Описание
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
FAQ
What is the version information for this release?
| Microsoft Edge Channel | Microsoft Edge Version | Based on Chromium Version | Date Released |
|---|---|---|---|
| Stable | 113.0.1774.35 | 113.0.5672.63/.64 | 5/5/2023 |
| Extended Stable | 112.0.1722.71 | 112.0.5615.179 | 5/4/2023 |
According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?
The user would have to click on a specially crafted URL to be compromised by the attacker.
According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of Integrity (I:L)? What does that mean for this vulnerability?
Attacker is able to bypass Content Security Policy (CSP) and Pop-up blocker this this vulnerability, but cannot modify additional content of the browser itself.
According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?
This vulnerability could lead to a browser iFrame sandbox escape, but not a full browser sandbox escape.
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
DOS
EPSS
4.7 Medium
CVSS3
Связанные уязвимости
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Уязвимость браузера Microsoft Edge, связанная с использованием памяти после ее освобождения, позволяющая нарушителю обойти ограничения безопасности
EPSS
4.7 Medium
CVSS3