Skip to main content

Microsoft Edge Multiple Vulnerabilities

Release Date: 18 Sep 2023 5096 Views

RISK: Extremely High Risk

TYPE: Clients - Browsers

TYPE: Browsers

Multiple vulnerabilities were identified in Microsoft Edge.  A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, remote code execution and security restriction bypass on the targeted system.

 

Note:

For CVE-2023-4863, heap buffer overflow in WebP may lead to arbitrary code execution. Google is aware that an exploit for CVE-2023-4863 exists in the wild.


Impact

  • Denial of Service
  • Elevation of Privilege
  • Remote Code Execution
  • Security Restriction Bypass

System / Technologies affected

  • Microsoft Edge (Stable) prior to 117.0.2045.31
  • Microsoft Edge (Version 109) prior to 109.0.1518.140
 

Solutions

Before installation of the software, please visit the software vendor web-site for more details.

Apply fixes issued by the vendor:

  • Update to Microsoft Edge (Stable) version 117.0.2045.31 or later
  • Update to Microsoft Edge (Version 109) version 109.0.1518.140 or later

Vulnerability Identifier


Source


Related Link