Msrc Microsoft Edge vulnerabilities

CVE-2023-38174 [MEDIUM] Microsoft Edge (Chromium-based) Information Disclosure Vulnerability Microsoft Edge (Chromium-based) Information Disclosure Vulnerability FAQ: According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this vulnerability? Exploitation of this vulnerability only discloses limited information, no sensitive information can be obtained. FAQ: According to the CVSS metric, user interact

CVE-2023-6512 [MEDIUM] Chromium: CVE-2023-6512 Inappropriate implementation in Web Browser UI Chromium: CVE-2023-6512 Inappropriate implementation in Web Browser UI Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OS

CVE-2023-6511 [MEDIUM] Chromium: CVE-2023-6511 Inappropriate implementation in Autofill Chromium: CVE-2023-6511 Inappropriate implementation in Autofill Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is

CVE-2023-36880 [MEDIUM] Microsoft Edge (Chromium-based) Information Disclosure Vulnerability Microsoft Edge (Chromium-based) Information Disclosure Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment. FAQ: According to

CVE-2023-36878 [MEDIUM] Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? The attacker would be able to bypass the protection in Edge that does not block tags which may contain blocked websites to be loaded. If an attacker successfully exploited this vulnerability it could load a malicious image file. FAQ:

CVE-2023-6345 [CRITICAL] Chromium: CVE-2023-6345 Integer overflow in Skia Chromium: CVE-2023-6345 Integer overflow in Skia Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. Google is aware that an exploit for CVE-2023-6345 exists in the wild. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chrom

CVE-2023-36034 [HIGH] CWE-416 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability FAQ: According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L). What does that mean for this vulnerability? The attacker who successfully exploited the vulnerability could have limited ability to perform code execution. FAQ: According to the CVSS metric, successful explo

CVE-2023-6351 [HIGH] Chromium: CVE-2023-6351 Use after free in libavif Chromium: CVE-2023-6351 Use after free in libavif Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chro

CVE-2023-5997 [HIGH] Chromium: CVE-2023-5997 Use after free in Garbage Collection Chromium: CVE-2023-5997 Use after free in Garbage Collection Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed b

CVE-2023-6348 [HIGH] Chromium: CVE-2023-6348 Type Confusion in Spellcheck Chromium: CVE-2023-6348 Type Confusion in Spellcheck Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge

CVE-2023-36024 [HIGH] Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? This vulnerability could lead to a browser sandbox escape. FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to minor loss of confidentiality (C:L), integ

CVE-2023-36027 [HIGH] Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability FAQ: What is the version information for this release? Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version Stable 119.0.2151.58 11/09/2023 119.0.6045.123/.124 Extended Stable 118.0.2088.102 11/09/2023 118.0.5993.136 FAQ: What privileges could be gained by an attacker who successfully exploited th

CVE-2023-36014 [HIGH] Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability FAQ: According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of availability (A:L)? What does that mean for this vulnerability? The performance can be interrupted and/or reduced, but the attacker cannot fully deny service. FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why

CVE-2023-5482 [HIGH] Chromium: CVE-2023-5482 Insufficient data validation in USB Chromium: CVE-2023-5482 Insufficient data validation in USB Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: What is the version information for this release? Microsoft Edge Version Date Released Based on Chromium Version 119.0.2151.44 11/02/2023 119.0.6045.105/.106

CVE-2023-5849 [HIGH] Chromium: CVE-2023-5849 Integer overflow in USB Chromium: CVE-2023-5849 Integer overflow in USB Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: What is the version information for this release? Microsoft Edge Version Date Released Based on Chromium Version 119.0.2151.44 11/02/2023 119.0.6045.105/.106 FAQ: Why is this Chrome

CVE-2023-5996 [HIGH] Chromium: CVE-2023-5996 Use after free in WebAudio Chromium: CVE-2023-5996 Use after free in WebAudio Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: What is the version information for this release? Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version Stable 119.0.2151.58 11/09/2023 119.0.6045

CVE-2023-6346 [HIGH] Chromium: CVE-2023-6346 Use after free in WebAudio Chromium: CVE-2023-6346 Use after free in WebAudio Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Ch

CVE-2023-6112 [HIGH] Chromium: CVE-2023-6112 Use after free in Navigation Chromium: CVE-2023-6112 Use after free in Navigation Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge

CVE-2023-6350 [HIGH] Chromium: CVE-2023-6350 Out of bounds memory access in libavif Chromium: CVE-2023-6350 Out of bounds memory access in libavif Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consum

CVE-2023-5854 [HIGH] Chromium: CVE-2023-5854 Use after free in Profiles Chromium: CVE-2023-5854 Use after free in Profiles Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: What is the version information for this release? Microsoft Edge Version Date Released Based on Chromium Version 119.0.2151.44 11/02/2023 119.0.6045.105/.106 FAQ: Why is this C