CVE-2023-36880: Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

Overview

Severity

Medium (CVSS 4.8)

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C

Category

Edge - Chromium

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2023-Dec

Released

2023-12-07

Last Updated

2023-12-14

EPSS Score

1.01% (percentile: 77.1%)

FAQ

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment. According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this vulnerability? Exploitation of this vulnerability only discloses limited information, no sensitive information can be obtained. According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L). What does that mean for this vulnerability? The attacker who successfully exploited the vulnerability could have limited ability to perform code execution. What is the version information for this release? Microsoft Edge Version Date Released Based on Chromium Version 120.0.2210.61 12/7/2023 120.0.6099.62/.63

Affected Products (1)

Browser

• Microsoft Edge (Chromium-based)

Acknowledgments

<a href="https://www.chromium.org/">Alex Gough</a> with Chrome Security Team

Revision History

• 2023-12-07: Information published.
• 2023-12-14: Added FAQ to indicate the version numbers for this CVE. This is an informational change only.