As the holiday season approaches we managed to break the reports after adding some additional functionality to our AI model. A week late we bring you the final PortalFuse Weekly Security Update of 2024 as no CVEs were detected for this week.

This week’s report focuses on critical vulnerabilities affecting Microsoft Edge, derived from the Chromium Open Source Software (OSS). Let us dive into the details and ensure your systems are secure during this festive period.

• Impact: This critical vulnerability in the V8 JavaScript engine affects Microsoft Edge (Chromium-based).
• Details: The vulnerability allows an out-of-bounds write, potentially enabling attackers to execute arbitrary code in the context of the current user. The root cause lies in Chromium’s memory handling.
• Fix: Addressed in Microsoft Edge version 131.0.2903.112, released on December 19, 2024.
• Recommendation: System administrators should update to this version immediately to mitigate the risk.
• Additional Information: Refer to Google Chrome Releases for more details.

• Impact: A critical vulnerability in the Compositing feature of Microsoft Edge (Chromium-based).
• Details: This vulnerability could be exploited by attackers to execute arbitrary code, potentially leading to unauthorized access or data manipulation.
• Fix: Addressed in Microsoft Edge version 131.0.2903.112.
• Recommendation: Update your Microsoft Edge installations promptly.
• Additional Information: Refer to Google Chrome Releases.

• Impact: A critical vulnerability due to out-of-bounds memory access in the V8 engine.
• Details: This issue could allow attackers to execute arbitrary code. It originates from Chromium’s codebase utilized by Microsoft Edge.
• Fix: Resolved in Microsoft Edge version 131.0.2903.112.
• Recommendation: Ensure your systems are updated to the latest version.
• Additional Information: See Google Chrome Releases.

• Impact: A critical vulnerability in the V8 JavaScript engine, stemming from type confusion issues.
• Details: Exploitation could allow arbitrary code execution, with significant security implications.
• Fix: Fixed in Microsoft Edge version 131.0.2903.112.
• Recommendation: Apply the update immediately to secure your environment.
• Additional Information: Consult Google Chrome Releases.

This week’s report highlights four critical vulnerabilities affecting Microsoft Edge, all stemming from Chromium’s codebase. The vulnerabilities include memory handling issues such as out-of-bounds writes, use-after-free conditions, and type confusion, all of which could lead to arbitrary code execution. These issues were promptly addressed with updates to Microsoft Edge version 131.0.2903.112. While serious, they are standard for high-impact CVEs and demonstrate the ongoing need for vigilance in software maintenance.

For more information, you can access the full report or listen to our audio podcast summarizing this week’s updates.

This week’s vulnerabilities emphasize the critical need for prompt action in applying updates and addressing software flaws to maintain a robust security posture. Microsoft Edge version 131.0.2903.112 addresses all the listed CVEs, making it essential to update immediately.

Thank you for following our weekly updates throughout 2024. As we close the year, we wish you a Merry Christmas for your friends and family! Stay secure and enjoy the festivities.