Microsoft fixes two security vulnerabilities with the latest Edge update

Microsoft recently rolled out a second security update for the Edge browser in the Stable Channel this month. The news comes via Neowin which reports the latest Edge version 124.0.2478.97 is out now and resolves two security vulnerabilities reported by the Chromium team.

In the release notes for Microsoft Edge security updates, the company says:

Microsoft has a fix for CVE-2024-4671 to Microsoft Edge Stable Channel (Version 124.0.2478.97) and Extended Stable channel (Version 124.0.2478.97), which has been reported by the Chromium team as having an exploit in the wild. For more information, see the Security Update Guide.

This update also contains the following Microsoft Edge-specific update:

• CVE-2024-30055

Worth noting that both security vulnerabilities have been detailed on the official CVE website. The CVE-2024-4671 vulnerability is the one with high severity. It lets remote attackers possibly exploit heap corruption using a crafted HTML page.

Google further reported that the exploit exists in the wild which means the same has already been used for malicious activities. Therefore, installing the latest security update as soon as possible is important for users.

That said, the second vulnerability CVE-2024-30055 is of low severity. It is a spoofing vulnerability exclusive to Microsoft Edge which requires users to click a specific link to exploit it. Even if the attacker exploits the same, they can only access limited information from the prey’s browser.

Earlier this month, Microsoft also fixed two additional vulnerabilities and added a speed tester in the Edge browser.