When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Microsoft Edge gets fixes for five more security vulnerabilities

Neowin · with 0 comments

A Microsoft Edge logo

This month is full of Microsoft Edge security updates. Version 124 is now receiving its fourth patch aimed at resolving security vulnerabilities. You can now download version 124.0.2478.109, which contains fixes for five different vulnerabilities, some of which are exploited in the wild. Besides Chromium security patches, the update fixes one Microsoft Edge-specific vulnerability.

Here are the patched vulnerabilities in Microsoft Edge 124.0.2478.109:

  • CVE-2024-30056: Microsoft Edge (Chromium-based) Information Disclosure Vulnerability. Exposure of Private Personal Information to an Unauthorized Actor

  • CVE-2024-4947: Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-4948: Use after free in Dawn in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-4949: Use after free in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2024-4950: Inappropriate implementation in Downloads in Google Chrome prior to 125.0.6422.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Microsoft Edge 124.0.2478.109 is now available in the regular Stable Channel (four-week update schedule) and the Extended Stable Channel (eight-week update schedule). You can get to the latest version by heading to Menu > Help & Feedback > About Microsoft Edge or directly to the edge://settings/help page.

As a reminder, Microsoft will soon end Edge support on systems with processors that do not support the SSE3 instruction set. Edge 126 will be the last release that does not require SSE3. However, you should not fret if your PC is not a 20-year-old museum exhibit since PC processors have supported SSE3 since 2004.

Report a problem with article
GNOME screenshot
Next Article

GNOME 47 gets an official launch date on the release schedule

Intel 3101015522 driver with Hellblade II on the background
Previous Article

Intel releases new driver with Hellblade II support, better performance in Starfield, more

Join the conversation!

Login or Sign Up to read and post a comment.

0 Comments - Add comment