Three new vulnerabilities have been discovered in Microsoft Edge (Chromium-based) associated with Remote Code execution and Spoofing. The CVEs of these vulnerabilities have been assigned as CVE-2023-36022, CVE-2023-36029, and CVE-2023-36034.

The severity of these vulnerabilities ranges between 4.3 (Medium) and 6.6 (Medium). However, Microsoft has released patches for fixing these vulnerabilities and recommended its users upgrade them accordingly.

CVE-2023-36022 & CVE-2023-36034: Microsoft Edge Remote Code Execution Vulnerability

This vulnerability can be exploited by an unauthenticated, remote threat actor and execute remote commands on the affected versions of Microsoft Edge. However, According to Microsoft, this vulnerability requires user interaction to be performed before exploitation.

The severity for this vulnerability has been given as 6.6 (Medium)

CVE-2023-36029: Microsoft Edge Spoofing Vulnerability

This vulnerability can be exploited by an unauthenticated attacker with network access, which requires certain user interactions to be performed. However, additional details about this vulnerability have not been published. The severity of this vulnerability has been given as 4.3 (Medium).

Microsoft confirmed that there are no publicly available exploits for fixing these vulnerabilities.

Affected Products

Users of these products are recommended to upgrade to the latest versions of these products to prevent these vulnerabilities from getting exploited.