Microsoft Edge Multiple Vulnerabilities
RISK: Extremely High Risk
TYPE: Clients - Browsers
Multiple vulnerabilities were identified in Microsoft Edge. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, remote code execution and security restriction bypass on the targeted system.
For CVE-2023-4863, heap buffer overflow in WebP may lead to arbitrary code execution. Google is aware that an exploit for CVE-2023-4863 exists in the wild.
- Denial of Service
- Elevation of Privilege
- Remote Code Execution
- Security Restriction Bypass
System / Technologies affected
- Microsoft Edge (Stable) prior to 117.0.2045.31
- Microsoft Edge (Version 109) prior to 109.0.1518.140
Before installation of the software, please visit the software vendor web-site for more details.
Apply fixes issued by the vendor:
- Update to Microsoft Edge (Stable) version 117.0.2045.31 or later
- Update to Microsoft Edge (Version 109) version 109.0.1518.140 or later