Microsoft pushes emergency update for Edge fixing Chromium actively exploited flaw
Take action: If you still haven't updated your Chromium browsers (Edge, Opera, Brave) after last weeks release of Chrome, patch as soon as possible. The vulnerability is already being exploited, so it's just a matter of time before your vulnerable browser stumbles on the exploit.
Learn More
Microsoft has released an emergency out-of-band update for the Edge browser to address a critical security vulnerability tracked as CVE-2024-7971 (CVSS score 8.8). This flaw, rated as high-risk, is actively exploited in the wild and already patched in Chrome and Chromium based browsers, prompting Microsoft to issue the fix outside its regular Patch Tuesday cycle.
The vulnerability allows remote code execution (RCE) through manipulated HTML content, enabling attackers to potentially take full control of targeted systems by executing arbitrary code.
Microsoft’s Threat Intelligence Center (MSTIC) and the Microsoft Security Response Center (MSRC) detected and reported the ongoing exploitation of this vulnerability on August 19.
To install the update, users should navigate to the "Help and Feedback" menu in Edge and select "About Microsoft Edge," where the latest update will be automatically applied. The fixed version should display as 128.0.2739.42 or later.
Update - as of 30th of August 2024, Microsoft researchers report that the flaw is being exploited by a orth Korean threat actor group called Citrine Sleet.
