Microsoft has issued a second security update for its browser in the Stable Channel. Following the update from May 2, Microsoft pushed version 124.0.2478.97 to all users to resolve two security vulnerabilities exploited in the wild.
Microsoft has a fix for CVE-2024-4671 to Microsoft Edge Stable Channel (Version 124.0.2478.97) and Extended Stable channel (Version 124.0.2478.97), which has been reported by the Chromium team as having an exploit in the wild. For more information, see the Security Update Guide.
This update also contains the following Microsoft Edge-specific update:
- CVE-2024-30055
According to the description on the CVE website, CVE-2024-4671, the vulnerability allows remote attackers to exploit heap corruption with a specially crafted HTML page. Google has reported that the exploit "exists in the wild" (in other words, it is already used for malicious intents), so be sure to install the latest security updates as soon as possible.
As for the second one, CVE-2024-30055 is a low-severity spoofing vulnerability that is exclusive to Microsoft Edge. Exploiting it requires the user to click a special link, after which the attacker could get "limited information" from the victim"s browser.
The user would have to click on a specially crafted URL to be compromised by the attacker. Limited information from the victim"s browser associated with the vulnerable URL can be sent to the attacker by the malicious code. The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site.
Patches for CVE-2024-4671 and 2024-30055 are now available in the Stable Channel and Extended Stable Channel. It is a special release option made for enterprise customers who want to get fewer Microsoft Edge updates. The company ships new Edge versions in the Extended Stable Channel every 8 weeks unlike the "regular" Stable Channel with its 4-week release cycle. The idea behind Microsoft Edge Extended Stable Channel is to give enterprise customers more time to adopt the latest changes and features in the browser.