CVE-2024-26246

Опубликовано: 14 мар. 2024

Источник: msrc

CVSS3: 3.9

EPSS Низкий

Описание

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

FAQ

What kind of security feature could be bypassed by successfully exploiting this vulnerability?

An attacker who successfully exploited this could bypass the Edge AutoFill Protection feature

According to the CVSS metric, the attack vector is physical (AV:P), user interaction is required (UI:R), and privileges required is high (PR:H). What does that mean for this vulnerability?

An authorized attacker with physical access to a victim's unsecured Android phone must use the autofill feature on Edge Android to access victim's saved credentials.

Microsoft Edge Channel	Microsoft Edge Version	Date Released	Based on Chromium Version
Stable	122.0.2365.92	3/14/2024	122.0.6261.128/.129
Extended Stable	122.0.2365.92	3/14/2024	122.0.6261.128/.129

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Less Likely

Older Software Release

Exploitation Less Likely

DOS

N/A

EPSS

Процентиль: 52%

0.00293

Низкий

3.9 Low

CVSS3

Связанные уязвимости

CVE-2024-26246

CVSS3: 3.9

nvd

почти 2 года назад

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

GHSA-pxv9-wjf4-mr7m

CVSS3: 3.9

github

почти 2 года назад

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

BDU:2024-02643

CVSS3: 3.9

fstec

почти 2 года назад

Уязвимость браузера Microsoft Edge для Android, связанная с недостатками контроля доступа, позволяющая нарушителю обойти существующие ограничения безопасности

EPSS

Процентиль: 52%

0.00293

Низкий

3.9 Low

CVSS3