Msrc Microsoft Edge vulnerabilities

CVE-2023-36741 [HIGH] CWE-416 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability FAQ: Why is the severity for this CVE rated as Moderate, but the CVSS score is higher than normal? Per our severity guidelines, the amount of user interaction or preconditions required to allow this sort of exploitation downgraded the severity, specifically it says, "If a bug requires more than a click, a key press, or several pr

CVE-2023-4358 [HIGH] Chromium: CVE-2023-4358 Use after free in DNS Chromium: CVE-2023-4358 Use after free in DNS Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: What is the version information for this release? Microsoft Edge Version Date Released Based on Chromium Version 116.0.1938.54 8/21/2023 116.0.5845.96/.97 FAQ: Why is this Chrome CVE inc

CVE-2023-4349 [HIGH] Chromium: CVE-2023-4349 Use after free in Device Trust Connectors Chromium: CVE-2023-4349 Use after free in Device Trust Connectors Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: What is the version information for this release? Microsoft Edge Version Date Released Based on Chromium Version 116.0.1938.54 8/21/2023 116.0.5845.

CVE-2023-4070 [HIGH] Chromium: CVE-2023-4070 Type Confusion in V8 Chromium: CVE-2023-4070 Type Confusion in V8 Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based

CVE-2023-4354 [HIGH] Chromium: CVE-2023-4354 Heap buffer overflow in Skia Chromium: CVE-2023-4354 Heap buffer overflow in Skia Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: What is the version information for this release? Microsoft Edge Version Date Released Based on Chromium Version 116.0.1938.54 8/21/2023 116.0.5845.96/.97 FAQ: Why is this

CVE-2023-4075 [HIGH] Chromium: CVE-2023-4075 Use after free in Cast Chromium: CVE-2023-4075 Use after free in Cast Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-b

CVE-2023-4077 [HIGH] Chromium: CVE-2023-4077 Insufficient data validation in Extensions Chromium: CVE-2023-4077 Insufficient data validation in Extensions Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which i

CVE-2023-4361 [MEDIUM] Chromium: CVE-2023-4361 Inappropriate implementation in Autofill Chromium: CVE-2023-4361 Inappropriate implementation in Autofill Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: What is the version information for this release? Microsoft Edge Version Date Released Based on Chromium Version 116.0.1938.54 8/21/2023 116.0.5845.

CVE-2023-4364 [MEDIUM] Chromium: CVE-2023-4364 Inappropriate implementation in Permission Prompts Chromium: CVE-2023-4364 Inappropriate implementation in Permission Prompts Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: What is the version information for this release? Microsoft Edge Version Date Released Based on Chromium Version 116.0.1938.54 8

CVE-2023-4365 [MEDIUM] Chromium: CVE-2023-4365 Inappropriate implementation in Fullscreen Chromium: CVE-2023-4365 Inappropriate implementation in Fullscreen Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: What is the version information for this release? Microsoft Edge Version Date Released Based on Chromium Version 116.0.1938.54 8/21/2023 116.0.5

CVE-2023-4360 [MEDIUM] Chromium: CVE-2023-4360 Inappropriate implementation in Color Chromium: CVE-2023-4360 Inappropriate implementation in Color Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: What is the version information for this release? Microsoft Edge Version Date Released Based on Chromium Version 116.0.1938.54 8/21/2023 116.0.5845.96/.97

CVE-2023-38157 [MEDIUM] Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? This vulnerability requires a user to open a Web Archive file with spoofed origin of the web content in the affected version of Microsoft Edge (Chromium-based). FAQ: According to the CVSS metrics, successful exploitati

CVE-2023-4367 [MEDIUM] Chromium: CVE-2023-4367 Insufficient policy enforcement in Extensions API Chromium: CVE-2023-4367 Insufficient policy enforcement in Extensions API Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: What is the version information for this release? Microsoft Edge Version Date Released Based on Chromium Version 116.0.1938.54 8/2

CVE-2023-4350 [MEDIUM] Chromium: CVE-2023-4350 Inappropriate implementation in Fullscreen Chromium: CVE-2023-4350 Inappropriate implementation in Fullscreen Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: What is the version information for this release? Microsoft Edge Version Date Released Based on Chromium Version 116.0.1938.54 8/21/2023 116.0.5

CVE-2023-4363 [MEDIUM] Chromium: CVE-2023-4363 Inappropriate implementation in WebShare Chromium: CVE-2023-4363 Inappropriate implementation in WebShare Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: What is the version information for this release? Microsoft Edge Version Date Released Based on Chromium Version 116.0.1938.54 8/21/2023 116.0.5845.

CVE-2023-4359 [MEDIUM] Chromium: CVE-2023-4359 Inappropriate implementation in App Launcher Chromium: CVE-2023-4359 Inappropriate implementation in App Launcher Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: What is the version information for this release? Microsoft Edge Version Date Released Based on Chromium Version 116.0.1938.54 8/21/2023 116

CVE-2023-38158 [LOW] Microsoft Edge (Chromium-based) Information Disclosure Vulnerability Microsoft Edge (Chromium-based) Information Disclosure Vulnerability FAQ: What is the version information for this release? Microsoft Edge Version Date Released Based on Chromium Version 116.0.1938.54 8/21/2023 116.0.5845.96/.97 FAQ: According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this vulnerability?

CVE-2023-36887 [HIGH] Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker must send the user a malicious file and convince them to open it. FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The wo

CVE-2023-3730 [HIGH] Chromium: CVE-2023-3730 Use after free in Tab Groups Chromium: CVE-2023-3730 Use after free in Tab Groups Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: What is the version information for this release? Microsoft Edge Channel Microsoft Edge Version Based on Chromium Version Date Released Stable 115.0.1901.183 115.0.5790.98/99

CVE-2023-3728 [HIGH] Chromium: CVE-2023-3728 Use after free in WebRTC Chromium: CVE-2023-3728 Use after free in WebRTC Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: What is the version information for this release? Microsoft Edge Channel Microsoft Edge Version Based on Chromium Version Date Released Stable 115.0.1901.183 115.0.5790.98/99 7/21/20