- 23/2023
- High
Microsoft has released an updated Microsoft Edge stable version to fix multiple vulnerabilities in Microsoft Edge (Chromium-based).
The severity of the addressed vulnerabilities could allow the remote attacker to bypass security restrictions or gain elevated privileges on the affected system.
Sample of the addressed vulnerabilities:
1. Microsoft Edge Elevation of Privilege Vulnerability (CVE-2023-21795):
• CVSS: 8.3
• Attack Vector: Network
• Attack Complexity: High
• Privileges Required: None
• User Interaction: Required
• Consequences: Gain Privilege
2. Microsoft Edge Security Bypass Vulnerability (CVE-2023-21719):
• CVSS: 6.5
• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: None
• User Interaction: Required
• Consequences: Bypass Security
Vulnerabilities
- CVE-2023-21795
- CVE-2023-21719
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.