April 17, 2022

Microsoft Patches Zero-Day Vulnerability in Edge browser Exploited in the Wild

Following the update of Google Chrome, Microsoft has released an emergency update for Edge, addressing an actively exploited Zero-Day. 

The updated version is 100.0.1185.44 for Windows, Mac, and Linux. 

The Vulnerability

• CVE-2021-4102, High Severity – type confusion weakness in the Chrome V8 JavaScript engine.While type confusion vulnerabilities typically cause browser crashes when successfully exploited by reading or writing memory outside of buffer bounds, they can also be used to execute arbitrary code remotely. 

Affected Products

• Microsoft Edge prior to 100.0.1185.44. 

Mitigation

CYREBRO recommends updating the browser to the latest Edge version, 100.0.1185.44 for Windows, Mac, and Linux. 

References: Microsoft Advisory