Microsoft Edge gets fixes for zero-day vulnerabilities exploited in the wild

After temporarily removing the update to fix compatibility issues with certain enterprise configurations, Microsoft has once again released Edge 123 in the Stable Channel. Along with the necessary fix, the update also includes four fixes for zero-day vulnerabilities that Microsoft states have been exploited in the wild.

Below is the official changelog:

Version 123.0.2420.65

Fixed various bugs and performance issues, includes security fixes, and improves reliability:

• Fixed a browser crash that occurred when the UserDataDir policy is used to specify a path on a network share. Note that using a network share location for the user data directory is generally unsupported.
• Microsoft has a fix for CVE-2024-2883 to Microsoft Edge Stable Channel (Version 123.0.2420.65) and Extended Stable Channel (Version 122.0.2365.113), which has been reported by the Chromium team as having an exploit in the wild.

The Stable Channel version 123 and Extended Stable Channel version 122 both offer security patches. These patches address vulnerabilities such as CVE-2024-2887 “Type Confusion in WebAssembly,”CVE-2024-2886 “Use after free in WebCodecs,”CVE-2024-2885 “Use after free in Dawn,”and CVE-2024-2883 “Use after free in ANGLE.”

To update Microsoft Edge, visit edge://settings/help. Due to the active exploitation of the vulnerabilities, it is important to quickly update to version 123.0.2420.65. An offline installer is available for download on the official website at https://www.microsoft.com/en-us/edge/business/download.

The latest update will include the installation of an 8KB app called “Microsoft Copilot”. This app is said to be connected to the upcoming Copilot features, as stated by Microsoft. It will provide users with the ability to request Copilot to adjust settings, access device information, enable accessibility features, and more. These features are currently only accessible to Windows Insiders with preview builds. The reason behind Microsoft’s decision to release this app to users in the Stable Channel is still unknown.

Additional details on the most recent Microsoft Edge update can be found here. The official documentation contains a separate page dedicated to security notes.