Update Your Microsoft Edge Now! Critical Vulnerabilities Patched – CVE-2023-35618

Microsoft has released a critical security update for its Edge browser. This update addresses multiple vulnerabilities that could be exploited by attackers to gain access to your system, steal sensitive information, or even take control of your computer.

CVE-2023-35618

What are the vulnerabilities?

The update patches three vulnerabilities:

  • CVE-2023-38174 (CVSS score of 4.3): This vulnerability could allow attackers to disclose limited information about your system. While no sensitive information is at risk, it’s still important to patch this vulnerability to prevent attackers from gaining any foothold.
  • CVE-2023-35618 (CVSS score of 9.6): This vulnerability is much more serious. It could allow attackers to escape the browser’s sandbox and gain elevated privileges on your system. This could allow them to install malware, steal your data, or even take complete control of your computer.
  • CVE-2023-36880 (CVSS score of 4.8):  This vulnerability is similar to CVE-2023-38174 in that it could allow attackers to disclose limited information. However, successful exploitation of this vulnerability requires additional effort from the attacker, making it less likely to be exploited.

What should you do?

While the information disclosed by CVE-2023-38174 and CVE-2023-36880 is limited and not considered sensitive, CVE-2023-35618 poses a significant risk. If exploited, this vulnerability could allow an attacker to take control of your system and steal your data.

It is critical that you update your Microsoft Edge browser to the latest version (120.0.2210.61) as soon as possible. To update your browser, follow these steps:

  1. Open Microsoft Edge.
  2. Click the three dots in the top right corner of the browser window.
  3. Select Help and feedback > About Microsoft Edge.
  4. Microsoft Edge will automatically check for updates. If an update is available, it will be downloaded and installed automatically.