Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVE-2023-36034

7.3HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Edge (chromium-based); Microsoft Edge (chromium-based) Extended Stable
Vendor: CVE Published:; 3 November 2023

Summary

A remote code execution vulnerability exists in Microsoft Edge (Chromium-based) that could allow an attacker to execute arbitrary code on the target system. By exploiting this vulnerability, attackers may gain the ability to install programs, view or modify data, or create new accounts with full user rights. A successful exploitation could occur through a maliciously crafted webpage that triggers the vulnerability, making it essential for users to maintain the latest version of Microsoft Edge to protect against this security risk.

Affected Version(s)

Microsoft Edge (Chromium-based) Extended Stable Unknown 1.0.0 < 118.0.2088.88

Microsoft Edge (Chromium-based) Unknown 1.0.0 < 119.0.2151.44

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 3, 2023
Vulnerability Reserved
Jun 20, 2023