Описание
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
FAQ
According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?
The user would have to click on a specially crafted URL to be compromised by the attacker.
According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?
This vulnerability could lead to a browser sandbox escape.
According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?
Integrity is impacted as XSS allows an attacker to add their malicious script to fetch victim's sensitive info or to change DOM execution.
According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this vulnerability?
Limited information from the victim's browser associated with the vulnerable URL can be sent to the attacker by the malicious code.
What kind of security feature could be bypassed by successfully exploiting this vulnerability?
An attacker who successfully exploited this vulnerability could bypass the permissions dialog feature prompt presented to users when initiating a download.
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
EPSS
6.1 Medium
CVSS3
Связанные уязвимости
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Уязвимость браузера Microsoft Edge, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю обойти ограничения безопасности и осуществлять межсайтовые сценарные атаки
EPSS
6.1 Medium
CVSS3