CVE-2022-33639 – This vulnerability in Microsoft Edge (Chromium-... (How to Fix)

Q: What is the severity of CVE-2022-33639?

CVE-2022-33639 has a CVSS score of 8.3 (HIGH). This vulnerability in Microsoft Edge (Chromium-based) allows an attacker to gain elevated privileges on a compromised system. It affects users running vulnerable versions of Microsoft Edge on Windows systems. Successful exploitation could lead to complete system compromise.

📋 TL;DR

This vulnerability in Microsoft Edge (Chromium-based) allows an attacker to gain elevated privileges on a compromised system. It affects users running vulnerable versions of Microsoft Edge on Windows systems. Successful exploitation could lead to complete system compromise.

💻 Affected Systems

Products:

Microsoft Edge (Chromium-based)

Versions: Versions prior to 104.0.1293.47

Operating Systems: Windows 10, Windows 11, Windows Server 2019, Windows Server 2022

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Chromium-based Microsoft Edge, not legacy EdgeHTML-based versions.

📦 What is this software?

Edge Chromium by Microsoft

View all CVEs affecting Edge Chromium →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system takeover with administrative privileges, allowing installation of malware, data theft, and persistence mechanisms.

🟠

Likely Case

Local privilege escalation enabling attackers to bypass security controls, access sensitive data, or execute arbitrary code with higher privileges.

🟢

If Mitigated

Limited impact if proper patch management and endpoint security controls are in place, though initial compromise could still occur.

🌐 Internet-Facing: LOW

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access or initial compromise to exploit. No public exploit code available as of knowledge cutoff.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 104.0.1293.47 or later

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33639

Restart Required: Yes

Instructions:

1. Open Microsoft Edge. 2. Click Settings (three dots) → Help and feedback → About Microsoft Edge. 3. Browser will automatically check for and install updates. 4. Restart Edge when prompted.

🔧 Temporary Workarounds

Disable Microsoft Edge

windows

Temporarily disable Microsoft Edge if patching is not immediately possible

🧯 If You Can't Patch

Restrict user privileges to standard user accounts only
Implement application whitelisting to prevent unauthorized execution

🔍 How to Verify

Check if Vulnerable:

Open Microsoft Edge → Settings → Help and feedback → About Microsoft Edge. Check if version is below 104.0.1293.47.

Check Version:

msedge --version

Verify Fix Applied:

Verify Microsoft Edge version is 104.0.1293.47 or higher in About Microsoft Edge page.

📡 Detection & Monitoring

Log Indicators:

Unusual Edge process spawning with elevated privileges
Edge crash reports with suspicious patterns

SIEM Query:

Process creation where parent_process contains 'msedge.exe' and integrity_level changes

📊 Metadata

CVE ID: CVE-2022-33639

CVSS v3 Score: 8.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Published: June 29, 2022

Last Updated: January 2, 2025

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33639
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33639 Patch,Vendor Advisory
https://security.gentoo.org/glsa/202208-25 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON