The Indian Computer Emergency Response Team (CERT-In) under the IT ministry has issued a high severity warning for Microsoft Edge browser users. The warning is for the users who are using browser’s version prior to 99.0.1150.30. As per the warning, multiple vulnerabilities have been reported in Edge browser which can be exploited by an attacker to compromise targeted system.
The advisory further reveals that “these vulnerabilities exist in Microsoft Edge due to Heap buffer overflow in ANGLE, use-after-free in Cast UI, use after free in Omnibox, out of bounds read in ANGLE, use after free in Views, use-after-free in WebShare, type confusion in Blink Layout, use-after-free in Media, out of bounds memory access in Mojo, use-after-free in MediaStream, insufficient policy enforcement in Installer, heap buffer overflow in Cast UI, inappropriate implementation in HTML parser, inappropriate implementation in full screen mode, inappropriate implementation in Permissions, use-after-free in Browser Switcher, data leak in Canvas, inappropriate implementation in Autofill, use-after-free in Chrome OS Shell and out of bounds memory access in WebXR.”
An attacker can exploit these vulnerabilities by sending a specially crafted request. Successful exploitation of these vulnerabilities could allow an attacker to compromise the targeted system.
What users can do to stay safe
To avoid any exploitation, the CERT-In advises Microsoft Edge users to update the browser to the latest version. The version 99.0.1150.39 was rolled out by the tech giant last week and it incorporates the latest Security Updates of the Chromium project. The update also contains fix for various bugs and performance issues.
According to StatCounter, Edge is now used on 9.54% of desktops worldwide, just behind Apple’s Safari with 9.84% market share. The data also reveals that Google Chrome still holds the largest market share with 65.38% users. Edge has seen significant growth since the launch of the new Windows OS.