Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA51709
HistoryAug 07, 2023 - 12:00 a.m.

KLA51709 Multiple vulnerabilities in Microsoft Browser

2023-08-0700:00:00
Kaspersky Lab
threats.kaspersky.com
5
microsoft browser
denial of service
arbitrary code
security restrictions
malware
exploit
microsoft edge
updates
cve-2023-4069
cve-2023-4074
cve-2023-4072
cve-2023-4076
cve-2023-4073
cve-2023-4071
cve-2023-38157
cve-2023-4077
cve-2023-4070
cve-2023-4068
cve-2023-4078
cve-2023-4075

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.9%

JSON

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, bypass security restrictions.

Below is a complete list of vulnerabilities:

  1. Type confusion vulnerability in V8 can be exploited to cause denial of service.
  2. Use after free vulnerability in Blink Task Scheduling can be exploited to cause denial of service or execute arbitrary code.
  3. Out of bounds read vulnerability in WebGL can be exploited to cause denial of service.
  4. Use after free vulnerability in WebRTC can be exploited to cause denial of service or execute arbitrary code.
  5. Out of bounds memory access vulnerability in ANGLE can be exploited to cause denial of service.
  6. Heap buffer overflow vulnerability in Visuals can be exploited to cause denial of service.
  7. A security feature bypass vulnerability in Microsoft Edge (Chromium-based) can be exploited remotely to bypass security restrictions.
  8. Data validation vulnerability in Extensions can be exploited to cause denial of service.
  9. Implementation vulnerability in Extensions can be exploited to cause denial of service.
  10. Use after free vulnerability in Cast can be exploited to cause denial of service or execute arbitrary code.

Original advisories

CVE-2023-4069

CVE-2023-4074

CVE-2023-4072

CVE-2023-4076

CVE-2023-4073

CVE-2023-4071

CVE-2023-38157

CVE-2023-4077

CVE-2023-4070

CVE-2023-4068

CVE-2023-4078

CVE-2023-4075

Exploitation

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Microsoft-Edge

CVE list

CVE-2023-4071 critical

CVE-2023-4072 critical

CVE-2023-4077 critical

CVE-2023-4074 critical

CVE-2023-4075 critical

CVE-2023-4076 critical

CVE-2023-4069 critical

CVE-2023-4078 critical

CVE-2023-4068 critical

CVE-2023-4073 critical

CVE-2023-4070 critical

CVE-2023-38157 high

KB list

Solution

Install necessary updates from the Settings and more menu, that are listed in your About Microsoft Edge page (Microsoft Edge About page usually can be accessed from the Help and feedback option)

Microsoft Edge update settings

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

Affected Products

  • Microsoft Edge (Chromium-based)

References

Related

nessus 12
kaspersky 2
openvas 8
osv 12
freebsd 2
debian 1
chrome 1
prion 12
cvelist 12
cve 12
nvd 12
mscve 12
photon 2
debiancve 11
cnvd 5
veracode 11
alpinelinux 3
ubuntucve 11
github 1
gentoo 3
fedora 1
rapid7blog 1
nessus
nessus
Microsoft Edge (Chromium) < 114.0.1823.106 / 115.0.1901.200 Multiple Vulnerabilities
2023-08-07 00:00:00
openSUSE 15 Security Update : chromium (openSUSE-SU-2023:0216-1)
2023-08-08 00:00:00
Google Chrome < 115.0.5790.170 Multiple Vulnerabilities
2023-08-02 00:00:00
kaspersky
kaspersky
KLA61309 Multiple vulnerabilities in Opera
2023-08-09 00:00:00
KLA51621 Multiple vulnerabilities in Google Chrome
2023-08-02 00:00:00
openvas
openvas
Google Chrome Security Updates (stable-channel-update-for-desktop-2023-08) - Windows
2023-08-03 00:00:00
openSUSE: Security Advisory for chromium (openSUSE-SU-2023:0216-1)
2024-03-04 00:00:00
Google Chrome Security Updates (stable-channel-update-for-desktop-2023-08) - Mac OS X
2023-08-03 00:00:00
osv
osv
chromium - security update
2023-08-04 00:00:00
CVE-2023-4071
2023-08-03 01:15:11
CVE-2023-4075
2023-08-03 01:15:11
freebsd
freebsd
chromium -- multiple vulnerabilities
2023-08-02 00:00:00
electron25 -- multiple vulnerabilities
2023-08-23 00:00:00
debian
debian
[SECURITY] [DSA 5467-1] chromium security update
2023-08-04 18:23:28
chrome
chrome
Stable Channel Update for Desktop
2023-08-02 00:00:00
prion
prion
Security feature bypass
2023-08-07 18:15:00
Heap overflow
2023-08-03 01:15:00
Design/Logic Flaw
2023-08-03 01:15:00
cvelist
cvelist
CVE-2023-38157 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
2023-08-07 17:15:43
CVE-2023-4075
2023-08-03 00:27:47
CVE-2023-4074
2023-08-03 00:27:47
cve
cve
CVE-2023-38157
2023-08-07 18:15:09
CVE-2023-4074
2023-08-03 01:15:11
CVE-2023-4075
2023-08-03 01:15:11
nvd
nvd
CVE-2023-38157
2023-08-07 18:15:09
CVE-2023-4075
2023-08-03 01:15:11
CVE-2023-4071
2023-08-03 01:15:11
mscve
mscve
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
2023-08-07 07:00:00
Chromium: CVE-2023-4074 Use after free in Blink Task Scheduling
2023-08-07 07:00:00
Chromium: CVE-2023-4071 Heap buffer overflow in Visuals
2023-08-07 07:00:00
photon
photon
Important Photon OS Security Update - PHSA-2023-5.0-0081
2023-08-27 00:00:00
Important Photon OS Security Update - PHSA-2023-4.0-0459
2023-08-28 00:00:00
debiancve
debiancve
CVE-2023-4075
2023-08-03 01:15:11
CVE-2023-4078
2023-08-03 01:15:12
CVE-2023-4074
2023-08-03 01:15:11
cnvd
cnvd
Google Chrome Code Execution Vulnerability (CNVD-2023-63471)
2023-08-06 00:00:00
Google Chrome Code Execution Vulnerability (CNVD-2023-63464)
2023-08-06 00:00:00
Google Chrome Code Execution Vulnerability (CNVD-2023-63469)
2023-08-06 00:00:00
veracode
veracode
Cross-site Scripting (XSS)
2023-08-06 12:01:21
Use After Free
2023-08-06 11:58:44
Denial Of Service (DoS)
2023-08-06 11:58:48
alpinelinux
alpinelinux
CVE-2023-4076
2023-08-03 01:15:12
CVE-2023-4074
2023-08-03 01:15:11
CVE-2023-4071
2023-08-03 01:15:11
ubuntucve
ubuntucve
CVE-2023-4075
2023-08-03 00:00:00
CVE-2023-4076
2023-08-03 00:00:00
CVE-2023-4069
2023-08-03 00:00:00
github
github
Getting RCE in Chrome with incomplete object initialization in the Maglev compiler
2023-10-17 15:00:55
gentoo
gentoo
QtWebEngine: Multiple Vulnerabilities
2023-12-22 00:00:00
QtWebEngine: Multiple Vulnerabilities
2023-11-25 00:00:00
Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities
2024-01-31 00:00:00
fedora
fedora
[SECURITY] Fedora 38 Update: chromium-115.0.5790.170-1.fc38
2023-08-12 04:26:44
rapid7blog
rapid7blog
Patch Tuesday - August 2023
2023-08-08 21:11:35

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.9%

JSON
Related for KLA51709
nessus12kaspersky2openvas8osv12freebsd2debian1chrome1prion12cvelist12cve12nvd12mscve12photon2debiancve11cnvd5veracode11alpinelinux3ubuntucve11github1gentoo3fedora1rapid7blog1