Cyber Resilience

CVE-2024-43578

High

Published: 17 October 2024

Published
17 October 2024
Modified
18 October 2024
KEV Added
Patch
CVSS Score v3.1 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L
EPSS Score 0.0614 91.0th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-43578 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Microsoft Edge Chromium. Its CVSS base score is 7.6 (High).

Operationally, ranked in the top 9.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

Microsoft Edge (Chromium-based) is affected by CVE-2024-43578, a remote code execution vulnerability published on 2024-10-17 with a CVSS 3.1 score of 7.6 and associated with CWE-122. The flaw permits an attacker to achieve high impact on confidentiality and integrity with limited availability consequences under the vector AV:N/AC:L/PR:L/UI:R/S:U.

An attacker with low privileges can exploit the issue remotely over a network by leveraging user interaction to trigger code execution on the target system. The unchanged scope indicates the compromise remains contained to the affected Edge process without crossing security boundaries.

The Microsoft Security Response Center advisory linked in the reference provides official guidance on mitigation and patching for this vulnerability. The EPSS score has remained flat at a peak and current value of 0.0614, showing no material rise in exploitation probability after disclosure.

EU & UK References

Vulnerability details

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
edge chromium
≤ 130.0.2849.46

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References