CVE-2023-36409: Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

Overview

Severity

Medium (CVSS 6.5)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C

Category

Edge - Chromium

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2023-Oct

Released

2023-10-20

EPSS Score

1.77% (percentile: 82.7%)

FAQ

What is the version information for this release? Microsoft Edge Channel Microsoft Edge Version Based on Chromium Version Date Released Stable 118.0.2088.46 118.0.5993.70/.71 10/13/2023 What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Enclave memory read - unprivileged write to enclave memory from a host application, which can leak memory contents of the enclave. According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability? The attacker who successfully exploits the vulnerability could lead to file overwrite, which has minimal impact.

Affected Products (1)

Browser

• Microsoft Edge (Chromium-based)

Acknowledgments

Alex Gough with Google

Revision History

• 2023-10-20: Information published.