Home / Threat Intelligence bulletins / Microsoft discloses actively exploited vulnerability

Target Industry

Indiscriminate, opportunistic targeting.


Microsoft has disclosed a vulnerability in Edge, tracked as CVE-2023-2136, which could allow a remote threat actor to trigger remote code execution on the targeted system. At the time of writing, the security flaw is being actively exploited in the wild and has emerged due to an integer overflow in Skia.


Successful exploitation of CVE-2023-2136 could allow a remote threat actor to potentially perform a sandbox escape via a crafted HTML page.

Vulnerability Detection

Microsoft has released a patch for the vulnerability. As such, previous versions are vulnerable to potential exploit.

Affected Products

– Microsoft Edge (Chromium Version) prior to 112.0.1722.54 / Microsoft Edge version 9112.0.1722.54

Containment, Mitigations & Remediations

It is strongly recommended that users apply the update for the Microsoft Edge (Chromium) version 112.0.1722.54 or later.

Indicators of Compromise

No specific Indicators of Compromise (IoCs) are available at this time.

Threat Landscape

Microsoft Edge occupies a significant proportion of the web browser market share. Given that threat actors generally utilise a combination of probability and asset value to determine which attack surfaces to focus on, Microsoft products have become a prime target for threat actors. Due to the fact that web browsers have become an integral aspect of both personal and business affairs, threat actors will continue to exploit vulnerabilities contained within the associated products in an attempt to extract the sensitive information contained therein.

Threat Group

No attribution to specific threat actors or groups has been identified at the time of writing.

Mitre Methodologies

Discovery/Defense Evasion Technique:

T1497 – Virtualization/Sandbox Evasion

Further Information

Microsoft Advisory

Intelligence Terminology Yardstick