- 290/2023
- High
Microsoft has released an updated Microsoft Edge Stable version (119.0.2151.58) and Extended Stable version (118.0.2088.102) to fix multiple vulnerabilities.
The addressed vulnerabilities could allow the remote attacker to gain access, execute arbitrary code, and gain privileges on the affected system.
Sample of the addressed vulnerabilities:
1. Microsoft Edge (Chromium-based) Code Execution (CVE-2023-5996):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Access
2. Microsoft Edge (Chromium-based) Privilege Escalation (CVE-2023-36024):
- CVSS: 7.1
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Privileges
Vulnerabilities
- CVE-2023-5996
- CVE-2023-36014
- CVE-2023-36024
- CVE-2023-36027
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.