CVE-2023-29350: Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Overview

Severity

High (CVSS 7.5)

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Category

Edge - Chromium

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2023-May

Released

2023-05-05

EPSS Score

0.19% (percentile: 41.4%)

FAQ

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to click on a specially crafted URL to be compromised by the attacker. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), integrity (I:H), and (A:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability could lead to a full compromise of the browser. What is the version information for this release? Microsoft Edge Channel Microsoft Edge Version Based on Chromium Version Date Released Stable 113.0.1774.35 113.0.5672.63/.64 5/5/2023 Extended Stable 112.0.1722.71 112.0.5615.179 5/4/2023

Affected Products (1)

Browser

• Microsoft Edge (Chromium-based)

Acknowledgments

Anonymous

Revision History

• 2023-05-05: Information published.