The Indian cybersecurity agency, the Indian Computer Emergency Response Team (CERT-In), has found multiple vulnerabilities in the Microsoft Edge browser. These vulnerabilities could allow an attacker to obtain sensitive information, bypass security restrictions, and cause denial-of-service (DoS) conditions on the targeted system. The affected software includes Microsoft Edge (Stable) versions before '124.0.2478.51'.
"Multiple vulnerabilities have been reported in Microsoft Edge (chromium-based) which could allow the remote attacker to cause a denial of service condition, remote code execution, sensitive information disclosure, and security restriction bypass on the targeted system," said the CERT-In advisory.
The cyber agency has identified several vulnerabilities in Microsoft Edge. These vulnerabilities are caused by object corruption in V8 and WebAssembly, use after free in V8, downloads and QUIC, inappropriate implementation in autofill, inappropriate implementation in extension, network, and prompts, and other issues.
"A remote attacker could exploit these vulnerabilities by sending a specially crafted request on the targeted system," the agency mentioned.
What do users need to do?
Cert-In has advised users to apply appropriate security updates as mentioned by the company.
Earlier this month, the cyber agency warned users of multiple vulnerabilities in Microsoft products which include -- Microsoft Windows, Microsoft Office, Developer Tools, Azure, Brower, System Center, Microsoft Dynamics, and Exchange Server. As per the advisory, these vulnerabilities could allow an attacker to obtain information disclosure, bypass security restrictions, and cause DoS conditions on the targeted system.
Meanwhile, Microsoft has recently announced the launch of a new premium tier of its artificial intelligence model, called Microsoft Copilot Pro. This latest offering is now available globally in 222 countries, including India, and is targeted towards individuals and small to medium-sized organizations. The Copilot Pro was first introduced in selected markets in January 2024 and is said to provide users with accelerated Copilot performance, faster AI image creation, the ability to create their own Copilot GPTs, and access to Copilot in Word, Excel (Preview), PowerPoint, Outlook and OneNote.
ALSO READ: Pavan Davuluri, IIT Madras graduate, is new Microsoft Windows boss: Who is he? 5 facts about him
Inputs from IANS
