SECUI Corporation


	Korean

<< Back

VID	50421
Severity	40
Port	139,445
Protocol	TCP
Class	SMB
Detailed Description	The version of Microsoft Edge installed on the remote Windows host is prior to 124.0.2478.51. It is, therefore, affected by multiple vulnerabilities as referenced in the April 18, 2024 advisory. - Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability (CVE-2024-29986) - Microsoft Edge (Chromium-based) Information Disclosure Vulnerability (CVE-2024-29987) - Object corruption in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-3832) - Object corruption in WebAssembly in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-3833) - Use after free in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-3834) - Use after free in QUIC in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2024-3837) - Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed an attacker who convinced a user to install a malicious app to perform UI spoofing via a crafted app. (Chromium security severity: Medium) (CVE-2024-3838) - Out of bounds read in Fonts in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) (CVE-2024-3839) - Insufficient policy enforcement in Site Isolation in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) (CVE-2024-3840) - Insufficient data validation in Browser Switcher in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to inject scripts or HTML into a privileged page via a malicious file. (Chromium security severity: Medium) (CVE-2024-3841) - Insufficient data validation in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) (CVE-2024-3843) - Use after free in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-3914) - Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability (CVE-2024-29991) * References: https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#april-18-2024 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3832 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3833 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3834 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3837 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3838 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3839 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3840 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3841 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3843 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3844 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3845 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3846 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3847 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3914 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29986 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29987 https://msrc.microsoft.com/update-guid
Recommendation	Upgrade to the latest version of Microsoft Edge at ( 124.0.2478.51 or later), as described in the Microsoft Security bulletin at https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
Related URL	CVE-2024-29986,CVE-2024-29987,CVE-2024-3832,CVE-2024-3833,CVE-2024-3834,CVE-2024-3840,CVE-2024-3843,CVE-2024-3914,CVE-2024-29991 (CVE)
Related URL	(SecurityFocus)
Related URL	(ISS)