CVE-2022-26891 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

These vulnerabilities were originally discovered by Dawid Golunski. Microsoft has assigned IDs 208898, 208988, and 209037 to these vulnerabilities. Microsoft Edge displays a cross-site scripting (XSS) vulnerability when editing a certain web address in the New Tab page of Microsoft Edge. This issue occurs when the web address contains JavaScript code that executes in the context of the currently editing tab. An attacker can use this vulnerability to execute malicious code and steal data through the context of the currently editing tab. Microsoft has assigned the following CVE IDs to this vulnerability: These vulnerabilities were originally discovered by Dawid Golunsks. Microsoft has assigned IDs 208898, 208988, and 209037 to these vulnerabilities. Microsoft Edge displays a cross-site scripting (XSS) vulnerability when editing a certain web address in the New Tab page of Microsoft Edge. This issue occurs when the web address contains JavaScript code that executes in the context of the currently editing tab. An attacker can use this vulnerability to execute malicious code and steal data through the context of the currently editing tab. Microsoft has assigned the following CVE IDs to this vulnerability: CVE-2022-26902

CVE-2022-26892

CVE-2022-26903

CVE-2022-26893

CVE-2022-26904

CVE-2022-26891

CVE-2022-26905

CVE-2022-26906

Microsoft Edge Information Disclosure

Microsoft Edge is susceptible to information disclosure vulnerabilities. This vulnerability occurs when Microsoft Edge improperly discloses memory contents to the current page. An attacker can use this to steal data from the browser or its cached data in the event that a user visits a specially crafted web page. These vulnerabilities have been assigned CVE IDs:
These vulnerabilities were originally discovered by Dawid Golunskis. Microsoft has assigned IDs 208898, 208988, and 209037 to these vulnerabilities. Microsoft Edge is susceptible to information disclosure vulnerabilities. This vulnerability occurs when Microsoft Edge improperly discloses memory contents to the current page. An attacker can use this to steal data from the browser or its cached data in the event that a user visits a specially crafted web page. These vulnerabilities have been assigned CVE IDs: CVE-2022-26897
CVE-2022-26908
CVE-2022-26909

Microsoft Edge CVE-2022 Vulnerability - Chunked Transfer Encoding Remote Code Execution

The Microsoft Edge browser has a remote code execution vulnerability in the Chunked Transfer Encoding (CTE) implementation. This issue occurs when a user navigates content on a webpage with CTE enabled and triggers an interaction with specially crafted content on another domain. An attacker could exploit this vulnerability to run malicious code in the context of the currently editing tab. Microsoft has assigned the following CVE IDs to this vulnerability: These vulnerabilities were originally discovered by Dawid Golunski. Microsoft has assigned IDs 208898, 208988, and 209037 to these vulnerabilities. The Microsoft Edge browser has a remote code execution vulnerability in the Chunked Transfer Encoding (CTE) implementation. This issue occurs when a user navigates content on a webpage with CTE enabled and triggers an interaction with specially crafted content on another domain. An attacker could exploit this vulnerability to run malicious code in the context of the currently editing tab. Microsoft has assigned the following CVE IDs to this vulnerability: CVE-2022-26897

CVE-2022-26905

CVE-2022-26906

Microsoft Edge Memory Corruption Vulnerability

Microsoft Edge Memory Corruption Vulnerability
A vulnerability exists when Microsoft Edge improperly handles objects in memory. This allows an attacker to corrupt memory, resulting in the execution of arbitrary code within the context of the current user. The issue is triggered when certain objects in memory are manipulated by a malicious script.

Microsoft Edge CVEs

Microsoft Edge CVEs: 208898, 208988, and 209037.

Microsoft Edge and ChakraCore Denial of Service Vulnerabilities

These vulnerabilities were originally discovered by Dawid Golunski. Microsoft has assigned IDs 208898, 208988, and 209037 to these vulnerabilities. Microsoft Edge and ChakraCore Denial of Service Vulnerabilities occur when the web browser Microsoft Edge or ChakraCore encounters a malformed website that contains code that causes the browser to crash. This issue can potentially cause a denial of service condition for users of Microsoft Edge or ChakraCore. Microsoft has assigned the following CVE IDs to this vulnerability:
CVE-2022-26889

CVE-2022-26890

CVE-2022-26901

Timeline

Published on: 04/05/2022 20:15:00 UTC
Last modified on: 08/15/2022 11:19:00 UTC

References

• https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26891
• https://security.gentoo.org/glsa/202208-25
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-26891