Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability — CVE-2022-33638

Summary

Advisory CVE-2022-33638. Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Vendor: Microsoft. Source: MSRC. Threat: high. CVSS 8.3. See the official advisory for details.

What to do

General, cautious steps (verify details in the official source):

• Prioritize patching or mitigation immediately (treat as actively risky).
• Identify affected product versions in your inventory and verify whether you are impacted.
• Apply vendor patches/updates or recommended mitigations as soon as available.
• Read the official advisory for exact affected versions and remediation steps.

Official advisory

Read the official source

Related advisories

• A Denial of Service flaw was discovered in Elasticsearch. Using this vulnerability an unauthenticated attacker could forcibly shut down an Elasticsearch node with a specifically formatted network request. CVE-2022-23712
• A flaw out of bounds memory write in the Linux kernel UDF file system functionality was found in the way user triggers some file operation which triggers udf_write_fi(). A local user could use this flaw to crash the system or potentially CVE-2022-1943
• A memory leak (out-of-memory) in gif2rgb in util/gif2rgb.c in giflib 5.1.4 allows remote attackers trigger an out of memory exception or denial of service via a gif format file. CVE-2021-40633
• A use after free in the Linux kernel File System notify functionality was found in the way user triggers copy_info_records_to_user() call to fail in copy_event_to_user(). A local user could use this flaw to crash the system or potentially escalate their privileges on the system. CVE-2022-1998
• A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`. CVE-2022-27778
• An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead. CVE-2022-27775
• An issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms. There is a buffer overflow in ptrace PEEKUSER and POKEUSER (aka PEEKUSR and POKEUSR) when accessing floating point registers. CVE-2022-32981
• AV1 Video Extension Remote Code Execution Vulnerability CVE-2022-30167
• AV1 Video Extension Remote Code Execution Vulnerability CVE-2022-30193
• Azure RTOS GUIX Studio Information Disclosure Vulnerability CVE-2022-30180
• Azure RTOS GUIX Studio Remote Code Execution Vulnerability CVE-2022-30177
• Azure RTOS GUIX Studio Remote Code Execution Vulnerability CVE-2022-30178