Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA40224
HistoryFeb 25, 2023 - 12:00 a.m.

KLA40224 Multiple vulnerabilities in Microsoft Browser

2023-02-2500:00:00
Kaspersky Lab
threats.kaspersky.com
24
microsoft browser
multiple vulnerabilities
code execution
denial of service
video
webrtc
web payments api
swiftshader
prompts
integer overflow
heap buffer overflow
pdf
microsoft edge

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

10

Confidence

High

EPSS

0.003

Percentile

70.3%

JSON

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service.

Below is a complete list of vulnerabilities:

  1. Use after free vulnerability in Video can be exploited to execute arbitrary code or cause denial of service.
  2. Use after free vulnerability in WebRTC can be exploited to execute arbitrary code or cause denial of service.
  3. Use after free vulnerability in Vulkan can be exploited to execute arbitrary code or cause denial of service.
  4. Integer overflow vulnerability in PDF be exploited to cause denial of service.
  5. Use after free vulnerability in Web Payments API can be exploited to execute arbitrary code or cause denial of service.
  6. Heap buffer overflow vulnerability in Video can be exploited to cause denial of service.
  7. Use after free vulnerability in SwiftShader can be exploited to execute arbitrary code or cause denial of service.
  8. Use after free vulnerability in Prompts can be exploited to execute arbitrary code or cause denial of service.

Original advisories

CVE-2023-0931

CVE-2023-0932

CVE-2023-0929

CVE-2023-0933

CVE-2023-0927

CVE-2023-0930

CVE-2023-0928

CVE-2023-0941

Related products

Microsoft-Edge

CVE list

CVE-2023-0941 critical

CVE-2023-0927 critical

CVE-2023-0928 critical

CVE-2023-0929 critical

CVE-2023-0930 critical

CVE-2023-0932 critical

CVE-2023-0933 critical

CVE-2023-0931 critical

KB list

Solution

Install necessary updates from the Settings and more menu, that are listed in your About Microsoft Edge page (Microsoft Edge About page usually can be accessed from the Help and feedback option)

Microsoft Edge update settings

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

Affected Products

  • Microsoft Edge (Chromium-based)

Related

osv 13
openvas 47
freebsd 2
nessus 13
debian 1
kaspersky 1
chrome 1
fedora 38
mageia 1
ubuntu 1
prion 8
mscve 8
cvelist 8
debiancve 8
veracode 8
cve 8
ubuntucve 8
nvd 8
alpinelinux 2
altlinux 1
gentoo 1
ics 1
osv
osv
chromium - security update
2023-02-23 00:00:00
chromedriver-110.0.5481.177-1.1 on GA media
2024-06-15 00:00:00
nodejs-electron-22.3.3-1.1 on GA media
2024-06-15 00:00:00
openvas
openvas
openSUSE: Security Advisory for chromium (openSUSE-SU-2023:0061-1)
2024-03-04 00:00:00
Mageia: Security Advisory (MGASA-2023-0076)
2023-03-28 00:00:00
Google Chrome Security Updates (stable-channel-desktop-update_22-2023-02) - Windows
2023-02-23 00:00:00
freebsd
freebsd
chromium -- multiple vulnerabilities
2023-02-22 00:00:00
electron22 -- multiple vulnerabilities
2023-06-22 00:00:00
nessus
nessus
openSUSE 15 Security Update : chromium (openSUSE-SU-2023:0061-1)
2023-02-27 00:00:00
Debian DSA-5359-1 : chromium - security update
2023-02-24 00:00:00
openSUSE 15 Security Update : opera (openSUSE-SU-2023:0066-1)
2023-03-10 00:00:00
debian
debian
[SECURITY] [DSA 5359-1] chromium security update
2023-02-23 22:02:55
kaspersky
kaspersky
KLA40223 Multiple vulnerabilities in Google Chrome
2023-02-22 00:00:00
chrome
chrome
Stable Channel Desktop Update
2023-02-22 00:00:00
fedora
fedora
[SECURITY] Fedora 38 Update: chromium-110.0.5481.177-1.fc38
2023-03-11 03:43:26
[SECURITY] Fedora 38 Update: celestia-1.7.0~20230305ebfcdb1-4.fc38
2023-03-14 00:24:09
[SECURITY] Fedora 38 Update: attract-mode-2.6.2-6.fc38
2023-03-14 00:24:06
mageia
mageia
Updated chromium-browser-stable packages fix security vulnerability
2023-03-02 00:14:31
ubuntu
ubuntu
Chromium vulnerabilities
2023-03-13 00:00:00
prion
prion
Design/Logic Flaw
2023-02-22 20:15:00
Design/Logic Flaw
2023-02-22 20:15:00
Design/Logic Flaw
2023-02-22 20:15:00
mscve
mscve
Chromium: CVE-2023-0929 Use after free in Vulkan
2023-02-25 08:00:00
Chromium: CVE-2023-0928 Use after free in SwiftShader
2023-02-25 08:00:00
Chromium: CVE-2023-0927 Use after free in Web Payments API
2023-02-25 08:00:00
cvelist
cvelist
CVE-2023-0929
2023-02-22 19:53:58
CVE-2023-0928
2023-02-22 19:53:58
CVE-2023-0927
2023-02-22 19:53:57
debiancve
debiancve
CVE-2023-0929
2023-02-22 20:15:12
CVE-2023-0927
2023-02-22 20:15:12
CVE-2023-0932
2023-02-22 20:15:12
veracode
veracode
Denial Of Service (DoS)
2023-03-12 09:55:50
Denial Of Service (DoS)
2023-03-12 09:55:42
Denial Of Service (DoS)
2023-03-12 09:58:03
cve
cve
CVE-2023-0929
2023-02-22 20:15:12
CVE-2023-0931
2023-02-22 20:15:12
CVE-2023-0932
2023-02-22 20:15:12
ubuntucve
ubuntucve
CVE-2023-0929
2023-02-22 00:00:00
CVE-2023-0928
2023-02-22 00:00:00
CVE-2023-0933
2023-02-22 00:00:00
nvd
nvd
CVE-2023-0929
2023-02-22 20:15:12
CVE-2023-0927
2023-02-22 20:15:12
CVE-2023-0928
2023-02-22 20:15:12
alpinelinux
alpinelinux
CVE-2023-0933
2023-02-22 20:15:12
CVE-2023-0931
2023-02-22 20:15:12
altlinux
altlinux
Security fix for the ALT Linux 10 package yandex-browser-stable version 23.3.1.916-alt1
2023-04-11 00:00:00
gentoo
gentoo
Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities
2023-09-30 00:00:00
ics
ics
Siemens COMOS
2023-11-16 12:00:00

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

10

Confidence

High

EPSS

0.003

Percentile

70.3%

JSON
Related for KLA40224
osv13openvas47freebsd2nessus13debian1kaspersky1chrome1fedora38mageia1ubuntu1prion8mscve8cvelist8debiancve8veracode8cve8ubuntucve8nvd8alpinelinux2altlinux1gentoo1ics1