CVE-2020-1195: Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Overview

Severity

Low (CVSS 3.1)

CVSS Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C

Category

Edge - Chromium

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2020-May

Released

2020-05-21

EPSS Score

5.65% (percentile: 90.4%)

Description

An elevation of privilege vulnerability exists in Microsoft Edge (Chromium-based) when the Feedback extension improperly validates input. An attacker who successfully exploited this vulnerability could write files to arbitrary locations and gain elevated privileges. The vulnerability by itself does not allow arbitrary code to run. However, this vulnerability could be used in conjunction with one or more vulnerabilities (for example a remote code execution vulnerability and another elevation of privilege vulnerability) to take advantage of the elevated privileges when running. The security update addresses the vulnerability by modifying how Microsoft Edge (Chromium-based) Feedback extension validates files.

FAQ

What version of Microsoft Edge (Chromium-base) contains the fix for this vulnerability? The version that contains the update is 83.0.478.37.

Affected Products (1)

Browser

• Microsoft Edge (Chromium-based)

Acknowledgments

<a href="https://www.daviderceg.com/">David Erceg</a>

Revision History

• 2020-05-21: Information published.