.png)
Microsoft has addressed various vulnerabilities in Edge, including one that has been exploited in the wild. According to the company, this particular vulnerability also affects all Chromium browsers. While Google had already issued an update for this issue last week, they did not classify it as a zeroday exploit.
In an advisory, Microsoft describes the bug as CVE-2024-2883, a use-after-free vulnerability in Angle, the WebGL component in Chromium. This vulnerability not only impacts Chrome but also its derivatives like Edge. Rated as Critical, the bug allows a remote attacker to initiate heap corruption through an HTML phishing page, an issue that has now been resolved by Microsoft in Edge.
Microsoft has confirmed active exploitation of this bug. However, the company has refrained from divulging specific details about the attackers or the frequency of these attacks. Impressively, Microsoft has indicated that Google is cognizant of the ongoing exploitation of this vulnerability. Although Google patched the bug in version 123.0.6312.86 and /.87 in the Stable Channel last week, explicitly mentioning the flaw, they did not acknowledge any active exploitation. Typically, Google discloses such information, albeit without providing exact specifics.
English (US)