CVE-2023-36741: An Elevation of Privilege Vulnerability in Microsoft Edge (Chromium-based)
Designated as CVE-2023-36741 and bearing a CVSS score of 8.3, the vulnerability identified within the Chromium-based Microsoft Edge poses a significant elevation of privilege risk. This susceptibility could grant a remote malefactor the means to secure amplified privileges within the system. A meticulously crafted website, when visited by an unsuspecting victim, could be the gateway for the antagonist to manipulate this flaw, thereby executing arbitrary code with escalated privileges.
In the landscape of web-based incursions, a malefactor might orchestrate a website, or capitalize on an already compromised one that either accepts or showcases user-generated content, embedding within it a file specifically engineered to harness this vulnerability. However, an attacker would have no way to force the user to visit the website. Their stratagem would pivot on beguiling the user to engage with a hyperlink, often veiled within the allure of an email or an Instant Messenger, and then convince the user to open the specially crafted file.
As articulated by Microsoft, “An attacker who successfully exploited this vulnerability could allow the attacker to perform remote code execution.”
To date, Microsoft remains unenlightened of any malevolent exploitation of this vulnerability. In their commitment to fortifying security, Microsoft has disseminated the latest update for the Microsoft Edge Stable Channel (Version 116.0.1938.62) as a countermeasure to the CVE-2023-36741 flaw.
Per Statcounter‘s revelations from July 2023, Microsoft Edge occupies the third echelon in browser rankings, boasting a marginally elevated market share, registering at 10.75%, just above the 10% threshold.