CVE-2022-23263: Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Overview

Severity

High (CVSS 7.7)

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C

Category

Edge - Chromium

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2022-Feb

Released

2022-02-03

EPSS Score

1.18% (percentile: 78.7%)

FAQ

What is the version information for this release? Microsoft Edge Version Date Released Based on Chromium Version 98.0.1108.43 2/3/2022 98.0.4758.80 According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? This vulnerability could lead to a browser sandbox escape.

Affected Products (1)

Browser

• Microsoft Edge (Chromium-based)

Acknowledgments

<a href="https://www.daviderceg.com/">David Erceg</a>

Revision History

• 2022-02-03: Information published.