Urgent Edge Security Update: Microsoft Patches Zero-day & RCE Vulnerabilities
Microsoft has released an urgent security update for its Edge browser, patching a critical vulnerability that is currently being exploited by malicious actors. This zero-day flaw, tracked as CVE-2024-7971, exists within Google Chrome’s V8 JavaScript engine and allows for remote code execution via a maliciously crafted HTML page.
The newly released Microsoft Edge Stable Channel Version 128.0.2739.42, based on Chromium versions 128.0.6613.85 and 128.0.6613.84, addresses a total of 25 security vulnerabilities. Twenty of these originate from the Chromium project, with CVE-2024-7971 being the most pressing due to its active exploitation in the wild.
In addition to the Chromium fixes, the update resolves five vulnerabilities unique to Microsoft Edge. Two of these, CVE-2024-38209 and CVE-2024-38210, are also capable of enabling remote code execution and have been classified as “Important,” carrying a CVSSv3.1 base score of 7.8.
The fact that CVE-2024-7971 is actively being exploited underscores the urgency for Edge users to install the latest update immediately. Attackers can leverage this vulnerability to gain unauthorized access to systems, potentially leading to data theft, malware installation, or complete system takeover.
With the release of Microsoft Edge Stable Channel Version 128.0.2739.42, users are strongly encouraged to apply the update as soon as possible to protect themselves from the vulnerabilities addressed in this release.
