Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVE-2023-21796

8.3HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Edge (chromium-based) Extended Stable
Vendor: CVE Published:; 24 January 2023

What is CVE-2023-21796?

An elevation of privilege vulnerability in Microsoft Edge (Chromium-based) allows attackers to execute arbitrary code with elevated permissions. This occurs due to improper handling of objects in memory. Successful exploitation could let an attacker install programs, view, change, or delete data, and create new accounts with full user rights on the affected system. Users are encouraged to keep their systems updated with the latest security patches from Microsoft to mitigate potential risks.

Affected Version(s)

Microsoft Edge (Chromium-based) Extended Stable Unknown 1.0.0 < 108.0.1462.83

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

8.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 24, 2023
Vulnerability Reserved
Dec 16, 2022