Severity
Medium
Analysis Summary
CVE-2023-28261 CVSS:6.1
Microsoft Edge (Chromium-based) could allow a local authenticated attacker to gain elevated privileges on the system. By winning a race condition, an attacker could exploit this vulnerability to elevate privileges to SYSTEM assigned integrity level.
CVE-2023-28286 CVSS:6.1
Microsoft Edge could allow a remote attacker to bypass security restrictions. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security feature to cause impact on confidentiality and integrity.
Impact
- Privilege Escalation
- Security Bypass
Indicators Of Compromise
CVE
- CVE-2023-28261
- CVE-2023-28286
Affected Vendors
Microsoft
Affected Products
- Microsoft Edge (Chromium-based) 111.0
- Microsoft Edge (Chromium-based) Extended Stable 110.0
- Microsoft Edge (Chromium-based)
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.