- 55/2023
- High
Microsoft has released an updated Edge version (110.0.1587.56) to fix multiple vulnerabilities.
The addressed vulnerabilities could allow the remote attacker to execute arbitrary code on the system, cause a denial of service or trigger a buffer overflow by persuading the victim to visit a specially crafted webpage on the affected system.
Sample of the addressed vulnerabilities:
1. Edge (Chromium) Use after free in Web Payments API (CVE-2023-0927):
• CVSS: 8.8
• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: None
• User Interaction: Required
• Consequences: Gain Access
2. Edge (Chromium) Heap buffer overflow in Video (CVE-2023-0930):
• CVSS: 8.8
• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: None
• User Interaction: Required
• Consequences: Gain Access
Vulnerabilities
- CVE-2023-0927
- CVE-2023-0928
- CVE-2023-0929
- CVE-2023-0930
- CVE-2023-0931
- CVE-2023-0932
- CVE-2023-0933
- CVE-2023-0941
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.