Описание
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
FAQ
According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?
The user would have to click on a specially crafted URL to be compromised by the attacker.
According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to win a race condition.
According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), integrity (I:H), and (A:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability could lead to a full compromise of the browser.
What is the version information for this release?
| Microsoft Edge Channel | Microsoft Edge Version | Based on Chromium Version | Date Released |
|---|---|---|---|
| Stable | 113.0.1774.35 | 113.0.5672.63/.64 | 5/5/2023 |
| Extended Stable | 112.0.1722.71 | 112.0.5615.179 | 5/4/2023 |
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
DOS
EPSS
7.5 High
CVSS3
Связанные уязвимости
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Уязвимость браузера Microsoft Edge, связанная с использованием памяти после ее освобождения, позволяющая нарушителю повысить свои привилегии
EPSS
7.5 High
CVSS3