Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVE-2023-36027

7.1HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Edge (chromium-based); Microsoft Edge (chromium-based) Extended Stable
Vendor: CVE Published:; 10 November 2023

Summary

This vulnerability in Microsoft Edge (Chromium-based) enables an attacker to gain elevated privileges on a system, potentially allowing them to execute arbitrary code and impact user security. The flaw could exploit weaknesses in the browser’s handling of specific processes, thus elevating an attacker's permissions beyond intended limits. Users of Microsoft Edge should stay informed and apply security updates promptly to mitigate risks associated with this vulnerability.

Affected Version(s)

Microsoft Edge (Chromium-based) Extended Stable Unknown 1.0.0 < 118.0.2088.102

Microsoft Edge (Chromium-based) Unknown 1.0.0 < 119.0.2151.58

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 10, 2023
Vulnerability Reserved
Jun 20, 2023