The new Microsoft Edge is based on Chromium and was released on January 15, 2020. It is compatible with all supported versions of Windows, and macOS.
Background: In Chromium, a renderer doesn’t run in the main browser’s process. Different sites will run in different renderers who have different processes. Last year it found flaw occurred. CVE-2022-1134 – bug got remote code execution in Chrome renderer. The bug exists in the super inline cache (SuperIC) feature.
Edge and Chrome are both built on the Chromium open-source browser using the Blink rendering engine
CVE-2023-21796: Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21795.
CVE-2023-21795: Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21796.
CVE-2023-21775: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVE-2023-21719: Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Official announcement: See URL for details – https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
Since no details release by vendor. But think it over, in Chromium, a renderer doesn’t run in the main browser’s process. Different sites will run in different renderers who have different processes. However if there is Remote Code Execution Vulnerability happened (similar CVE-2022-1134). Then the impact will be different.
The flaw display in diagram so called type confusion vulnerability. When a memory buffer is accessed using the wrong type, it could read or write memory out of the bounds of the buffer, if the allocated buffer is smaller than the type that the code is attempting to access, leading to a crash and possibly code execution. Then Exploiting this flaw to get a Privileged Shell.