Mysterious Microsoft Edge vulnerability allows taking control of machine with a click


There is now a warning for Microsoft Edge about information technology safety. You’ll discover information on this page about which products are vulnerable, which vulnerabilities are implicated, and what you can do about it.

On August 28, 2023, the Federal Office for Security in Information Technology (BSI) issued a security alert about Microsoft Edge. The security flaw may impact computers running the operating systems Linux, MacOS X, and Windows, as well as the software package Microsoft Edge.
In the release notes for the prior update, which was made available on August 21, 2023, Microsoft addressed two vulnerabilities, namely CVE-2023-38158 and CVE-2023-36787. These vulnerabilities were information disclosure and elevation of privileges, and they were corrected in the version of Microsoft Edge known as 116.0.1938.54 for both the stable and extended stable channels.

Mysterious Microsoft Edge vulnerability allows taking control of machine with a click 1

CVE-2023-36741

In contrast, Microsoft has only fixed one Elevation of privileges vulnerability in this particular release notice, which marks the company’s fourth update to its patching system so far this month.
Because Microsoft has not published any more information on this issue, the amount of information that is currently available regarding this vulnerability is restricted.

However, in their security warning, Microsoft said that this vulnerability impacts the CIA (Confidentiality, Integrity, and Availability) of the vulnerable program and its environment. CIA stands for “Confidentiality, Integrity, and Availability.”

Users of Microsoft Edge that are powered by Chromium are strongly encouraged to update to the most recent version so that this vulnerability may be patched and exploitation can be avoided.



Source link