Описание
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
FAQ
According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?
This vulnerability requires a user to open a Web Archive file with spoofed origin of the web content in the affected version of Microsoft Edge (Chromium-based).
According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H) but have no effect on integrity (I:N) or on availability (A:N). What does that mean for this vulnerability?
An attacker who successfully exploited the vulnerability could view sensitive information (Confidentiality). While the attacker can not make changes to disclosed information (Integrity) and limit access to the resource (Availability).
What kind of security feature could be bypassed by successfully exploiting this vulnerability?
Attacker who succesfully exploit this vulnerability could cause the Edge browser to share addditional stored cookie when using the share feature.
What is the version information for this release?
| Microsoft Edge Version | Date Released | Based on Chromium Version |
|---|---|---|
| 115.0.1901.200 | 8/07/2023 | 115.0.5790.170/.171 |
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
DOS
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Уязвимость браузера Microsoft Edge, связанная с ошибками в настройках безопасности, позволяющая нарушителю обойти существующие ограничения безопасности
EPSS
6.5 Medium
CVSS3