CVE-2023-38158: Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

Overview

Severity

Low (CVSS 3.1)

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

Category

Edge - Chromium

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2023-Aug

Released

2023-08-21

EPSS Score

0.87% (percentile: 75.2%)

FAQ

What is the version information for this release? Microsoft Edge Version Date Released Based on Chromium Version 116.0.1938.54 8/21/2023 116.0.5845.96/.97 According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this vulnerability? Exploitation of this vulnerability only discloses limited information, no sensitive information can be obtained. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of the vulnerability requires the victim to open the vulnerable app.

Affected Products (1)

Browser

• Microsoft Edge (Chromium-based)

Acknowledgments

<a href="https://github.com/marto55555">Martin Minchev</a>

Revision History

• 2023-08-21: Information published.