly. As a temporary workaround, consider restricting user permissions within Edge, limiting access to potentially vulnerable features. While a WAF or proxy cannot directly address this browser-specific vulnerability, they can help mitigate the impact of any malicious content delivered through Edge by inspecting and filtering traffic. After upgrading, confirm the fix by verifying the Edge version number and checking for any unexpected behavior.
Actualice Microsoft Edge a la última versión disponible. Esto se puede hacer a través de la configuración del navegador, buscando actualizaciones manualmente. La actualización aplicará el parche de seguridad que corrige la vulnerabilidad.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-26247 is a security feature bypass vulnerability affecting Microsoft Edge (Chromium-based) versions prior to 123.0.2420.53, allowing potential circumvention of security measures.
You are affected if you are using Microsoft Edge versions 1.0.0–123.0.2420.53. Upgrade to version 123.0.2420.53 or later to mitigate the risk.
Upgrade to Microsoft Edge version 123.0.2420.53 or later. Ensure automatic updates are enabled to receive future security patches.
Currently, there are no publicly available proof-of-concept exploits or confirmed reports of active exploitation, but monitoring is advised.
Refer to the Microsoft Security Update Guide for CVE-2024-26247: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26247
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.