Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA52367
HistoryAug 21, 2023 - 12:00 a.m.

KLA52367 Multiple vulnerabilities in Microsoft Browser

2023-08-2100:00:00
Kaspersky Lab
threats.kaspersky.com
19
microsoft browser
vulnerabilities
high severity
public exploits
microsoft edge

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

10

Confidence

High

EPSS

0.006

Percentile

78.8%

JSON

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, obtain sensitive information, spoof user interface, execute arbitrary code, gain privileges.

Below is a complete list of vulnerabilities:

  1. Validation of untrusted input vulnerability in XML can be exploited to cause denial of service.
  2. Implementation vulnerability in Fullscreen can be exploited to cause denial of service.
  3. An information disclosure vulnerability in Microsoft Edge (Chromium-based) can be exploited remotely to obtain sensitive information.
  4. Heap buffer overflow vulnerability in Mojom IDL can be exploited to cause denial of service.
  5. Implementation vulnerability in WebShare can be exploited to cause denial of service.
  6. Use after free vulnerability in Device Trust Connectors can be exploited to cause denial of service or execute arbitrary code.
  7. Policy enforcement vulnerability in Extensions API can be exploited to cause denial of service.
  8. Use after free vulnerability in Offline can be exploited to cause denial of service or execute arbitrary code.
  9. Use after free vulnerability in Extensions can be exploited to cause denial of service or execute arbitrary code.
  10. Use after free vulnerability in DNS can be exploited to cause denial of service or execute arbitrary code.
  11. Implementation vulnerability in App Launcher can be exploited to cause denial of service.
  12. Heap buffer overflow vulnerability in Skia can be exploited to cause denial of service.
  13. Heap buffer overflow vulnerability in ANGLE can be exploited to cause denial of service.
  14. Use after free vulnerability in Network can be exploited to cause denial of service or execute arbitrary code.
  15. Type confusion vulnerability in V8 can be exploited to cause denial of service.
  16. Implementation vulnerability in Autofill can be exploited to cause denial of service.
  17. An elevation of privilege vulnerability in Microsoft Edge (Chromium-based) can be exploited remotely to gain privileges.
  18. Use after free vulnerability in Audio can be exploited to cause denial of service or execute arbitrary code.
  19. Implementation vulnerability in Permission Prompts can be exploited to cause denial of service.
  20. Out of bounds memory access vulnerability in V8 can be exploited to cause denial of service.
  21. Implementation vulnerability in Color can be exploited to cause denial of service.

Original advisories

CVE-2023-4357

CVE-2023-4365

CVE-2023-38158

CVE-2023-4362

CVE-2023-4363

CVE-2023-4349

CVE-2023-4367

CVE-2023-2312

CVE-2023-4368

CVE-2023-4366

CVE-2023-4358

CVE-2023-4359

CVE-2023-4354

CVE-2023-4353

CVE-2023-4351

CVE-2023-4352

CVE-2023-4361

CVE-2023-36787

CVE-2023-4356

CVE-2023-4364

CVE-2023-4355

CVE-2023-4360

CVE-2023-4350

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Microsoft-Edge

CVE list

CVE-2023-4365 warning

CVE-2023-4359 high

CVE-2023-4363 warning

CVE-2023-4367 high

CVE-2023-4354 critical

CVE-2023-4356 critical

CVE-2023-4357 critical

CVE-2023-4362 critical

CVE-2023-4352 critical

CVE-2023-4364 warning

CVE-2023-4368 critical

CVE-2023-4361 high

CVE-2023-4358 critical

CVE-2023-4351 critical

CVE-2023-4350 high

CVE-2023-4360 warning

CVE-2023-2312 critical

CVE-2023-4366 critical

CVE-2023-4353 critical

CVE-2023-4355 critical

CVE-2023-4349 critical

CVE-2023-36787 critical

CVE-2023-38158 warning

KB list

Solution

Install necessary updates from the Settings and more menu, that are listed in your About Microsoft Edge page (Microsoft Edge About page usually can be accessed from the Help and feedback option)

Microsoft Edge update settings

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

  • PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

  • SUI

Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.

Affected Products

  • Microsoft Edge (Chromium-based)

References

Related

chrome 1
nessus 11
debian 1
openvas 5
osv 18
kaspersky 3
fedora 2
freebsd 3
githubexploit 6
mscve 17
cve 18
prion 18
nvd 18
cnvd 6
cvelist 18
vulnrichment 3
ubuntucve 16
debiancve 16
veracode 17
alpinelinux 2
chrome
chrome
Stable Channel Update for Desktop
2023-08-15 00:00:00
nessus
nessus
FreeBSD : chromium -- multiple vulnerabilities (5666688f-803b-4cf0-9cb1-08c088f2225a)
2023-08-17 00:00:00
Fedora 38 : chromium (2023-f8e94641dc)
2023-08-20 00:00:00
openSUSE 15 Security Update : chromium (openSUSE-SU-2023:0234-1)
2023-08-22 00:00:00
debian
debian
[SECURITY] [DSA 5479-1] chromium security update
2023-08-17 19:20:15
openvas
openvas
Fedora: Security Advisory for chromium (FEDORA-2023-f8e94641dc)
2023-08-20 00:00:00
openSUSE: Security Advisory for chromium (openSUSE-SU-2023:0234-1)
2024-03-04 00:00:00
Debian: Security Advisory (DSA-5479-1)
2023-08-18 00:00:00
osv
osv
ungoogled-chromium-116.0.5845.96-1.1 on GA media
2024-06-15 00:00:00
chromium - security update
2023-08-17 00:00:00
chromedriver-116.0.5845.96-1.1 on GA media
2024-06-15 00:00:00
kaspersky
kaspersky
KLA52285 Multiple vulnerabilities in Google Chrome
2023-08-15 00:00:00
KLA61310 Multiple vulnerabilities in Opera
2023-08-23 00:00:00
KLA52354 Multiple vulnerabilities in Microsoft Browser
2023-08-17 00:00:00
fedora
fedora
[SECURITY] Fedora 38 Update: chromium-116.0.5845.96-1.fc38
2023-08-20 00:49:26
[SECURITY] Fedora 37 Update: chromium-116.0.5845.96-1.fc37
2023-08-27 00:51:13
freebsd
freebsd
chromium -- multiple vulnerabilities
2023-08-15 00:00:00
electron{22,24} -- multiple vulnerabilities
2023-08-23 00:00:00
electron25 -- multiple vulnerabilities
2023-08-23 00:00:00
githubexploit
githubexploit
Exploit for CVE-2023-4363
2023-09-11 14:09:48
Exploit for CVE-2023-4357
2023-11-17 10:32:31
Exploit for Improper Input Validation in Google Chrome
2023-11-21 05:39:15
mscve
mscve
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
2023-08-21 07:00:00
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
2023-08-21 07:00:00
Chromium: CVE-2023-4357 Insufficient validation of untrusted input in XML
2023-08-21 07:00:00
cve
cve
CVE-2023-38158
2023-08-21 20:15:08
CVE-2023-36787
2023-08-21 20:15:08
CVE-2023-4357
2023-08-15 18:15:12
prion
prion
Information disclosure
2023-08-21 20:15:00
Privilege escalation
2023-08-21 20:15:00
Input validation
2023-08-15 18:15:00
nvd
nvd
CVE-2023-38158
2023-08-21 20:15:08
CVE-2023-36787
2023-08-21 20:15:08
CVE-2023-4366
2023-08-15 18:15:13
cnvd
cnvd
Microsoft Edge Elevation of Privilege Vulnerability (CNVD-2023-76761)
2023-08-19 00:00:00
Google Chrome Input Validation Error Vulnerability (CNVD-2023-65155)
2023-08-17 00:00:00
Google Chrome Extensions Memory Misreference Vulnerability (CNVD-2023-65152)
2023-08-17 00:00:00
cvelist
cvelist
CVE-2023-36787 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
2023-08-21 19:04:29
CVE-2023-38158 Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
2023-08-21 19:04:16
CVE-2023-4364
2023-08-15 17:07:13
vulnrichment
vulnrichment
CVE-2023-36787 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
2023-08-21 19:04:29
CVE-2023-4357
2023-08-15 17:07:12
CVE-2023-4353
2023-08-15 17:07:11
ubuntucve
ubuntucve
CVE-2023-4366
2023-08-15 00:00:00
CVE-2023-2312
2023-08-15 00:00:00
CVE-2023-4354
2023-08-15 00:00:00
debiancve
debiancve
CVE-2023-4356
2023-08-15 18:15:12
CVE-2023-4364
2023-08-15 18:15:13
CVE-2023-4366
2023-08-15 18:15:13
veracode
veracode
Use After Free
2023-08-22 16:11:51
Use-After-Free
2023-08-23 14:55:08
Denial Of Service (DoS)
2023-08-22 16:11:38
alpinelinux
alpinelinux
CVE-2023-4354
2023-08-15 18:15:11
CVE-2023-4362
2023-08-15 18:15:13

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

10

Confidence

High

EPSS

0.006

Percentile

78.8%

JSON
Related for KLA52367
chrome1nessus11debian1openvas5osv18kaspersky3fedora2freebsd3githubexploit6mscve17cve18prion18nvd18cnvd6cvelist18vulnrichment3ubuntucve16debiancve16veracode17alpinelinux2