Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVE-2023-36027

7.1HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Edge (chromium-based); Microsoft Edge (chromium-based) Extended Stable
Vendor: CVE Published:; 10 November 2023

What is CVE-2023-36027?

This vulnerability in Microsoft Edge (Chromium-based) enables an attacker to gain elevated privileges on a system, potentially allowing them to execute arbitrary code and impact user security. The flaw could exploit weaknesses in the browser’s handling of specific processes, thus elevating an attacker's permissions beyond intended limits. Users of Microsoft Edge should stay informed and apply security updates promptly to mitigate risks associated with this vulnerability.

Affected Version(s)

Microsoft Edge (Chromium-based) Extended Stable Unknown 1.0.0 < 118.0.2088.102

Microsoft Edge (Chromium-based) Unknown 1.0.0 < 119.0.2151.58

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 10, 2023
Vulnerability Reserved
Jun 20, 2023