CVE-2024-43472: 
vulnerability analysis and mitigation

Microsoft Edge (Chromium-based) has been identified with an Elevation of Privilege Vulnerability, tracked as CVE-2024-43472. The vulnerability was disclosed on August 16, 2024, and affects versions of Microsoft Edge up to (but not including) 127.0.2651.105 (NVD).

The vulnerability has been assessed with varying CVSS v3.1 scores. Microsoft Corporation initially rated it as Medium severity with a base score of 5.8 (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L), while NIST later assessed it as High severity with a base score of 8.3 (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). The vulnerability is classified as a Use After Free (CWE-416) issue (NVD).

Based on the CVSS scores and vectors, this vulnerability could potentially lead to high impacts on confidentiality, integrity, and availability of the affected system when successfully exploited. The vulnerability requires user interaction and has high attack complexity, but can be initiated from the network without requiring privileges (NVD).

Microsoft has released a security update to address this vulnerability. Users should upgrade to Microsoft Edge version 127.0.2651.105 or later to mitigate the risk (NVD).