CVE-2024-21399: 
vulnerability analysis and mitigation

Microsoft Edge (Chromium-based) has been identified with a Remote Code Execution Vulnerability, tracked as CVE-2024-21399. The vulnerability was disclosed on February 1, 2024, affecting Microsoft Edge versions up to (excluding) 121.0.2277.98. This high-severity vulnerability has been assigned a CVSS v3.1 base score of 8.3 (MSRC, NVD).

The vulnerability is classified as a Use After Free (CWE-416) issue that could potentially lead to a browser sandbox escape. The attack requires network access and user interaction, with a complexity rating of High as indicated by the CVSS vector string: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H (MSRC).

If successfully exploited, this vulnerability could enable remote code execution within the context of the browser. The potential impact includes complete compromise of confidentiality, integrity, and availability of the affected system, particularly concerning given its ability to escape the browser sandbox (Security Online).

Microsoft has released version 121.0.2277.98 of Microsoft Edge to address this vulnerability. Users are advised to update to this version or later. Additionally, Microsoft is offering an extended stable version based on Chromium 120.0.6099.276, specifically Microsoft Edge 120.0.2210.167 (Security Online).