Microsoft has released a several patches for Microsoft Edge Stable Channel that addresses several critical security vulnerabilities. These vulnerabilities could allow attackers to remotely execute code, gain elevated privileges, or disclose sensitive information on affected systems.
The first vulnerability is tracked as CVE-2023-35618 with a CVSS of CVSS 9.6 is a severe elevation of privilege vulnerability. This flaw could lead to browser sandbox escape, allowing attackers to host or use compromised websites to exploit the vulnerability. While it requires user interaction, such as clicking a link, successful exploitation grants the attacker elevated privileges for code execution.
The second vulnerability is tracked as CVE-2023-36880 with a CVSS 4.8, is an information disclosure vulnerability, like CVE-2023-38174, with limited risk for sensitive information exposure. It necessitates specific environmental information and preparatory actions by the attacker for successful exploitation.
The third vulnerability is tracked as CVE-2023-38174 with a CVSS 4.3 is an information disclosure vulnerability in Microsoft Edge. Although it only discloses limited information, it doesn’t pose a risk of sensitive data exposure.
While the information disclosed by CVE-2023-38174 and CVE-2023-36880 is limited and not considered sensitive, CVE-2023-35618 poses a significant risk. If exploited, this vulnerability could allow an attacker to take control of your system and steal your data.
You must update your Microsoft Edge browser to the latest version (120.0.2210.61) as soon as possible.
