Indian Computer Emergency Report Team (CERT-In) has issued a ‘high severity’ warning for Microsoft Edge browser users. As per the warning mentioned on the agency’s website, Microsoft Edge users who are using browser’s version prior to 107.0.1418.62 are under high risk. According to CERT-In, a vulnerability has been reported in Microsoft Edge (Chromium-based), which can be exploited by a remote attacker to execute arbitrary code on the targeted system.
As per the advisory “This vulnerability exists in Microsoft Edge due to Heap buffer overflow in GPU. A remote attacker could exploit this vulnerability by sending a specially crafted request to the targeted system. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the targeted system.”
This vulnerability is being exploited in the wild. Users are advised to apply patches urgently. A remote attacker can exploit this vulnerability by tempting users to click on a specially crafted webpage.
To avoid any scam, the CERT-In wants Microsoft Edge users to update to version 107.0.1418.62. Microsoft released the latest Microsoft Edge Stable Channel (Version 107.0.1418.62) and Microsoft Edge Extended Stable Channel (Version 106.0.1370.86) on October 28. This update contains a fix for CVE-2022-4135, which has been reported by the Chromium team as having an exploit in the wild. Also read: WhatsApp rolls out new ‘forward media with caption’ feature for iPhone users
Last week, CERT-In also issued a warning about a vulnerability for Google Chrome users. The vulnerability is similar to the one spotted in Microsoft Edge and it can allow a remote attacker to execute arbitrary code on the targeted system.