Microsoft Edge Chromium based Security Feature Bypass Vulnerability - 20240326003

Overview

Microsoft has released updates for Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability. Exploitation of this vulnerability could allow attackers steal sensitive information from user(s).

What is vulnerable?

CVE	Severity	CVSS	Product(s) Affected	Summary	Dated
CVE-2024-26247	Medium	4.7	Microsoft Edge: Versions prior to: 123.0.2420.53	This vulnerability could allow an attacker to add malicious script to fetch victim's sensitive information or to change DOM execution.	3/22/2024

What has been observed?

There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of one month... (refer Patch Management):

• CVE-2024-26247 - Security Update Guide - Microsoft - Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

It is recommended to update Microsoft Edge to version 123.0.2420.53 or later.

Additional References

• NVD - CVE-2024-26247 (nist.gov)
• CVE-2024-26247 - Security Update Guide - Microsoft - Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
• Release notes for Microsoft Edge Security Updates | Microsoft Learn