CVE-2024-43578
Published: 17 October 2024
Summary
CVE-2024-43578 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Microsoft Edge Chromium. Its CVSS base score is 7.6 (High).
Operationally, ranked in the top 9.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
Microsoft Edge (Chromium-based) is affected by CVE-2024-43578, a remote code execution vulnerability published on 2024-10-17 with a CVSS 3.1 score of 7.6 and associated with CWE-122. The flaw permits an attacker to achieve high impact on confidentiality and integrity with limited availability consequences under the vector AV:N/AC:L/PR:L/UI:R/S:U.
An attacker with low privileges can exploit the issue remotely over a network by leveraging user interaction to trigger code execution on the target system. The unchanged scope indicates the compromise remains contained to the affected Edge process without crossing security boundaries.
The Microsoft Security Response Center advisory linked in the reference provides official guidance on mitigation and patching for this vulnerability. The EPSS score has remained flat at a peak and current value of 0.0614, showing no material rise in exploitation probability after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-40332
Vulnerability details
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.