Msrc Microsoft Edge vulnerabilities

CVE-2023-36409 [MEDIUM] Microsoft Edge (Chromium-based) Information Disclosure Vulnerability Microsoft Edge (Chromium-based) Information Disclosure Vulnerability FAQ: What is the version information for this release? Microsoft Edge Channel Microsoft Edge Version Based on Chromium Version Date Released Stable 118.0.2088.46 118.0.5993.70/.71 10/13/2023 FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker succe

CVE-2023-5481 [MEDIUM] Chromium: CVE-2023-5481 Inappropriate implementation in Downloads Chromium: CVE-2023-5481 Inappropriate implementation in Downloads Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: What is the version information for this release? Microsoft Edge Channel Microsoft Edge Version Based on Chromium Version Date Released Stable 118

CVE-2023-36559 [MEDIUM] Microsoft Edge (Chromium-based) Spoofing Vulnerability Microsoft Edge (Chromium-based) Spoofing Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to click on a specially crafted URL to be compromised by the attacker. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerab

CVE-2023-44323 [MEDIUM] Adobe: CVE-2023-44323 Adobe PDF Remote Code Execution Vulnerability Adobe: CVE-2023-44323 Adobe PDF Remote Code Execution Vulnerability FAQ: What is the version information for this release? Microsoft Edge Version Date Released Based on Chromium Version 118.0.2088.76 10/27/2023 118.0.5993.117/.118 FAQ: Why is this Adobe CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Adobe software which is consumed by Microsoft Edge (Chromiu

CVE-2023-5477 [MEDIUM] Chromium: CVE-2023-5477 Inappropriate implementation in Installer Chromium: CVE-2023-5477 Inappropriate implementation in Installer Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: What is the version information for this release? Microsoft Edge Channel Microsoft Edge Version Based on Chromium Version Date Released Stable 118

CVE-2023-5485 [MEDIUM] Chromium: CVE-2023-5485 Inappropriate implementation in Autofill Chromium: CVE-2023-5485 Inappropriate implementation in Autofill Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: What is the version information for this release? Microsoft Edge Channel Microsoft Edge Version Based on Chromium Version Date Released Stable 118.0

CVE-2023-5483 [MEDIUM] Chromium: CVE-2023-5483 Inappropriate implementation in Intents Chromium: CVE-2023-5483 Inappropriate implementation in Intents Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: What is the version information for this release? Microsoft Edge Channel Microsoft Edge Version Based on Chromium Version Date Released Stable 118.0.2

CVE-2023-5479 [MEDIUM] Chromium: CVE-2023-5479 Inappropriate implementation in Extensions API Chromium: CVE-2023-5479 Inappropriate implementation in Extensions API Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: What is the version information for this release? Microsoft Edge Channel Microsoft Edge Version Based on Chromium Version Date Released

CVE-2023-5484 [MEDIUM] Chromium: CVE-2023-5484 Inappropriate implementation in Navigation Chromium: CVE-2023-5484 Inappropriate implementation in Navigation Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: What is the version information for this release? Microsoft Edge Channel Microsoft Edge Version Based on Chromium Version Date Released Stable 1

CVE-2023-5487 [MEDIUM] Chromium: CVE-2023-5487 Inappropriate implementation in Fullscreen Chromium: CVE-2023-5487 Inappropriate implementation in Fullscreen Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: What is the version information for this release? Microsoft Edge Channel Microsoft Edge Version Based on Chromium Version Date Released Stable 1

CVE-2023-5478 [MEDIUM] Chromium: CVE-2023-5478 Inappropriate implementation in Autofill Chromium: CVE-2023-5478 Inappropriate implementation in Autofill Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: What is the version information for this release? Microsoft Edge Channel Microsoft Edge Version Based on Chromium Version Date Released Stable 118.0

CVE-2023-5475 [MEDIUM] Chromium: CVE-2023-5475 Inappropriate implementation in DevTools Chromium: CVE-2023-5475 Inappropriate implementation in DevTools Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: What is the version information for this release? Microsoft Edge Channel Microsoft Edge Version Based on Chromium Version Date Released Stable 118.0

CVE-2023-5486 [MEDIUM] Chromium: CVE-2023-5486 Inappropriate implementation in Input Chromium: CVE-2023-5486 Inappropriate implementation in Input Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: What is the version information for this release? Microsoft Edge Channel Microsoft Edge Version Based on Chromium Version Date Released Stable 118.0.2088.

CVE-2023-36735 [CRITICAL] CWE-416 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit

CVE-2023-5186 [HIGH] Chromium: CVE-2023-5186 Use after free in Passwords Chromium: CVE-2023-5186 Use after free in Passwords Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (

CVE-2023-5217 [HIGH] Chromium: CVE-2023-5217 Heap buffer overflow in vp8 encoding in libvpx Chromium: CVE-2023-5217 Heap buffer overflow in vp8 encoding in libvpx Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. Google is aware that an exploit for CVE-2023-5217 exists in the wild. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulner

CVE-2023-4763 [HIGH] Chromium: CVE-2023-4763 Use after free in Networks Chromium: CVE-2023-4763 Use after free in Networks Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Ch

CVE-2023-4761 [HIGH] Chromium: CVE-2023-4761 Out of bounds memory access in FedCM Chromium: CVE-2023-4761 Out of bounds memory access in FedCM Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed b

CVE-2023-5187 [HIGH] Chromium: CVE-2023-5187 Use after free in Extensions Chromium: CVE-2023-5187 Use after free in Extensions Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge

CVE-2023-4762 [HIGH] Chromium: CVE-2023-4762 Type Confusion in V8 Chromium: CVE-2023-4762 Type Confusion in V8 Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based