Share this article

Latest news

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low

Copilot in Outlook will generate personalized themes for you to customize the app

Microsoft will raise the price of its 365 Suite to include AI capabilities

Death Stranding Director’s Cut is now Xbox X|S at a huge discount

Outlook will let users create custom account icons so they can tell their accounts apart easier

Microsoft fixes two security vulnerabilities with the latest Edge update

The latest version is out in the Stable Channel

2 min. read

Published onMay 12, 2024

published onMay 12, 2024

Share this article

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

Microsoft recently rolled out a second security update for the Edge browser in the Stable Channel this month. The news comes via Neowin whichreportsthe latest Edge version 124.0.2478.97 is out now and resolves two security vulnerabilities reported by the Chromium team.

In therelease notes for Microsoft Edge security updates, the company says:

Microsoft has a fix forCVE-2024-4671to Microsoft Edge Stable Channel (Version 124.0.2478.97) and Extended Stable channel (Version 124.0.2478.97), which has been reported by the Chromium team as having an exploit in the wild. For more information, see theSecurity Update Guide.

This update also contains the following Microsoft Edge-specific update:

Worth noting that both security vulnerabilities have been detailed on the official CVE website. The CVE-2024-4671 vulnerability is the one with high severity. It lets remote attackers possibly exploit heap corruption using a crafted HTML page.

Google further reported that the exploit exists in the wild which means the same has already been used for malicious activities. Therefore, installing the latest security update as soon as possible is important for users.

That said, the second vulnerability CVE-2024-30055 is of low severity. It is a spoofing vulnerability exclusive to Microsoft Edge which requires users to click a specific link to exploit it. Even if the attacker exploits the same, they can only access limited information from the prey’s browser.

Earlier this month, Microsoft also fixedtwo additional vulnerabilitiesand added a speed tester in the Edge browser.

More about the topics:microsoft edge

Vlad Turiceanu

Windows Editor

Passionate about technology,Windows, and everything that has a power button, he spent most of his time developing new skills and learning more about the tech world.

Coming from a solid background in PC building and software development, with a complete expertise in touch-based devices, he is constantly keeping an eye out for the latest and greatest!

User forum

0 messages

Sort by:LatestOldestMost Votes

Comment*

Name*

Email*

Commenting as.Not you?

Save information for future comments

Comment

Δ

Vlad Turiceanu

Windows Editor

Coming from a solid background in PC building and software development, he’s a Windows 11 Privacy & Security expert.