Fwd: [CIVN-2022-0462] Remote code execution vulnerability in Microsoft Edge (Chromium-based)

Remote code execution vulnerability in Microsoft Edge (Chromium-based)

Indian - Computer Emergency Response Team (cert-in.org.in)

Severity Rating: HIGH

Software Affected

Microsoft Edge (Chromium-based) version prior to 107.0.1418.62

Overview

A Vulnerability has been reported in Microsoft Edge (Chromium-based), which could allow a remote attacker to execute arbitrary code on the targeted system.

Description

This vulnerability exists in Microsoft Edge due to Heap buffer overflow in GPU. A remote attacker could exploit this vulnerability by sending a specially crafted request to the targeted system. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the targeted system.

Note: This vulnerability (CVE-2022-4135) is being exploited in the wild. Users are advised to apply patches urgently.

Solution

Upgrade to Microsoft Edge version 107.0.1418.62

https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#november-28-2022

Vendor Information

Microsoft

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4135

References

Microsoft

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4135

CVE Name

CVE-2022-4135

About Cert Advisory

We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.

Fwd: [CIVN-2022-0462] Remote code execution vulnerability in Microsoft Edge (Chromium-based)

About Cert Advisory

Related Posts

Popular Posts

Facebook

Blog Archive