CVE-2023-36888: Microsoft Edge for Android (Chromium-based) Tampering Vulnerability

Overview

Severity

Medium (CVSS 6.3)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C

Category

Tampering

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2023-Jul

Released

2023-07-13

EPSS Score

0.19% (percentile: 40.5%)

FAQ

According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of availability (A:L)? What does that mean for this vulnerability? The performance can be interrupted and/or reduced, but the attacker cannot fully deny service. According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability? The attacker is only able to modify limited content of the affected API. According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this vulnerability? Exploitation of this vulnerability only discloses limited information, no sensitive information can be obtained. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of the vulnerability requires the victim to open the vulnerable app.

Affected Products (1)

Browser

• Microsoft Edge for Android

Acknowledgments

Tillson Galloway with <a href="https://gatech.edu/">Georgia Tech</a>

Revision History

• 2023-07-13: Information published.