Microsoft Edge Vulnerability Let Attackers Execute Malicious Code


Three new vulnerabilities have been discovered in Microsoft Edge (Chromium-based) associated with Remote Code execution and Spoofing. The CVEs of these vulnerabilities have been assigned as CVE-2023-36022, CVE-2023-36029, and CVE-2023-36034.

The severity of these vulnerabilities ranges between 4.3 (Medium) and 6.6 (Medium). However, Microsoft has released patches for fixing these vulnerabilities and recommended its users upgrade them accordingly.

EHA

This vulnerability can be exploited by an unauthenticated, remote threat actor and execute remote commands on the affected versions of Microsoft Edge. However, According to Microsoft, this vulnerability requires user interaction to be performed before exploitation.

The severity for this vulnerability has been given as 6.6 (Medium).



Document

FREE Webinar

Ensure your Cyber Resiliance with the recent wave of cyber-attacks targeting the financial services sector. Almost 60% respondents not confident to recover fully from a cyber attack.


CVE-2023-36029: Microsoft Edge Spoofing Vulnerability

This vulnerability can be exploited by an unauthenticated attacker with network access, which requires certain user interactions to be performed. However, additional details about this vulnerability have not been published. The severity of this vulnerability has been given as 4.3 (Medium).

Microsoft confirmed that there are no publicly available exploits for fixing these vulnerabilities.

Affected Products

CVE ID Affected Products Affected Versions Fixed in Version
CVE-2023-36022 Microsoft Edge (Chromium-based) earlier than 119.0.2151.44 119.0.2151.44
Microsoft Edge (Chromium-based) Extended Stable earlier than 118.0.2088.88 118.0.2088.88
CVE-2023-36029 Microsoft Edge for Android earlier than 118.0.2088.88 118.0.2088.88
CVE-2023-36034 Microsoft Edge (Chromium-based) earlier than 119.0.2151.44 119.0.2151.44
Microsoft Edge (Chromium-based) Extended Stable earlier than 118.0.2088.88 118.0.2088.88

Users of these products are recommended to upgrade to the latest versions of these products to prevent these vulnerabilities from getting exploited.

Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Try a free trial to ensure 100% security.



Source link