Microsoft Edge Zero-Day Vulnerability Patched: Urgent Update Needed

Cybersecurity experts are urging all Microsoft Edge users to immediately install the latest security update, released on May 10th. This critical update addresses several vulnerabilities, including a zero-day flaw (CVE-2024-4671) that was actively being exploited in the wild.

The zero-day vulnerability, a ‘Use After Free’ error in Chromium, could allow attackers to execute malicious code on a victim’s system. The flaw was discovered and reported by the Chromium team, who alerted Microsoft to the active exploitation.

In addition to the zero-day vulnerability, the update also fixes two other ‘High‘ severity flaws (CVE-2024-4558 and CVE-2024-4559) and a unique ‘Low‘ severity vulnerability specific to Microsoft Edge (CVE-2024-30055). The latter could allow impersonation if a user clicks on a manipulated URL.

The patched version of Microsoft Edge is 124.0.2478.97. To ensure your browser is protected, check your current version and update if necessary.

The swift response from both the Chromium team and Microsoft underscores the critical nature of this discovery. Zero-day vulnerabilities are particularly dangerous as they are unknown to software vendors and therefore have no existing patches, leaving users exposed until a fix is developed and deployed.