Three new vulnerabilities have been discovered in Microsoft Edge (Chromium-based) associated with Remote Code execution and Spoofing. The CVEs of these vulnerabilities have been assigned as CVE-2023-36022, CVE-2023-36029, and CVE-2023-36034.
The severity of these vulnerabilities ranges between 4.3 (Medium) and 6.6 (Medium). However, Microsoft has released patches for fixing these vulnerabilities and recommended its users upgrade them accordingly.
This vulnerability can be exploited by an unauthenticated, remote threat actor and execute remote commands on the affected versions of Microsoft Edge. However, According to Microsoft, this vulnerability requires user interaction to be performed before exploitation.
The severity for this vulnerability has been given as 6.6 (Medium).
Ensure your Cyber Resiliance with the recent wave of cyber-attacks targeting the financial services sector. Almost 60% respondents not confident to recover fully from a cyber attack.
CVE-2023-36029: Microsoft Edge Spoofing Vulnerability
This vulnerability can be exploited by an unauthenticated attacker with network access, which requires certain user interactions to be performed. However, additional details about this vulnerability have not been published. The severity of this vulnerability has been given as 4.3 (Medium).
Microsoft confirmed that there are no publicly available exploits for fixing these vulnerabilities.
Affected Products
CVE ID | Affected Products | Affected Versions | Fixed in Version |
CVE-2023-36022 | Microsoft Edge (Chromium-based) | earlier than 119.0.2151.44 | 119.0.2151.44 |
Microsoft Edge (Chromium-based) Extended Stable | earlier than 118.0.2088.88 | 118.0.2088.88 | |
CVE-2023-36029 | Microsoft Edge for Android | earlier than 118.0.2088.88 | 118.0.2088.88 |
CVE-2023-36034 | Microsoft Edge (Chromium-based) | earlier than 119.0.2151.44 | 119.0.2151.44 |
Microsoft Edge (Chromium-based) Extended Stable | earlier than 118.0.2088.88 | 118.0.2088.88 |
Users of these products are recommended to upgrade to the latest versions of these products to prevent these vulnerabilities from getting exploited.
Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Try a free trial to ensure 100% security.
Read the full article here