CVE-2024-21388

Name of the Vulnerable Software and Affected Versions Microsoft Edge (Chromium-based) versions prior to 121.0.2277.83

Description The issue is related to the exploitation of Microsoft Edge's Marketing API, allowing attackers to covertly install browser extensions without user consent. This could lead to a privilege escalation threat. The vulnerability was actively exploited and has been patched by Microsoft. Users are advised to update to the latest version to ensure a secure browsing experience.

Recommendations For versions prior to 121.0.2277.83, update to version 121.0.2277.83 or later to resolve the issue. As a temporary workaround, consider restricting access to the Marketing API until a patch is applied. Avoid using the private API intended for marketing purposes in the affected browser versions.