Microsoft Fixes Several Vulnerabilities on Chromium Edge Browser
Share this:
Microsoft has patched three security vulnerabilities in Microsoft Edge (Chromium-based) that could allow attackers to spoof websites, gain elevated privileges on the system, or even escape the browser sandbox.
Microsoft Edge Spoofing Vulnerability
This vulnerability tracked as CVE-2023-36727 with a CVSS score of 6.1that could allow a remote attacker to conduct spoofing attacks. To exploit this vulnerability, an attacker would need to persuade the victim to click on a specially crafted URL. Once the victim clicks on the link, they would be taken to a malicious website that is designed to look like a legitimate website. The attacker could then use this website to steal the victim’s personal information or to download malware onto their computer.
Microsoft Edge Elevation of Privilege Vulnerability
This vulnerability tracked as CVE-2023-36562 with a CVSS score of 7.1 that could allow a remote attacker to gain elevated privileges on the system. To exploit this vulnerability, an attacker would need to persuade the victim to visit a specially crafted website or open a specially crafted file. The attacker could then use this vulnerability to execute arbitrary code with higher privileges.
Microsoft Edge Elevation of Privilege Vulnerability
This vulnerability tracked as CVE-2023-36735 with a CVSS score of 9.6 is similar to CVE-2023-36562, but it is more severe because it could lead to a browser sandbox escape. To exploit the CVE-2023-36735 vulnerability, an attacker would need to persuade the victim to visit a specially crafted website. The attacker could then use this vulnerability to execute arbitrary code with higher privileges and escape the browser sandbox.
Microsoft has patched these three security vulnerabilities in Microsoft Edge (Chromium-based) version 117.0.5938.62/.63. It is important to update your version of Microsoft Edge to the latest version as soon as possible to protect yourself from these vulnerabilities.
