Platform
edge
Component
microsoft-edge-chromium-based
Fixed in
123.0.2420.53
CVE-2024-26247 describes a security feature bypass vulnerability in Microsoft Edge (Chromium-based). This flaw allows a malicious actor to potentially circumvent security mechanisms within the browser, potentially leading to unauthorized actions or access. The vulnerability impacts Microsoft Edge versions prior to 123.0.2420.53. A security update has been released to address this issue.
Successful exploitation of CVE-2024-26247 could allow an attacker to bypass security restrictions within Microsoft Edge. While the specific impact is not detailed in the CVE description, bypassing security features could enable various malicious activities, such as executing unauthorized code, accessing sensitive data, or manipulating browser behavior. The potential blast radius depends on the specific security features bypassed and the user's privileges. This vulnerability highlights the importance of keeping browsers updated to mitigate potential risks.
CVE-2024-26247 was published on March 22, 2024. Currently, there are no publicly available proof-of-concept exploits. The vulnerability's KEV status and EPSS score are pending evaluation. Monitor security advisories and threat intelligence feeds for any indications of active exploitation.
Exploit Status
EPSS
0.56% (68% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-26247 is to upgrade to Microsoft Edge version 123.0.2420.53 or later. Ensure automatic updates are enabled within Edge settings to receive future security patches promptly. As a temporary workaround, consider restricting user privileges and enabling stricter security policies within Edge's group policy settings. Regularly review Edge extensions and disable any suspicious or untrusted extensions.
Actualice Microsoft Edge a la última versión disponible. Esto se puede hacer a través de la configuración del navegador, buscando actualizaciones manualmente. La actualización aplicará el parche de seguridad que corrige la vulnerabilidad.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-26247 is a security feature bypass vulnerability affecting Microsoft Edge (Chromium-based) versions prior to 123.0.2420.53, allowing potential circumvention of security measures.
You are affected if you are using Microsoft Edge versions 1.0.0–123.0.2420.53. Upgrade to version 123.0.2420.53 or later to mitigate the risk.
Upgrade to Microsoft Edge version 123.0.2420.53 or later. Ensure automatic updates are enabled to receive future security patches.
Currently, there are no publicly available proof-of-concept exploits or confirmed reports of active exploitation, but monitoring is advised.
Refer to the Microsoft Security Update Guide for CVE-2024-26247: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26247
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.