Microsoft has published Security Update Guide entries for multiple Microsoft Edge (Chromium-based) elevation of privilege vulnerabilities, including CVE-2022-30127, CVE-2023-36027, and CVE-2024-21388. The advisories indicate that separate privilege-escalation issues have been identified in the browser across multiple release cycles, reinforcing Edge as a recurring target for flaws that could allow an attacker to gain higher privileges on an affected system.
While the referenced advisories provide limited public technical detail, the affected product and vulnerability class are consistent across all entries: Elevation of Privilege in Chromium-based Edge. Organizations using Microsoft Edge should review the corresponding Security Update Guide records, verify that browser updates have been applied across endpoints, and prioritize remediation because privilege-escalation bugs can increase the impact of other compromises by helping attackers move from initial code execution or user-level access to more powerful system permissions.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
3 events from the most recent confirmed update back to the earliest known activity.
Microsoft released a Security Update Guide entry for CVE-2024-21388, an elevation of privilege vulnerability affecting Microsoft Edge (Chromium-based).
Microsoft published Security Update Guide entries for CVE-2023-36027, describing an elevation of privilege vulnerability in Microsoft Edge (Chromium-based). The portal and product advisory references reflect the same disclosure event.
Microsoft released a Security Update Guide entry for CVE-2022-30127, an elevation of privilege vulnerability affecting Microsoft Edge (Chromium-based).
4 references tracked. Mallory keeps watching after this page renders.
msrc.microsoft.com
Open sourceportal.msrc.microsoft.com
Open sourcemsrc.microsoft.com
Open sourcemsrc.microsoft.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.