Login Sign Up

CVE-2023-33143

7.5 HIGH

📋 TL;DR

This vulnerability in Microsoft Edge (Chromium-based) allows attackers to gain elevated privileges on affected systems. It affects users running vulnerable versions of Microsoft Edge on Windows systems. Successful exploitation could enable attackers to execute arbitrary code with higher privileges than intended.

💻 Affected Systems

Products:
  • Microsoft Edge (Chromium-based)
Versions: Versions prior to 114.0.1823.37
Operating Systems: Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, Windows Server 2022
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects Chromium-based Edge, not legacy EdgeHTML-based versions.

📦 What is this software?

Edge Chromium by Microsoft

View all CVEs affecting Edge Chromium →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker gains SYSTEM-level privileges, enabling complete system compromise, data theft, and persistent backdoor installation.

🟠

Likely Case

Attacker gains elevated user privileges, enabling lateral movement, credential theft, and installation of additional malware.

🟢

If Mitigated

With proper patch management and least privilege principles, impact is limited to isolated browser compromise without system-wide escalation.

🌐 Internet-Facing: MEDIUM - Requires user interaction (visiting malicious site) but can be delivered via web content.
🏢 Internal Only: MEDIUM - Internal users could be targeted via phishing or compromised internal sites.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires user interaction (visiting malicious website) and specific conditions to trigger privilege escalation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 114.0.1823.37 and later

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33143

Restart Required: Yes

Instructions:

1. Open Microsoft Edge. 2. Click Settings (three dots) → Help and feedback → About Microsoft Edge. 3. Browser will automatically check for and install updates. 4. Restart Edge when prompted.

🔧 Temporary Workarounds

Disable Edge via Group Policy

windows

Temporarily disable Microsoft Edge while awaiting patch deployment

gpedit.msc → Computer Configuration → Administrative Templates → Windows Components → Microsoft Edge → Set 'Allow Microsoft Edge to start and load the Start and New Tab page at Windows startup, and each time Microsoft Edge is closed' to Disabled

Use alternative browser

all

Switch to alternative browser until Edge is patched

🧯 If You Can't Patch

  • Implement application whitelisting to prevent unauthorized Edge execution
  • Configure Edge to run in sandboxed mode with reduced privileges

🔍 How to Verify

Check if Vulnerable:

Open Edge → Settings → About Microsoft Edge → Check if version is below 114.0.1823.37

Check Version:

msedge --version

Verify Fix Applied:

Open Edge → Settings → About Microsoft Edge → Confirm version is 114.0.1823.37 or higher

📡 Detection & Monitoring

Log Indicators:

  • Windows Event Logs: Security logs showing unexpected privilege escalation
  • Edge crash reports with suspicious memory patterns

Network Indicators:

  • Unusual outbound connections from Edge process
  • Traffic to known exploit hosting domains

SIEM Query:

source="Windows Security" EventID=4688 ProcessName="msedge.exe" AND NewProcessName contains "SYSTEM" OR "Administrator"

📊 Metadata

CVE ID: CVE-2023-33143
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:H
Published: June 3, 2023
Last Updated: January 1, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON