- 12/2023
- High
Microsoft has released an updated Microsoft Edge Stable version (109.0.1518.49) to fix multiple vulnerabilities in Microsoft Edge (Chromium-based).
The addressed vulnerabilities could allow the remote attacker to gain elevated privileges or execute arbitrary code on the affected system by persuading the victim to visit a specially-crafted webpage.
Sample of the addressed vulnerabilities:
1. Chromium Remote Code Execution Vulnerability (CVE-2023-21775):
• CVSS: 8.3
• Attack Vector: Network
• Attack Complexity: High
• Privileges Required: None
• User Interaction: Required
• Consequences: Gain Access
2. Chromium Elevation of Privilege Vulnerability (CVE-2023-21796):
• CVSS: 8.3
• Attack Vector: Network
• Attack Complexity: High
• Privileges Required: None
• User Interaction: Required
• Consequences: Gain Privilege
Vulnerabilities
- CVE-2023-21775
- CVE-2023-21796
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.