CVE-2023-36735: Microsoft Edge Flaw Let Attackers Execute Arbitrary Code

Microsoft Edge is a popular web browser that is used by millions of people around the world. However, like any other software, it is not immune to security vulnerabilities. Recently, Microsoft has patched three security vulnerabilities in Microsoft Edge (Chromium-based) that could allow attackers to spoof websites, gain elevated privileges on the system, or even escape the browser sandbox.

CVE-2023-36727 (CVSS score of 6.1): Microsoft Edge (Chromium-based) Spoofing Vulnerability

This vulnerability could allow a remote attacker to conduct spoofing attacks. Spoofing attacks are when an attacker attempts to make a website or email appear to be from a legitimate source, when in fact it is not. This can be done to trick users into revealing personal information, such as passwords or credit card numbers, or to download malware.

To exploit this vulnerability, an attacker would need to persuade the victim to click on a specially crafted URL. Once the victim clicks on the link, they would be taken to a malicious website that is designed to look like a legitimate website. The attacker could then use this website to steal the victim’s personal information or to download malware onto their computer.

CVE-2023-36562 (CVSS score of 7.1): Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

This vulnerability could allow a remote attacker to gain elevated privileges on the system. Elevation of privilege vulnerabilities allow attackers to gain more control over a system than they should have. This could allow them to install malware, steal data, or even take control of the system entirely.

To exploit this vulnerability, an attacker would need to persuade the victim to visit a specially crafted website or open a specially crafted file. The attacker could then use this vulnerability to execute arbitrary code with higher privileges.

CVE-2023-36735 (CVSS score of 9.6): Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

This vulnerability is similar to CVE-2023-36562, but it is more severe because it could lead to a browser sandbox escape. A browser sandbox is a security feature that helps to isolate websites from each other and from the underlying operating system. If an attacker is able to escape the browser sandbox, they could gain access to the rest of the system and potentially cause serious damage.

To exploit the CVE-2023-36735 vulnerability, an attacker would need to persuade the victim to visit a specially crafted website. The attacker could then use this vulnerability to execute arbitrary code with higher privileges and escape the browser sandbox.

What Can You Do to Protect Yourself?

Microsoft has patched these three security vulnerabilities in Microsoft Edge (Chromium-based) version 117.0.5938.62/.63. It is important to update your version of Microsoft Edge to the latest version as soon as possible to protect yourself from these vulnerabilities.